Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Internet Explorer & Firefox hijacked/crashing and unable to intall


  • This topic is locked This topic is locked

#1
smileysmile

smileysmile

    Member

  • Member
  • PipPip
  • 17 posts
Hi - My problem seems similar - though not exactly the same - as a couple of those already posted on this forum recently .

Internet Explorer appears to have been highjacked and keeps diverting to http://holopotoroeodo.epac.to/info.php?avted=1&n=265 (to(epac.to)) whilst Firefox crashes straight after opening. Chrome is still working, thankfully, but seems much slower than normal as does the whole system.

No other programs appear to be affected, though I am prevented from downloading Malawarebytes (and possibly some other applications) and I receive this Error Message when that occurs:

Setup was unable to create the directory
"C:\Users\Colin\AppData\Local\Temp\is-0JVIQ.tmp" (though the last 5 letters before .tmp are different each time.)
Error 5 - Access is denied.

I have run a scan for "All Users" in OTL and have pasted the scan results below. Any help would be greatly appreciated!

Many thanks,

Colin

___________________________________________________________________________________________________________________________-



OTL logfile created on: 02/07/2012 01:40:46 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Colin\Desktop\Downloads\DOWNLOADS FROM JULY 2011
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 41.70% Memory free
7.17 Gb Paging File | 5.17 Gb Available in Paging File | 72.05% Paging File free
Paging file location(s): c:\pagefile.sys 4408 4408 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.56 Gb Total Space | 110.06 Gb Free Space | 38.14% Space Free | Partition Type: NTFS

Computer Name: COLIN-VAIO | User Name: Colin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Colin\Desktop\Downloads\DOWNLOADS FROM JULY 2011\OTL (1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe ()
PRC - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.57\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Users\Colin\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Colin\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll ()
MOD - C:\Users\Colin\AppData\Local\Google\Chrome\Application\20.0.1132.47\libglesv2.dll ()
MOD - C:\Users\Colin\AppData\Local\Google\Chrome\Application\20.0.1132.47\libegl.dll ()
MOD - C:\Users\Colin\AppData\Local\Google\Chrome\Application\20.0.1132.47\avutil-51.dll ()
MOD - C:\Users\Colin\AppData\Local\Google\Chrome\Application\20.0.1132.47\avformat-54.dll ()
MOD - C:\Users\Colin\AppData\Local\Google\Chrome\Application\20.0.1132.47\avcodec-54.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (SolutoService) -- C:\Program Files\Soluto\SolutoService.exe (Soluto)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (VUAgent) -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
SRV:64bit: - (SNMP) -- C:\Windows\SysNative\snmp.exe (Microsoft Corporation)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (VSNService) -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
SRV:64bit: - (FcsNapSha) -- C:\Windows\SysNative\FcsNapSha.exe (Microsoft Corporation)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (RtkAudioService) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor)
SRV:64bit: - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV:64bit: - (VcmINSMgr) -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
SRV:64bit: - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (TlntSvr) -- C:\Windows\SysNative\tlntsvr.exe (Microsoft Corporation)
SRV:64bit: - (simptcp) -- C:\Windows\SysNative\TCPSVCS.EXE (Microsoft Corporation)
SRV:64bit: - (CISVC) -- C:\Windows\SysNative\CISVC.EXE (Microsoft Corporation)
SRV:64bit: - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)
SRV:64bit: - (lxcf_device) -- C:\Windows\SysNative\lxcfcoms.exe ( )
SRV - (vToolbarUpdater11.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (HssTrayService) -- C:\Program Files (x86)\Hotspot Shield\bin\HSSTrayService.exe ()
SRV - (hshld) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe ()
SRV - (HssWd) -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe ()
SRV - (AdvancedSystemCareService5) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (IMFservice) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (HssSrv) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (PCCUJobMgr) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.57\ccSvcHst.exe (Symantec Corporation)
SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.57\SymcPCCULaunchSvc.exe (Symantec Corporation)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (SNMP) -- C:\Windows\SysWOW64\snmp.exe (Microsoft Corporation)
SRV - (FirebirdGuardianDefaultInstance) -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe (Firebird Project)
SRV - (FirebirdServerDefaultInstance) -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe (Firebird Project)
SRV - (VmbService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe (Vodafone)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (McSysmon) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (sdCoreService) -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (SOHPlMgr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (SOHDBSvr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (simptcp) -- C:\Windows\SysWOW64\TCPSVCS.EXE (Microsoft Corporation)
SRV - (Roxio Upnp Server 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (lxcf_device) -- C:\Windows\SysWOW64\lxcfcoms.exe ( )


========== Driver Services (SafeList) ==========

DRV:64bit: - (82644766) -- C:\Windows\SysNative\drivers\82644766.sys (Kaspersky Lab ZAO)
DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\drivers\SWDUMon.sys ()
DRV:64bit: - (Soluto) -- C:\Windows\SysNative\drivers\Soluto.sys (Soluto LTD.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (HssDrv) -- C:\Windows\SysNative\drivers\HssDrv.sys (AnchorFree Inc.)
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (Avgfwfd) -- C:\Windows\SysNative\drivers\avgfwd6a.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (ZTEusbwwan) -- C:\Windows\SysNative\drivers\ZTEusbwwan.sys (ZTE Incorporated)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys ()
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (ZTEusbvoice) -- C:\Windows\SysNative\drivers\zteusbvoice.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (MBB Incorporated)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (vodafone_K380x-z_dc_enum) -- C:\Windows\SysNative\drivers\vodafone_K380x-z_dc_enum.sys (Vodafone)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Btcsrusb) -- C:\Windows\SysNative\drivers\btcusb.sys (IVT Corporation.)
DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys (McAfee, Inc.)
DRV:64bit: - (CbFs) -- C:\Windows\SysNative\drivers\cbfs.sys (EldoS Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (PCTCore) -- C:\Windows\SysNative\drivers\PCTCore64.sys (PC Tools)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (BthAvrcp) -- C:\Windows\SysNative\drivers\BthAvrcp.sys (CSR, plc)
DRV:64bit: - (IntcHdmiAddService) Intel® -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel® Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (risdptsk) -- C:\Windows\SysNative\drivers\risdsn64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimssn64.sys (REDC)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (Dot4Scan) -- C:\Windows\SysNative\drivers\Dot4Scan.sys (Microsoft Corporation)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (netw5v64) Intel® -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (MPFP) -- C:\Windows\SysNative\drivers\Mpfp.sys (McAfee, Inc.)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (csr_a2dp) -- C:\Windows\SysNative\drivers\bthav.sys (CSR, plc)
DRV:64bit: - (emAudio) -- C:\Windows\SysNative\drivers\emAudio64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (DCamUSBEMPIA) -- C:\Windows\SysNative\drivers\emDevice64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (FiltUSBEMPIA) -- C:\Windows\SysNative\drivers\emFilter64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (ScanUSBEMPIA) -- C:\Windows\SysNative\drivers\emScan64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (MarvinBus) -- C:\Windows\SysNative\drivers\MarvinBus64.sys (Pinnacle Systems GmbH)
DRV - (UrlFilter) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys (IObit.com)
DRV - (RegFilter) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys (IObit.com)
DRV - (FileMonitor) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys (IObit)
DRV - (PfFilter) -- C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys (IObit Information Technology)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsof...obby/search.asp
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....p://www.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsof...arch/search.asp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsof...obby/search.asp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{099EF85B-3260-4b87-9239-33355EE6A548}: "URL" = http://results.myway...r={searchTerms}
IE - HKLM\..\SearchScopes\{09BF01E0-CFE9-4104-B0BB-B5724D999A05}: "URL" = http://slirsredirect...hromesbox-en-uk
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2475029
IE - HKLM\..\SearchScopes\{fb72f1bd-a2f1-47eb-8f13-2c6dcd65516f}: "URL" = http://search.mywebs...r={searchTerms}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mystart.com?pr=photopos2_0
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?rd=1
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4A BE 43 1D 61 5B CB 01 [binary data]
IE - HKU\.DEFAULT\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {3D41F773-C2A2-4541-8F58-DF94FA1311D3}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes\{3D41F773-C2A2-4541-8F58-DF94FA1311D3}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKU\.DEFAULT\..\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}: "URL" = http://www.questscan...s={searchTerms}
IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\.DEFAULT\..\SearchScopes\{fb72f1bd-a2f1-47eb-8f13-2c6dcd65516f}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mystart.com?pr=photopos2_0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?rd=1
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4A BE 43 1D 61 5B CB 01 [binary data]
IE - HKU\S-1-5-18\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {3D41F773-C2A2-4541-8F58-DF94FA1311D3}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-18\..\SearchScopes\{3D41F773-C2A2-4541-8F58-DF94FA1311D3}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKU\S-1-5-18\..\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}: "URL" = http://www.questscan...s={searchTerms}
IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-18\..\SearchScopes\{fb72f1bd-a2f1-47eb-8f13-2c6dcd65516f}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Colin\Favorites\Downloads\FOOTBALL BETTING SOFTWARE
IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - No CLSID value found
IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000ff37ac3727
IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\..\SearchScopes\{1FA59C26-EE75-485B-819E-FCF6191B2EB3}: "URL" = http://search.condui...&ctid=CT1561552
IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\..\SearchScopes\{2282A0CE-B42D-4BE2-97DF-98322F665385}: "URL" = http://visualsearch....q={searchTerms}
IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\..\SearchScopes\{4C8B3851-05E2-4660-B181-72840E5785F3}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\..\SearchScopes\{6BC079BB-5474-4CD2-A048-905E648B6E21}: "URL" = http://uk.search.yah...p={searchTerms}
IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\..\SearchScopes\{6F8D3DBD-C0AB-4ACE-9E22-6A4CA4EF8E67}: "URL" = http://www.google.co...rchTerms}&meta=
IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\..\SearchScopes\{861E8928-6140-4CB5-8DF7-7E7E9FD7EA98}: "URL" = http://websearch.ask...apn_dtid=OSJ000
IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-06-30 20:58:29&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...540501721747738
IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\..\SearchScopes\{E36AC8FA-77B0-4E67-9AB8-B1F9E88AAF31}: "URL" = http://services.zini...}&rf=sonyslices
IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\..\SearchScopes\{fb72f1bd-a2f1-47eb-8f13-2c6dcd65516f}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com Search"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://search.babylo...0000ff37ac3727"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.3
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.3
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.3.1
FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.1.3
FF - prefs.js..extensions.enabledItems: {45e16761-660c-41a4-984f-56986fba2137}:1.0.2
FF - prefs.js..extensions.enabledItems: {5C46D283-ABDE-4dce-B83C-08881401921C}:2.1.6
FF - prefs.js..extensions.enabledItems: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.4.14
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.95
FF - prefs.js..extensions.enabledItems: {c95a4e8e-816d-4655-8c79-d736da1adb6d}:3.7.0.6
FF - prefs.js..extensions.enabledItems: {d5ea4520-61a1-11da-8cd6-0800200c9a66}:2009.07.19
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.1
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:3.7.0.6
FF - prefs.js..extensions.enabledItems: {5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8}:2.0
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.67
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.24
FF - prefs.js..keyword.URL: "http://search.babylo...0ff37ac3727&q="
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.socks_version: 4
FF - prefs.js..network.proxy.type: 2


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files (x86)\FunWebProducts\Installr\1.bin\NPFunWeb.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Colin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Colin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2011/02/12 13:37:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2010/05/01 01:57:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/05 22:00:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2011/12/28 00:25:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/06/30 20:58:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/06/30 20:54:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/06/30 20:58:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/19 10:51:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/19 22:40:39 | 000,000,000 | ---D | M]

[2012/07/01 11:44:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Colin\AppData\Roaming\mozilla\Extensions
[2011/11/09 04:27:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Colin\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/05/22 22:15:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Colin\AppData\Roaming\mozilla\Extensions\[email protected]
[2012/07/01 21:44:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\t98nhymg.default\extensions
[2011/10/13 09:36:52 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\t98nhymg.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2011/10/13 09:36:47 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\t98nhymg.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2011/03/21 20:57:01 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\t98nhymg.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2011/11/09 00:13:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\t98nhymg.default\extensions\{90eee664-34b1-422a-a782-779af65cdf6d}-trash
[2011/10/13 09:36:42 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\t98nhymg.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/10/09 18:39:00 | 000,000,000 | ---D | M] (QuickProxy) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\t98nhymg.default\extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66}
[2012/06/06 22:20:39 | 000,000,000 | ---D | M] (ReImage Helper) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\t98nhymg.default\extensions\[email protected]
[2011/11/20 12:18:26 | 000,000,000 | ---D | M] (FDislike) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\t98nhymg.default\extensions\[email protected]
[2011/07/02 21:48:16 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\t98nhymg.default\extensions\[email protected]
[2011/10/13 09:36:58 | 000,000,000 | ---D | M] (Shareaholic) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\t98nhymg.default\extensions\[email protected]
[2012/06/30 20:09:30 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\t98nhymg.default\extensions\[email protected]
[2011/10/13 09:36:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\t98nhymg.default\extensions\[email protected]\chrome
[2011/10/13 09:36:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\t98nhymg.default\extensions\[email protected]\defaults
[2011/11/17 20:25:44 | 000,002,333 | ---- | M] () -- C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\t98nhymg.default\searchplugins\askcom.xml
[2012/02/27 11:11:29 | 000,002,306 | ---- | M] () -- C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\t98nhymg.default\searchplugins\askcomsearch.xml
[2010/12/15 16:12:32 | 000,000,923 | ---- | M] () -- C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\t98nhymg.default\searchplugins\conduit.xml
[2011/03/20 23:36:33 | 000,002,207 | ---- | M] () -- C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\t98nhymg.default\searchplugins\MyStart Search.xml
[2010/10/11 17:21:08 | 000,010,017 | ---- | M] () -- C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\t98nhymg.default\searchplugins\mywebsearch.xml
[2011/12/22 07:31:34 | 000,002,519 | ---- | M] () -- C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\t98nhymg.default\searchplugins\Search_Results.xml
[2012/07/01 11:44:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/19 10:51:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/02/27 11:10:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/04/29 21:00:28 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2012/07/01 11:42:44 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2011/11/25 05:38:18 | 000,623,219 | ---- | M] () (No name found) -- C:\USERS\COLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T98NHYMG.DEFAULT\EXTENSIONS\[email protected]
[2011/11/05 08:10:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/19 10:42:57 | 000,025,560 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll
[2011/11/19 10:42:58 | 000,140,760 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll
[2010/10/13 23:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2012/02/27 11:09:49 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/19 10:43:01 | 000,067,032 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll
[2006/10/27 04:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL
[2012/03/26 16:41:34 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2011/12/05 22:00:13 | 000,150,696 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll
[2010/11/01 22:57:26 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
[2010/11/01 22:57:27 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
[2010/11/01 22:57:27 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
[2010/11/01 22:57:27 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
[2010/11/01 22:57:28 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
[2010/11/01 22:57:28 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll
[2010/11/01 22:57:29 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll
[2011/12/05 22:02:46 | 000,011,776 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll
[2011/12/05 21:59:05 | 000,107,008 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll
[2011/11/05 04:44:20 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/10/11 18:45:01 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
[2012/06/30 20:58:18 | 000,003,748 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/06/30 20:10:00 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011/11/05 04:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/05 04:44:20 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/10/11 18:45:01 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
[2011/11/05 04:44:20 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/11/05 04:32:18 | 000,002,364 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2011/12/22 07:31:34 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2011/11/05 04:32:18 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2011/11/05 04:44:20 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml
[2012/02/14 14:00:04 | 000,000,894 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Colin\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Colin\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Colin\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Colin\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: The Guardian = C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\amckaikgfcndaokapfcedicfmagoghlg\1.7.2_0\
CHR - Extension: Wunderlist = C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjliknjliaohjgjajlgolhijphojjdkc\1.0.2_0\
CHR - Extension: ReImage Browser Helper = C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmdfpnpdmnjaffhcdbobdjpolhpacaem\1.0.5_0\
CHR - Extension: AVG Safe Search = C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\
CHR - Extension: RoboForm Lite = C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kidhjpmgjfbkmcfpfakmdddddgfbhahj\3.2.0_0\
CHR - Extension: AVG Do Not Track = C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\

O1 HOSTS File: ([2012/07/02 01:22:02 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110125133743.dll (McAfee, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (BrowserHelper Class) - {EDF48A39-1442-463F-9F4E-F376A78D034A} - C:\Program Files (x86)\Livedrive\LivedriveExplorerExtensions.dll (Livedrive Internet Ltd)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110125133743.dll (McAfee, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (ReImage Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\ReImageCompanion\updatebhoWin32.dll ( )
O2 - BHO: (ReImage Browser Helper) - {a0e8bc7d-6959-40b6-8e05-204d9768ad6e} - C:\Program Files (x86)\ReImageCompanion\jsloader.dll (ReImage)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - !{D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\..\Toolbar\WebBrowser: (no name) - {0002EE26-8C11-49EB-9CDF-56EEFFEF664F} - No CLSID value found.
O3 - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\.DEFAULT..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-18..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-247563849-1891965759-2374117565-1000..\Run: [RIMDeviceManager] C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe (Research In Motion Limited)
O4 - HKLM..\RunOnce: [OTM] C:\Users\Colin\Desktop\Downloads\DOWNLOADS FROM JULY 2011\OTM.exe (OldTimer Tools)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_82644766.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Clear Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComClearFields.html ()
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Identities Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html ()
O8:64bit: - Extra context menu item: Logoff - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComLogoff.html ()
O8:64bit: - Extra context menu item: Passcards Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditPass.html ()
O8:64bit: - Extra context menu item: Password Generator - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html ()
O8:64bit: - Extra context menu item: Reset Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComResetFields.html ()
O8:64bit: - Extra context menu item: RoboForm Options - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComOptions.html ()
O8:64bit: - Extra context menu item: RoboForm TaskBar Icon - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Safenotes Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditNote.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Set Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSetFields.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Clear Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComClearFields.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Identities Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html ()
O8 - Extra context menu item: Logoff - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComLogoff.html ()
O8 - Extra context menu item: Passcards Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditPass.html ()
O8 - Extra context menu item: Password Generator - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html ()
O8 - Extra context menu item: Reset Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComResetFields.html ()
O8 - Extra context menu item: RoboForm Options - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComOptions.html ()
O8 - Extra context menu item: RoboForm TaskBar Icon - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Safenotes Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditNote.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Set Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSetFields.html ()
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\..Trusted Domains: google.com ([mail] https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Value error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...40320.363287037 (Update Class)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.bl...re/AxLoader.cab (RIM AxLoader)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valu...ashax/iefax.cab (Flash Casino Helper Control)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../PCPitStop2.cab (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37AC3727-0134-4EE1-95FD-A8B4B2A3119B}: NameServer = 10.73.152.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AD2AAC8-8A36-4590-84E6-260F6CF5030E}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E71868B7-EED6-40BE-9356-C83791F0C615}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\base64 - No CLSID value found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\chrome - No CLSID value found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\prox - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\ReImageCompanion\tdataprotocol.dll (reimage)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\ReImageCompanion\tdataprotocol.dll (reimage)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\ReImageCompanion\tdataprotocol.dll (reimage)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{58f62c09-600d-11e0-8d10-0024beb0198e}\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/02 01:21:58 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/07/02 01:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/07/01 22:31:21 | 000,000,000 | ---D | C] -- C:\Users\Colin\Desktop\erunt
[2012/07/01 22:20:01 | 000,000,000 | ---D | C] -- C:\Users\Colin\Desktop\Fix Malware
[2012/07/01 20:52:28 | 000,000,000 | ---D | C] -- C:\Users\Colin\Desktop\GooredFix Backups
[2012/07/01 20:06:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/07/01 20:04:24 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\82644766.sys
[2012/07/01 12:28:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2012/07/01 12:05:45 | 019,551,736 | ---- | C] (IObit ) -- C:\Users\Colin\Desktop\imf-setup.exe
[2012/06/30 21:00:09 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Roaming\AVG2012
[2012/06/30 20:59:21 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Local\AVG Secure Search
[2012/06/30 20:58:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/06/30 20:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/06/30 20:58:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/06/30 20:58:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/06/30 20:57:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/06/30 20:56:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012/06/30 20:53:36 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/06/30 20:53:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2012/06/30 20:13:06 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Local\Macromedia
[2012/06/30 20:12:20 | 000,000,000 | ---D | C] -- C:\ProgramData\hssff
[2012/06/30 20:12:04 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Local\Zoom_Downloader
[2012/06/30 20:09:39 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Roaming\Babylon
[2012/06/30 20:09:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/06/30 20:09:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2012/06/30 20:09:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/06/30 19:47:42 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/06/30 19:44:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/06/30 19:39:16 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/06/28 19:55:00 | 000,000,000 | ---D | C] -- C:\Users\Colin\Desktop\[email protected]
[2012/06/28 14:06:04 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/06/28 14:06:04 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/06/28 01:40:51 | 000,000,000 | --SD | C] -- C:\Users\Colin\Google Drive
[2012/06/28 01:32:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2012/06/25 17:06:59 | 000,000,000 | ---D | C] -- C:\Users\Colin\Documents\New folder (8)
[2012/06/25 16:48:53 | 000,000,000 | ---D | C] -- C:\Users\Colin\Documents\Usenet.nl
[2012/06/25 16:48:52 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Roaming\Usenet.nl
[2012/06/25 16:48:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Usenet.nl
[2012/06/25 16:48:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Usenet.nl
[2012/06/25 14:13:35 | 000,000,000 | ---D | C] -- C:\Users\Colin\Desktop\LADBROKES GMAIL_files
[2012/06/23 11:13:00 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/23 11:13:00 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/23 11:13:00 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/23 11:12:31 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/23 11:12:31 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/23 11:12:30 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/23 11:11:54 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/23 11:11:54 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/13 19:02:38 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/13 19:02:38 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/13 19:02:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/13 19:02:36 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/13 19:02:34 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/13 19:02:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/13 19:02:33 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/13 19:02:33 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/13 19:02:30 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/13 19:02:30 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/13 19:02:29 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/13 19:02:28 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/13 19:02:28 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/13 17:40:46 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/13 17:40:46 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/13 17:40:45 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/13 17:40:34 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/13 17:40:31 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/13 17:40:30 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/13 17:12:48 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/13 17:11:51 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/13 17:11:49 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/06/06 23:41:36 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BlackBerry
[2012/06/06 22:21:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
[2012/06/06 22:21:26 | 000,000,000 | ---D | C] -- C:\rei
[2012/06/06 22:21:12 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2012/06/06 22:20:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ReImageCompanion
[2012/06/06 21:39:41 | 000,000,000 | ---D | C] -- C:\MATS
[2012/06/06 11:13:44 | 000,000,000 | ---D | C] -- C:\8b96cd66e904b54a5771d097
[2012/06/06 02:13:55 | 000,000,000 | ---D | C] -- C:\BLUETOOTH JUNE 2012
[2012/06/06 02:13:50 | 000,000,000 | ---D | C] -- C:\New folder (2)
[2012/06/06 02:12:55 | 000,000,000 | ---D | C] -- C:\Users\Colin\Documents\Blueooth drivers etc June 2012
[2012/06/06 00:14:10 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Local\SlimWare Utilities Inc
[2012/06/06 00:13:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2012/06/05 23:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Drivers For Free
[2012/06/05 23:14:19 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Local\Drivers_For_Free
[2012/06/05 23:13:58 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Roaming\Drivers For Free
[2012/06/05 20:29:09 | 000,000,000 | ---D | C] -- C:\VAIO
[2012/06/05 20:23:02 | 000,000,000 | ---D | C] -- C:\New folder
[2012/06/04 15:35:49 | 000,000,000 | ---D | C] -- C:\Users\Colin\Desktop\BLACKBERRY TRANSFERS
[2012/06/04 14:16:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion
[2012/06/04 14:15:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\XCPCSync.OEM
[2012/06/04 10:20:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Deployment Toolkit
[2012/06/04 10:20:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Deployment Toolkit

========== Files - Modified Within 30 Days ==========

[2012/07/02 01:59:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/02 01:27:03 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-247563849-1891965759-2374117565-1000UA.job
[2012/07/02 01:26:25 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/02 01:24:47 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/02 01:24:47 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/02 01:22:02 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/07/02 01:20:57 | 000,873,490 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/02 01:20:57 | 000,732,570 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/02 01:20:57 | 000,149,348 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/02 01:15:11 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012/07/02 01:12:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/02 01:12:43 | 2311,335,936 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/01 20:47:31 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\82644766.sys
[2012/07/01 20:32:59 | 000,513,320 | ---- | M] () -- C:\Users\Colin\Desktop\erunt.zip
[2012/07/01 20:06:25 | 000,001,008 | ---- | M] () -- C:\Users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_82644766.lnk
[2012/07/01 18:52:07 | 000,022,740 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/07/01 18:00:00 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2012/07/01 12:28:07 | 000,001,133 | ---- | M] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2012/07/01 12:16:49 | 000,001,099 | ---- | M] () -- C:\Users\Colin\Desktop\IObit - Shortcut.lnk
[2012/07/01 12:05:48 | 019,551,736 | ---- | M] (IObit ) -- C:\Users\Colin\Desktop\imf-setup.exe
[2012/07/01 11:48:09 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/07/01 11:28:37 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-247563849-1891965759-2374117565-1000Core.job
[2012/07/01 11:25:20 | 100,891,471 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/06/30 20:58:45 | 000,000,925 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/06/30 20:56:44 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/06/30 20:56:44 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/06/30 20:10:13 | 000,000,250 | ---- | M] () -- C:\user.js
[2012/06/30 01:11:15 | 000,005,828 | ---- | M] () -- C:\Users\Colin\Desktop\Default_EXE.reg
[2012/06/30 01:08:33 | 000,024,433 | ---- | M] () -- C:\Users\Colin\Desktop\error code 5.JPG
[2012/06/30 01:08:01 | 000,000,235 | ---- | M] () -- C:\Users\Colin\Desktop\is-2CPQ7 tmp file addres.rtf
[2012/06/29 16:44:51 | 000,000,133 | ---- | M] () -- C:\Users\Colin\Desktop\Today's Racecards Sporting Life - Horse Racing News Live Racing Results, Racecards, Live Betting Shows.url
[2012/06/28 19:49:36 | 000,003,727 | ---- | M] () -- C:\Users\Colin\Desktop\[email protected]
[2012/06/28 14:06:04 | 000,514,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/06/28 14:06:04 | 000,366,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/06/28 04:47:00 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
[2012/06/28 03:09:37 | 000,075,387 | ---- | M] () -- C:\Users\Colin\Desktop\Usenet cancellation 2.JPG
[2012/06/28 01:40:52 | 000,001,707 | ---- | M] () -- C:\Users\Colin\Desktop\Google Drive.lnk
[2012/06/25 16:53:34 | 000,001,849 | ---- | M] () -- C:\Users\Colin\Desktop\Usenet.nl.lnk
[2012/06/25 14:13:35 | 000,011,609 | ---- | M] () -- C:\Users\Colin\Desktop\LADBROKES GMAIL.htm
[2012/06/25 14:03:21 | 000,000,202 | ---- | M] () -- C:\Users\Colin\Desktop\EMPLOYEE SURVEY.url
[2012/06/24 15:45:59 | 000,000,236 | ---- | M] () -- C:\Users\Colin\Desktop\Special Audiobook Download Offer Downloadable Audio Books, iPhone, Android and Digital Audio Books Audible Audiobooks Audible.co.uk.url
[2012/06/23 11:59:46 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/23 11:59:46 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/19 22:40:40 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/06/13 19:55:58 | 000,546,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/11 15:21:11 | 000,001,118 | ---- | M] () -- C:\Users\Colin\Desktop\Ladbrokes - Shortcut.lnk
[2012/06/10 22:19:34 | 000,007,168 | -H-- | M] () -- C:\Users\Colin\Desktop\photothumb.db
[2012/06/10 22:00:00 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2012/06/10 21:43:41 | 000,000,344 | ---- | M] () -- C:\Users\Colin\Desktop\Google Accounts.url
[2012/06/06 23:58:56 | 000,068,527 | ---- | M] () -- C:\Users\Colin\Desktop\BlackBerry Desktop Software readme.rtf
[2012/06/06 23:24:05 | 000,002,865 | ---- | M] () -- C:\Users\Colin\Desktop\BlackBerry - Shortcut (2).lnk
[2012/06/06 22:22:17 | 000,000,286 | ---- | M] () -- C:\Windows\reimage.ini
[2012/06/06 18:18:44 | 000,000,355 | ---- | M] () -- C:\Users\Colin\Computer - Shortcut.lnk
[2012/06/06 10:18:29 | 000,000,123 | ---- | M] () -- C:\Users\Colin\Desktop\Microsoft Fix it.url
[2012/06/06 04:58:11 | 000,015,672 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2012/06/06 00:20:24 | 000,000,162 | -H-- | M] () -- C:\Users\Colin\Desktop\~$IO DRIVERS FOR DISK READER ETC.rtf
[2012/06/05 23:07:03 | 000,004,871 | ---- | M] () -- C:\Users\Colin\Desktop\VAIO DRIVERS FOR DISK READER ETC.rtf
[2012/06/05 17:29:36 | 000,006,936 | ---- | M] () -- C:\Users\Colin\Desktop\cc_20120605_172927.reg
[2012/06/05 15:32:33 | 000,007,621 | ---- | M] () -- C:\Users\Colin\AppData\Local\resmon.resmoncfg
[2012/06/04 18:07:44 | 000,002,191 | ---- | M] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
[2012/06/04 01:34:27 | 000,000,218 | ---- | M] () -- C:\Users\Colin\Desktop\Back To The Noose by Jak Paxton Song Free Music, Listen Now.url
[2012/06/02 23:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/02 23:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/02 23:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/02 23:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/02 23:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/02 23:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe

========== Files Created - No Company Name ==========

[2012/07/01 20:33:07 | 000,513,320 | ---- | C] () -- C:\Users\Colin\Desktop\erunt.zip
[2012/07/01 20:06:25 | 000,001,008 | ---- | C] () -- C:\Users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_82644766.lnk
[2012/07/01 18:52:05 | 000,022,740 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/07/01 12:28:07 | 000,001,133 | ---- | C] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2012/07/01 12:16:49 | 000,001,099 | ---- | C] () -- C:\Users\Colin\Desktop\IObit - Shortcut.lnk
[2012/07/01 11:25:20 | 100,891,471 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/06/30 20:58:45 | 000,000,925 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/06/30 20:56:44 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/06/30 20:56:44 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/06/30 20:10:11 | 000,000,250 | ---- | C] () -- C:\user.js
[2012/06/30 01:11:33 | 000,005,828 | ---- | C] () -- C:\Users\Colin\Desktop\Default_EXE.reg
[2012/06/30 01:08:32 | 000,024,433 | ---- | C] () -- C:\Users\Colin\Desktop\error code 5.JPG
[2012/06/30 01:08:01 | 000,000,235 | ---- | C] () -- C:\Users\Colin\Desktop\is-2CPQ7 tmp file addres.rtf
[2012/06/29 16:44:51 | 000,000,133 | ---- | C] () -- C:\Users\Colin\Desktop\Today's Racecards Sporting Life - Horse Racing News Live Racing Results, Racecards, Live Betting Shows.url
[2012/06/28 19:49:56 | 000,003,727 | ---- | C] () -- C:\Users\Colin\Desktop\[email protected]
[2012/06/28 03:09:37 | 000,075,387 | ---- | C] () -- C:\Users\Colin\Desktop\Usenet cancellation 2.JPG
[2012/06/28 01:40:52 | 000,001,707 | ---- | C] () -- C:\Users\Colin\Desktop\Google Drive.lnk
[2012/06/25 16:48:44 | 000,001,849 | ---- | C] () -- C:\Users\Colin\Desktop\Usenet.nl.lnk
[2012/06/25 14:13:33 | 000,011,609 | ---- | C] () -- C:\Users\Colin\Desktop\LADBROKES GMAIL.htm
[2012/06/25 14:01:48 | 000,000,202 | ---- | C] () -- C:\Users\Colin\Desktop\EMPLOYEE SURVEY.url
[2012/06/24 15:45:59 | 000,000,236 | ---- | C] () -- C:\Users\Colin\Desktop\Special Audiobook Download Offer Downloadable Audio Books, iPhone, Android and Digital Audio Books Audible Audiobooks Audible.co.uk.url
[2012/06/19 22:40:40 | 000,001,974 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/06/10 21:43:41 | 000,000,344 | ---- | C] () -- C:\Users\Colin\Desktop\Google Accounts.url
[2012/06/10 14:55:06 | 000,007,168 | -H-- | C] () -- C:\Users\Colin\Desktop\photothumb.db
[2012/06/10 14:54:06 | 000,000,098 | -HS- | C] () -- C:\Windows\WSYS049.SYS
[2012/06/06 23:58:55 | 000,068,527 | ---- | C] () -- C:\Users\Colin\Desktop\BlackBerry Desktop Software readme.rtf
[2012/06/06 23:24:05 | 000,002,865 | ---- | C] () -- C:\Users\Colin\Desktop\BlackBerry - Shortcut (2).lnk
[2012/06/06 18:18:44 | 000,000,355 | ---- | C] () -- C:\Users\Colin\Computer - Shortcut.lnk
[2012/06/06 10:18:29 | 000,000,123 | ---- | C] () -- C:\Users\Colin\Desktop\Microsoft Fix it.url
[2012/06/06 00:20:24 | 000,000,162 | -H-- | C] () -- C:\Users\Colin\Desktop\~$IO DRIVERS FOR DISK READER ETC.rtf
[2012/06/06 00:14:13 | 000,015,672 | ---- | C] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2012/06/05 20:17:36 | 000,004,871 | ---- | C] () -- C:\Users\Colin\Desktop\VAIO DRIVERS FOR DISK READER ETC.rtf
[2012/06/05 17:29:31 | 000,006,936 | ---- | C] () -- C:\Users\Colin\Desktop\cc_20120605_172927.reg
[2012/06/04 01:34:25 | 000,000,218 | ---- | C] () -- C:\Users\Colin\Desktop\Back To The Noose by Jak Paxton Song Free Music, Listen Now.url
[2011/12/23 00:33:05 | 000,002,496 | ---- | C] () -- C:\Windows\SysWow64\AVRedirector.ini
[2011/12/23 00:33:05 | 000,001,248 | ---- | C] () -- C:\Windows\SysWow64\AVRedirectorOff.ini
[2011/12/12 11:25:40 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/12/07 00:55:54 | 000,159,249 | ---- | C] () -- C:\Windows\Bet wizard Uninstaller.exe
[2011/11/20 23:13:38 | 000,000,189 | ---- | C] () -- C:\Users\Colin\Guitar Tuner @ Chordbook.Com.url
[2011/09/26 22:12:31 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011/08/28 02:17:02 | 000,012,288 | ---- | C] () -- C:\Users\Colin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/03 01:45:38 | 000,704,000 | ---- | C] () -- C:\Windows\is-NAUMG.exe
[2011/07/02 22:31:16 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/07/02 22:31:16 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/07/02 21:55:27 | 000,017,408 | ---- | C] () -- C:\Users\Colin\AppData\Local\WebpageIcons.db
[2011/07/02 01:41:11 | 000,208,178 | ---- | C] () -- C:\Windows\Photo Pos Pro Uninstaller.exe
[2011/06/05 19:41:31 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011/02/27 00:50:51 | 001,503,232 | ---- | C] () -- C:\Windows\SysWow64\ptj.exe
[2011/02/27 00:50:50 | 004,369,408 | ---- | C] () -- C:\Windows\SysWow64\pdftk.exe
[2011/02/27 00:50:50 | 000,235,008 | ---- | C] () -- C:\Windows\SysWow64\office.exe
[2011/01/20 21:40:03 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2011/01/11 21:31:07 | 000,356,197 | ---- | C] () -- C:\Users\Colin\mural-tile.jpg
[2010/12/08 15:42:32 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfinpa.dll
[2010/12/08 15:42:32 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfiesc.dll
[2010/12/08 15:42:32 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcfcomx.dll
[2010/12/08 15:42:32 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\lxcfinst.dll
[2010/12/08 15:42:31 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfpmui.dll
[2010/12/08 15:42:30 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfusb1.dll
[2010/12/08 15:42:29 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfserv.dll
[2010/12/08 15:42:29 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfppls.exe
[2010/12/08 15:42:29 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfprox.dll
[2010/12/08 15:42:29 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfpplc.dll
[2010/12/08 15:42:28 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfhbn3.dll
[2010/12/08 15:42:28 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcflmpm.dll
[2010/12/08 15:42:28 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfcoms.exe
[2010/12/08 15:42:28 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfih.exe
[2010/12/08 15:42:27 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfcomc.dll
[2010/12/08 15:42:27 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfcomm.dll
[2010/12/08 15:42:26 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfcfg.exe
[2010/10/23 04:39:14 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2010/10/19 07:17:01 | 000,000,000 | ---- | C] () -- C:\Users\Colin\AppData\Roaming\wklnhst.dat
[2010/09/24 13:20:39 | 000,127,494 | ---- | C] () -- C:\Users\Colin\cc dots.bmp
[2010/09/24 13:02:37 | 000,018,432 | -H-- | C] () -- C:\Users\Colin\photothumb.db
[2010/09/24 09:46:36 | 000,015,064 | ---- | C] () -- C:\Users\Colin\ear.jpg
[2010/08/11 11:43:50 | 000,159,464 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2010/07/26 14:03:32 | 000,004,096 | -H-- | C] () -- C:\Users\Colin\AppData\Local\keyfile3.drm
[2010/07/18 21:14:55 | 000,000,632 | ---- | C] () -- C:\Users\Colin\ntuser.pol
[2010/07/14 08:24:28 | 000,038,491 | ---- | C] () -- C:\Users\Colin\AppData\Roaming\Comma Separated Values (DOS).ADR
[2010/07/05 13:43:50 | 000,059,074 | ---- | C] () -- C:\Users\Colin\start.class
[2010/07/05 13:43:50 | 000,020,415 | ---- | C] () -- C:\Users\Colin\W800.1bt
[2010/07/05 13:43:50 | 000,009,656 | ---- | C] () -- C:\Users\Colin\g.class
[2010/07/05 13:43:50 | 000,008,916 | ---- | C] () -- C:\Users\Colin\f.class
[2010/07/05 13:43:50 | 000,004,494 | ---- | C] () -- C:\Users\Colin\q.class
[2010/07/05 13:43:50 | 000,003,984 | ---- | C] () -- C:\Users\Colin\b.class
[2010/07/05 13:43:50 | 000,003,374 | ---- | C] () -- C:\Users\Colin\d.class
[2010/07/05 13:43:50 | 000,002,872 | ---- | C] () -- C:\Users\Colin\l.class
[2010/07/05 13:43:50 | 000,002,634 | ---- | C] () -- C:\Users\Colin\k.class
[2010/07/05 13:43:50 | 000,002,521 | ---- | C] () -- C:\Users\Colin\c.class
[2010/07/05 13:43:50 | 000,002,206 | ---- | C] () -- C:\Users\Colin\j.class
[2010/07/05 13:43:50 | 000,002,118 | ---- | C] () -- C:\Users\Colin\i.class
[2010/07/05 13:43:50 | 000,001,950 | ---- | C] () -- C:\Users\Colin\v.class
[2010/07/05 13:43:50 | 000,001,495 | ---- | C] () -- C:\Users\Colin\h.class
[2010/07/05 13:43:50 | 000,001,461 | ---- | C] () -- C:\Users\Colin\u.class
[2010/07/05 13:43:50 | 000,001,445 | ---- | C] () -- C:\Users\Colin\s.class
[2010/07/05 13:43:50 | 000,001,002 | ---- | C] () -- C:\Users\Colin\c
[2010/07/05 13:43:50 | 000,000,959 | ---- | C] () -- C:\Users\Colin\a
[2010/07/05 13:43:50 | 000,000,949 | ---- | C] () -- C:\Users\Colin\r.class
[2010/07/05 13:43:50 | 000,000,884 | ---- | C] () -- C:\Users\Colin\e.class
[2010/07/05 13:43:50 | 000,000,863 | ---- | C] () -- C:\Users\Colin\b
[2010/07/05 13:43:50 | 000,000,839 | ---- | C] () -- C:\Users\Colin\p.class
[2010/07/05 13:43:50 | 000,000,771 | ---- | C] () -- C:\Users\Colin\m.class
[2010/07/05 13:43:50 | 000,000,682 | ---- | C] () -- C:\Users\Colin\n.class
[2010/07/05 13:43:50 | 000,000,113 | ---- | C] () -- C:\Users\Colin\LED
[2010/07/05 13:43:50 | 000,000,095 | ---- | C] () -- C:\Users\Colin\o.class
[2010/07/05 13:43:50 | 000,000,091 | ---- | C] () -- C:\Users\Colin\t.class
[2010/07/05 13:43:50 | 000,000,091 | ---- | C] () -- C:\Users\Colin\a.class
[2010/06/26 09:30:26 | 010,294,792 | ---- | C] () -- C:\Users\Colin\mirror world cup wallchartA3.pdf
[2010/05/29 08:29:40 | 000,113,306 | ---- | C] () -- C:\Users\Colin\Mobile_Phone_Software_Pack_2010_Edition.zip
[2010/05/28 07:36:40 | 000,000,167 | ---- | C] () -- C:\Users\Colin\udownload.dat
[2010/05/22 13:45:57 | 000,005,007 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2010/05/19 06:15:46 | 000,000,359 | ---- | C] () -- C:\Users\Colin\Recycle Bin - Shortcut.lnk
[2010/05/16 12:58:30 | 000,007,621 | ---- | C] () -- C:\Users\Colin\AppData\Local\resmon.resmoncfg
[2010/05/09 01:32:55 | 000,037,704 | ---- | C] () -- C:\Users\Colin\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/05/05 18:08:35 | 000,000,005 | ---- | C] () -- C:\Users\Colin\AppData\Roaming\openList.awt
[2010/05/05 18:08:35 | 000,000,005 | ---- | C] () -- C:\Users\Colin\AppData\Roaming\closedList.awt
[2010/04/08 05:36:40 | 000,893,952 | ---- | C] () -- C:\Users\Colin\opticalillusions01-1-1.pps
[2010/04/06 19:54:15 | 000,152,031 | ---- | C] () -- C:\Users\Colin\Southern Shih Tzu Application form-pdf.pdf
[2010/03/11 17:43:13 | 000,000,009 | ---- | C] () -- C:\Users\Colin\usb003
[2010/03/08 23:07:12 | 000,000,600 | ---- | C] () -- C:\Users\Colin\PUTTY.RND
[2010/02/05 09:35:45 | 001,492,261 | ---- | C] () -- C:\Users\Colin\PJ033236-Pubsclubscombinedpresentation_Final_V1aqua.pdf
[2009/12/10 20:13:48 | 000,000,010 | ---- | C] () -- C:\Users\Colin\USB001
[2009/12/09 05:33:55 | 000,222,942 | ---- | C] () -- C:\Users\Colin\Full page fax print.pdf
[2009/11/02 05:39:39 | 000,255,358 | ---- | C] () -- C:\Users\Colin\13 x 18 cm. cutout prints.pdf
[2009/05/10 17:23:44 | 000,619,939 | ---- | C] () -- C:\Users\Colin\19 Longford Road.pdf
[2008/12/12 17:15:15 | 000,525,668 | ---- | C] () -- C:\Users\Colin\mhtml_mid___00000013_.pdf
[2008/12/12 17:06:20 | 000,019,844 | ---- | C] () -- C:\Users\Colin\Document1.pdf
[2006/01/04 01:00:00 | 000,094,533 | ---- | C] () -- C:\Users\Colin\btscanner.jar

========== LOP Check ==========

[2011/07/26 01:53:25 | 000,000,000 | ---D | M] -- C:\Users\CC\AppData\Roaming\Vodafone
[2011/02/09 22:43:07 | 000,000,000 | -HSD | M] -- C:\Users\Colin\AppData\Roaming\.#
[2012/06/05 16:43:50 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Amazon
[2012/06/30 21:00:09 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\AVG2012
[2011/12/23 00:29:34 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\AVSoftware
[2012/06/30 20:09:39 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Babylon
[2010/10/31 00:46:33 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\BitZipper
[2010/05/22 13:45:58 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Carambis
[2010/05/22 04:01:59 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\DeviceDoctorSoftware
[2010/05/22 06:00:18 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\DriverCure
[2010/05/22 08:37:47 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\DriverFinder
[2012/06/05 23:13:58 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Drivers For Free
[2011/08/29 01:26:08 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\eBookPro6
[2011/02/22 01:30:39 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\FCTB000061107
[2011/07/02 21:32:28 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\FDRLab
[2011/11/29 03:48:10 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\gcaltoolkit
[2010/10/07 00:30:56 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\GetRightToGo
[2011/07/06 01:49:00 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\GlarySoft
[2012/07/01 16:49:45 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\GoodSync
[2011/12/10 20:53:48 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\IObit
[2010/05/05 01:01:22 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\LegalSounds
[2011/06/05 20:10:06 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\MAGIX
[2011/12/28 00:27:50 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Nokia
[2011/12/01 06:59:44 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Paltalk
[2011/01/24 14:42:42 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\ParetoLogic
[2010/10/14 07:12:36 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Participatory Culture Foundation
[2011/12/28 00:27:09 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\PC Suite
[2010/10/19 05:37:00 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\PCF-VLC
[2011/01/02 03:30:30 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\PhotoScape
[2011/12/09 23:06:55 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Research In Motion
[2011/07/06 01:46:41 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Sammsoft
[2010/07/17 01:05:59 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Serif
[2010/10/21 23:10:44 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\SmartDraw
[2012/07/01 12:42:12 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Software Informer
[2012/06/21 19:51:19 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Spotify
[2011/06/05 20:14:22 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\SynthMaker
[2010/07/05 12:03:20 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\TeamViewer
[2010/10/19 07:17:01 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Template
[2011/06/24 08:05:28 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Tific
[2011/05/22 22:15:11 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\TomTom
[2010/05/05 03:29:01 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Trusteer
[2010/05/31 14:33:34 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\TuneUp Software
[2010/06/05 04:01:17 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Uniblue
[2012/06/28 03:09:44 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Usenet.nl
[2011/04/06 21:17:39 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Vodafone
[2011/04/17 19:58:49 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\WhiteSmoke
[2010/12/30 02:45:09 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Windows Live Writer
[2011/12/01 05:55:28 | 000,000,000 | ---D | M] -- C:\Users\Colin Campbell\AppData\Roaming\IObit
[2010/07/24 03:07:14 | 000,000,000 | ---D | M] -- C:\Users\Colin_2\AppData\Roaming\GoodSync
[2010/07/07 23:55:05 | 000,000,000 | ---D | M] -- C:\Users\Colin_2\AppData\Roaming\TuneUp Software
[2011/12/01 05:55:28 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2011/12/01 05:55:28 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
[2010/10/02 16:36:20 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\BitZipper
[2010/10/14 19:42:12 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Software Informer
[2010/10/08 17:28:57 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Trusteer
[2011/06/18 15:17:23 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Vodafone
[2010/10/10 14:01:52 | 000,000,000 | ---D | M] -- C:\Users\owner 2\AppData\Roaming\DriverCure
[2011/01/24 03:26:56 | 000,000,000 | ---D | M] -- C:\Users\owner 2\AppData\Roaming\GoodSync
[2010/10/10 23:49:37 | 000,000,000 | ---D | M] -- C:\Users\owner 2\AppData\Roaming\IObit
[2010/10/10 14:01:52 | 000,000,000 | ---D | M] -- C:\Users\owner 2\AppData\Roaming\ParetoLogic
[2010/10/10 13:43:44 | 000,000,000 | ---D | M] -- C:\Users\owner 2\AppData\Roaming\Trusteer
[2010/10/10 16:14:43 | 000,000,000 | ---D | M] -- C:\Users\owner 2\AppData\Roaming\Uniblue
[2012/07/02 01:15:11 | 000,000,324 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2012/07/01 18:00:00 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
[2012/05/08 08:31:34 | 000,000,494 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
[2012/06/28 04:47:00 | 000,000,404 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor Defrag.job
[2012/04/28 15:13:52 | 000,000,276 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
[2012/05/16 07:47:35 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/06/10 22:00:00 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\SmartDefrag.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:DBC416F8
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:05E9FFE5
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:A3E39C6A

< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
On completion of this could you try the browsers again and let me know the result

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-re...q={searchTerms}
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2475029
    IE - HKLM\..\SearchScopes\{fb72f1bd-a2f1-47eb-8f13-2c6dcd65516f}: "URL" = http://search.mywebs...r={searchTerms}
    IE - HKU\.DEFAULT\..\SearchScopes\{fb72f1bd-a2f1-47eb-8f13-2c6dcd65516f}: "URL" = http://search.mywebs...r={searchTerms}
    IE - HKU\S-1-5-18\..\SearchScopes\{fb72f1bd-a2f1-47eb-8f13-2c6dcd65516f}: "URL" = http://search.mywebs...r={searchTerms}
    IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000ff37ac3727
    IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\..\SearchScopes\{1FA59C26-EE75-485B-819E-FCF6191B2EB3}: "URL" = http://search.condui...&ctid=CT1561552
    IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-re...q={searchTerms}
    IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\..\SearchScopes\{fb72f1bd-a2f1-47eb-8f13-2c6dcd65516f}: "URL" = http://search.mywebs...r={searchTerms}
    FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
    FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
    FF - prefs.js..browser.startup.homepage: "http://search.babylo...0000ff37ac3727"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..keyword.URL: "http://search.babylo...0ff37ac3727&q="
    [2010/10/11 17:21:08 | 000,010,017 | ---- | M] () -- C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\t98nhymg.default\searchplugins\mywebsearch.xml
    [2011/12/22 07:31:34 | 000,002,519 | ---- | M] () -- C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\t98nhymg.default\searchplugins\Search_Results.xml
    [2012/06/30 20:10:00 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - !{D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - !{D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\..\Toolbar\WebBrowser: (no name) - {0002EE26-8C11-49EB-9CDF-56EEFFEF664F} - No CLSID value found.
    O3 - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    [2012/06/30 20:09:39 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Roaming\Babylon
    [2012/06/30 20:09:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
    [2012/06/30 20:09:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
    [2011/02/09 22:43:07 | 000,000,000 | -HSD | M] -- C:\Users\Colin\AppData\Roaming\.#
    [2012/06/30 20:09:39 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Babylon
    [2011/04/17 19:58:49 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\WhiteSmoke

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 4.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
smileysmile

smileysmile

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi there - Thanks for your help on this. I followed your instructions and have pasted the OTL and aswMBR logs below. I have tried Internet Explorer and it is still being diverted but only from Google's web page.

It is now diverting to http://holopotoroeodo.freetcp.com/info.php?avted=1&n=265 / freetcp.com ??. I've changed the home page to Bing temporarily and that appears to be quite stable.

Firefox still crashing as soon as it is opended, but Chrome seems ok.

Regards,

Colin




OTL logfile created on: 02/07/2012 01:40:46 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Colin\Desktop\Downloads\DOWNLOADS FROM JULY 2011
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 41.70% Memory free
7.17 Gb Paging File | 5.17 Gb Available in Paging File | 72.05% Paging File free
Paging file location(s): c:\pagefile.sys 4408 4408 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.56 Gb Total Space | 110.06 Gb Free Space | 38.14% Space Free | Partition Type: NTFS

Computer Name: COLIN-VAIO | User Name: Colin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Colin\Desktop\Downloads\DOWNLOADS FROM JULY 2011\OTL (1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe ()
PRC - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.57\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Users\Colin\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Colin\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll ()
MOD - C:\Users\Colin\AppData\Local\Google\Chrome\Application\20.0.1132.47\libglesv2.dll ()
MOD - C:\Users\Colin\AppData\Local\Google\Chrome\Application\20.0.1132.47\libegl.dll ()
MOD - C:\Users\Colin\AppData\Local\Google\Chrome\Application\20.0.1132.47\avutil-51.dll ()
MOD - C:\Users\Colin\AppData\Local\Google\Chrome\Application\20.0.1132.47\avformat-54.dll ()
MOD - C:\Users\Colin\AppData\Local\Google\Chrome\Application\20.0.1132.47\avcodec-54.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (SolutoService) -- C:\Program Files\Soluto\SolutoService.exe (Soluto)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (VUAgent) -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
SRV:64bit: - (SNMP) -- C:\Windows\SysNative\snmp.exe (Microsoft Corporation)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (VSNService) -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
SRV:64bit: - (FcsNapSha) -- C:\Windows\SysNative\FcsNapSha.exe (Microsoft Corporation)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (RtkAudioService) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor)
SRV:64bit: - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV:64bit: - (VcmINSMgr) -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
SRV:64bit: - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (TlntSvr) -- C:\Windows\SysNative\tlntsvr.exe (Microsoft Corporation)
SRV:64bit: - (simptcp) -- C:\Windows\SysNative\TCPSVCS.EXE (Microsoft Corporation)
SRV:64bit: - (CISVC) -- C:\Windows\SysNative\CISVC.EXE (Microsoft Corporation)
SRV:64bit: - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)
SRV:64bit: - (lxcf_device) -- C:\Windows\SysNative\lxcfcoms.exe ( )
SRV - (vToolbarUpdater11.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (HssTrayService) -- C:\Program Files (x86)\Hotspot Shield\bin\HSSTrayService.exe ()
SRV - (hshld) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe ()
SRV - (HssWd) -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe ()
SRV - (AdvancedSystemCareService5) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (IMFservice) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (HssSrv) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (PCCUJobMgr) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.57\ccSvcHst.exe (Symantec Corporation)
SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.57\SymcPCCULaunchSvc.exe (Symantec Corporation)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (SNMP) -- C:\Windows\SysWOW64\snmp.exe (Microsoft Corporation)
SRV - (FirebirdGuardianDefaultInstance) -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe (Firebird Project)
SRV - (FirebirdServerDefaultInstance) -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe (Firebird Project)
SRV - (VmbService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe (Vodafone)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (McSysmon) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (sdCoreService) -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (SOHPlMgr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (SOHDBSvr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (simptcp) -- C:\Windows\SysWOW64\TCPSVCS.EXE (Microsoft Corporation)
SRV - (Roxio Upnp Server 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (lxcf_device) -- C:\Windows\SysWOW64\lxcfcoms.exe ( )


========== Driver Services (SafeList) ==========

DRV:64bit: - (82644766) -- C:\Windows\SysNative\drivers\82644766.sys (Kaspersky Lab ZAO)
DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\drivers\SWDUMon.sys ()
DRV:64bit: - (Soluto) -- C:\Windows\SysNative\drivers\Soluto.sys (Soluto LTD.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (HssDrv) -- C:\Windows\SysNative\drivers\HssDrv.sys (AnchorFree Inc.)
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (Avgfwfd) -- C:\Windows\SysNative\drivers\avgfwd6a.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (ZTEusbwwan) -- C:\Windows\SysNative\drivers\ZTEusbwwan.sys (ZTE Incorporated)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys ()
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (ZTEusbvoice) -- C:\Windows\SysNative\drivers\zteusbvoice.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (MBB Incorporated)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (vodafone_K380x-z_dc_enum) -- C:\Windows\SysNative\drivers\vodafone_K380x-z_dc_enum.sys (Vodafone)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Btcsrusb) -- C:\Windows\SysNative\drivers\btcusb.sys (IVT Corporation.)
DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys (McAfee, Inc.)
DRV:64bit: - (CbFs) -- C:\Windows\SysNative\drivers\cbfs.sys (EldoS Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (PCTCore) -- C:\Windows\SysNative\drivers\PCTCore64.sys (PC Tools)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (BthAvrcp) -- C:\Windows\SysNative\drivers\BthAvrcp.sys (CSR, plc)
DRV:64bit: - (IntcHdmiAddService) Intel® -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel® Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (risdptsk) -- C:\Windows\SysNative\drivers\risdsn64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimssn64.sys (REDC)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (Dot4Scan) -- C:\Windows\SysNative\drivers\Dot4Scan.sys (Microsoft Corporation)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (netw5v64) Intel® -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (MPFP) -- C:\Windows\SysNative\drivers\Mpfp.sys (McAfee, Inc.)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (csr_a2dp) -- C:\Windows\SysNative\drivers\bthav.sys (CSR, plc)
DRV:64bit: - (emAudio) -- C:\Windows\SysNative\drivers\emAudio64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (DCamUSBEMPIA) -- C:\Windows\SysNative\drivers\emDevice64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (FiltUSBEMPIA) -- C:\Windows\SysNative\drivers\emFilter64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (ScanUSBEMPIA) -- C:\Windows\SysNative\drivers\emScan64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (MarvinBus) -- C:\Windows\SysNative\drivers\MarvinBus64.sys (Pinnacle Systems GmbH)
DRV - (UrlFilter) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys (IObit.com)
DRV - (RegFilter) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys (IObit.com)
DRV - (FileMonitor) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys (IObit)
DRV - (PfFilter) -- C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys (IObit Information Technology)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsof...obby/search.asp
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....p://www.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsof...arch/search.asp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsof...obby/search.asp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{099EF85B-3260-4b87-9239-33355EE6A548}: "URL" = http://results.myway...r={searchTerms}
IE - HKLM\..\SearchScopes\{09BF01E0-CFE9-4104-B0BB-B5724D999A05}: "URL" = http://slirsredirect...hromesbox-en-uk
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2475029
IE - HKLM\..\SearchScopes\{fb72f1bd-a2f1-47eb-8f13-2c6dcd65516f}: "URL" = http://search.mywebs...r={searchTerms}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mystart.com?pr=photopos2_0
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?rd=1
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4A BE 43 1D 61 5B CB 01 [binary data]
IE - HKU\.DEFAULT\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {3D41F773-C2A2-4541-8F58-DF94FA1311D3}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes\{3D41F773-C2A2-4541-8F58-DF94FA1311D3}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKU\.DEFAULT\..\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}: "URL" = http://www.questscan...s={searchTerms}
IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\.DEFAULT\..\SearchScopes\{fb72f1bd-a2f1-47eb-8f13-2c6dcd65516f}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mystart.com?pr=photopos2_0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?rd=1
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4A BE 43 1D 61 5B CB 01 [binary data]
IE - HKU\S-1-5-18\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {3D41F773-C2A2-4541-8F58-DF94FA1311D3}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-18\..\SearchScopes\{3D41F773-C2A2-4541-8F58-DF94FA1311D3}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKU\S-1-5-18\..\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}: "URL" = http://www.questscan...s={searchTerms}
IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-18\..\SearchScopes\{fb72f1bd-a2f1-47eb-8f13-2c6dcd65516f}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Colin\Favorites\Downloads\FOOTBALL BETTING SOFTWARE
IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - No CLSID value found
IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000ff37ac3727
IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\..\SearchScopes\{1FA59C26-EE75-485B-819E-FCF6191B2EB3}: "URL" = http://search.condui...&ctid=CT1561552
IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\..\SearchScopes\{2282A0CE-B42D-4BE2-97DF-98322F665385}: "URL" = http://visualsearch....q={searchTerms}
IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\..\SearchScopes\{4C8B3851-05E2-4660-B181-72840E5785F3}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\..\SearchScopes\{6BC079BB-5474-4CD2-A048-905E648B6E21}: "URL" = http://uk.search.yah...p={searchTerms}
IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\..\SearchScopes\{6F8D3DBD-C0AB-4ACE-9E22-6A4CA4EF8E67}: "URL" = http://www.google.co...rchTerms}&meta=
IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\..\SearchScopes\{861E8928-6140-4CB5-8DF7-7E7E9FD7EA98}: "URL" = http://websearch.ask...apn_dtid=OSJ000
IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-06-30 20:58:29&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...540501721747738
IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\..\SearchScopes\{E36AC8FA-77B0-4E67-9AB8-B1F9E88AAF31}: "URL" = http://services.zini...}&rf=sonyslices
IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\..\SearchScopes\{fb72f1bd-a2f1-47eb-8f13-2c6dcd65516f}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com Search"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://search.babylo...0000ff37ac3727"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.3
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.3
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.3.1
FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.1.3
FF - prefs.js..extensions.enabledItems: {45e16761-660c-41a4-984f-56986fba2137}:1.0.2
FF - prefs.js..extensions.enabledItems: {5C46D283-ABDE-4dce-B83C-08881401921C}:2.1.6
FF - prefs.js..extensions.enabledItems: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.4.14
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.95
FF - prefs.js..extensions.enabledItems: {c95a4e8e-816d-4655-8c79-d736da1adb6d}:3.7.0.6
FF - prefs.js..extensions.enabledItems: {d5ea4520-61a1-11da-8cd6-0800200c9a66}:2009.07.19
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.1
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:3.7.0.6
FF - prefs.js..extensions.enabledItems: {5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8}:2.0
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.67
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.24
FF - prefs.js..keyword.URL: "http://search.babylo...0ff37ac3727&q="
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.socks_version: 4
FF - prefs.js..network.proxy.type: 2


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files (x86)\FunWebProducts\Installr\1.bin\NPFunWeb.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Colin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Colin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2011/02/12 13:37:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2010/05/01 01:57:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/05 22:00:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2011/12/28 00:25:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/06/30 20:58:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/06/30 20:54:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg[email protected]: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/06/30 20:58:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/19 10:51:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/19 22:40:39 | 000,000,000 | ---D | M]

[2012/07/01 11:44:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Colin\AppData\Roaming\mozilla\Extensions
[2011/11/09 04:27:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Colin\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/05/22 22:15:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Colin\AppData\Roaming\mozilla\Extensions\[email protected]
[2012/07/01 21:44:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\t98nhymg.default\extensions
[2011/10/13 09:36:52 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\t98nhymg.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2011/10/13 09:36:47 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\t98nhymg.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2011/03/21 20:57:01 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\t98nhymg.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2011/11/09 00:13:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\t98nhymg.default\extensions\{90eee664-34b1-422a-a782-779af65cdf6d}-trash
[2011/10/13 09:36:42 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\t98nhymg.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/10/09 18:39:00 | 000,000,000 | ---D | M] (QuickProxy) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\t98nhymg.default\extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66}
[2012/06/06 22:20:39 | 000,000,000 | ---D | M] (ReImage Helper) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\t98nhymg.default\extensions\[email protected]
[2011/11/20 12:18:26 | 000,000,000 | ---D | M] (FDislike) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\t98nhymg.default\extensions\[email protected]
[2011/07/02 21:48:16 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\t98nhymg.default\extensions\[email protected]
[2011/10/13 09:36:58 | 000,000,000 | ---D | M] (Shareaholic) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\t98nhymg.default\extensions\[email protected]
[2012/06/30 20:09:30 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\t98nhymg.default\extensions\[email protected]
[2011/10/13 09:36:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\t98nhymg.default\extensions\fi[email protected]\chrome
[2011/10/13 09:36:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\t98nhymg.default\extensions\[email protected]\defaults
[2011/11/17 20:25:44 | 000,002,333 | ---- | M] () -- C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\t98nhymg.default\searchplugins\askcom.xml
[2012/02/27 11:11:29 | 000,002,306 | ---- | M] () -- C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\t98nhymg.default\searchplugins\askcomsearch.xml
[2010/12/15 16:12:32 | 000,000,923 | ---- | M] () -- C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\t98nhymg.default\searchplugins\conduit.xml
[2011/03/20 23:36:33 | 000,002,207 | ---- | M] () -- C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\t98nhymg.default\searchplugins\MyStart Search.xml
[2010/10/11 17:21:08 | 000,010,017 | ---- | M] () -- C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\t98nhymg.default\searchplugins\mywebsearch.xml
[2011/12/22 07:31:34 | 000,002,519 | ---- | M] () -- C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\t98nhymg.default\searchplugins\Search_Results.xml
[2012/07/01 11:44:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/19 10:51:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/02/27 11:10:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/04/29 21:00:28 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2012/07/01 11:42:44 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2011/11/25 05:38:18 | 000,623,219 | ---- | M] () (No name found) -- C:\USERS\COLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T98NHYMG.DEFAULT\EXTENSIONS\[email protected]
[2011/11/05 08:10:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/19 10:42:57 | 000,025,560 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll
[2011/11/19 10:42:58 | 000,140,760 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll
[2010/10/13 23:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2012/02/27 11:09:49 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/19 10:43:01 | 000,067,032 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll
[2006/10/27 04:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL
[2012/03/26 16:41:34 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2011/12/05 22:00:13 | 000,150,696 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll
[2010/11/01 22:57:26 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
[2010/11/01 22:57:27 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
[2010/11/01 22:57:27 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
[2010/11/01 22:57:27 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
[2010/11/01 22:57:28 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
[2010/11/01 22:57:28 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll
[2010/11/01 22:57:29 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll
[2011/12/05 22:02:46 | 000,011,776 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll
[2011/12/05 21:59:05 | 000,107,008 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll
[2011/11/05 04:44:20 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/10/11 18:45:01 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
[2012/06/30 20:58:18 | 000,003,748 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/06/30 20:10:00 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011/11/05 04:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/05 04:44:20 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/10/11 18:45:01 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
[2011/11/05 04:44:20 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/11/05 04:32:18 | 000,002,364 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2011/12/22 07:31:34 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2011/11/05 04:32:18 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2011/11/05 04:44:20 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml
[2012/02/14 14:00:04 | 000,000,894 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Colin\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Colin\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Colin\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Colin\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: The Guardian = C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\amckaikgfcndaokapfcedicfmagoghlg\1.7.2_0\
CHR - Extension: Wunderlist = C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjliknjliaohjgjajlgolhijphojjdkc\1.0.2_0\
CHR - Extension: ReImage Browser Helper = C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmdfpnpdmnjaffhcdbobdjpolhpacaem\1.0.5_0\
CHR - Extension: AVG Safe Search = C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\
CHR - Extension: RoboForm Lite = C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kidhjpmgjfbkmcfpfakmdddddgfbhahj\3.2.0_0\
CHR - Extension: AVG Do Not Track = C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\

O1 HOSTS File: ([2012/07/02 01:22:02 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110125133743.dll (McAfee, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (BrowserHelper Class) - {EDF48A39-1442-463F-9F4E-F376A78D034A} - C:\Program Files (x86)\Livedrive\LivedriveExplorerExtensions.dll (Livedrive Internet Ltd)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110125133743.dll (McAfee, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (ReImage Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\ReImageCompanion\updatebhoWin32.dll ( )
O2 - BHO: (ReImage Browser Helper) - {a0e8bc7d-6959-40b6-8e05-204d9768ad6e} - C:\Program Files (x86)\ReImageCompanion\jsloader.dll (ReImage)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - !{D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\..\Toolbar\WebBrowser: (no name) - {0002EE26-8C11-49EB-9CDF-56EEFFEF664F} - No CLSID value found.
O3 - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\.DEFAULT..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-18..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-247563849-1891965759-2374117565-1000..\Run: [RIMDeviceManager] C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe (Research In Motion Limited)
O4 - HKLM..\RunOnce: [OTM] C:\Users\Colin\Desktop\Downloads\DOWNLOADS FROM JULY 2011\OTM.exe (OldTimer Tools)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_82644766.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Clear Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComClearFields.html ()
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Identities Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html ()
O8:64bit: - Extra context menu item: Logoff - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComLogoff.html ()
O8:64bit: - Extra context menu item: Passcards Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditPass.html ()
O8:64bit: - Extra context menu item: Password Generator - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html ()
O8:64bit: - Extra context menu item: Reset Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComResetFields.html ()
O8:64bit: - Extra context menu item: RoboForm Options - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComOptions.html ()
O8:64bit: - Extra context menu item: RoboForm TaskBar Icon - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Safenotes Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditNote.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Set Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSetFields.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Clear Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComClearFields.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Identities Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html ()
O8 - Extra context menu item: Logoff - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComLogoff.html ()
O8 - Extra context menu item: Passcards Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditPass.html ()
O8 - Extra context menu item: Password Generator - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html ()
O8 - Extra context menu item: Reset Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComResetFields.html ()
O8 - Extra context menu item: RoboForm Options - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComOptions.html ()
O8 - Extra context menu item: RoboForm TaskBar Icon - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Safenotes Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditNote.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Set Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSetFields.html ()
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-247563849-1891965759-2374117565-1000\..Trusted Domains: google.com ([mail] https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Value error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...40320.363287037 (Update Class)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.bl...re/AxLoader.cab (RIM AxLoader)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valu...ashax/iefax.cab (Flash Casino Helper Control)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../PCPitStop2.cab (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37AC3727-0134-4EE1-95FD-A8B4B2A3119B}: NameServer = 10.73.152.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AD2AAC8-8A36-4590-84E6-260F6CF5030E}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E71868B7-EED6-40BE-9356-C83791F0C615}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\base64 - No CLSID value found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\chrome - No CLSID value found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\prox - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\ReImageCompanion\tdataprotocol.dll (reimage)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\ReImageCompanion\tdataprotocol.dll (reimage)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\ReImageCompanion\tdataprotocol.dll (reimage)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{58f62c09-600d-11e0-8d10-0024beb0198e}\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/02 01:21:58 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/07/02 01:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/07/01 22:31:21 | 000,000,000 | ---D | C] -- C:\Users\Colin\Desktop\erunt
[2012/07/01 22:20:01 | 000,000,000 | ---D | C] -- C:\Users\Colin\Desktop\Fix Malware
[2012/07/01 20:52:28 | 000,000,000 | ---D | C] -- C:\Users\Colin\Desktop\GooredFix Backups
[2012/07/01 20:06:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/07/01 20:04:24 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\82644766.sys
[2012/07/01 12:28:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2012/07/01 12:05:45 | 019,551,736 | ---- | C] (IObit ) -- C:\Users\Colin\Desktop\imf-setup.exe
[2012/06/30 21:00:09 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Roaming\AVG2012
[2012/06/30 20:59:21 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Local\AVG Secure Search
[2012/06/30 20:58:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/06/30 20:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/06/30 20:58:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/06/30 20:58:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/06/30 20:57:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/06/30 20:56:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012/06/30 20:53:36 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/06/30 20:53:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2012/06/30 20:13:06 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Local\Macromedia
[2012/06/30 20:12:20 | 000,000,000 | ---D | C] -- C:\ProgramData\hssff
[2012/06/30 20:12:04 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Local\Zoom_Downloader
[2012/06/30 20:09:39 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Roaming\Babylon
[2012/06/30 20:09:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/06/30 20:09:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2012/06/30 20:09:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/06/30 19:47:42 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/06/30 19:44:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/06/30 19:39:16 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/06/28 19:55:00 | 000,000,000 | ---D | C] -- C:\Users\Colin\Desktop\[email protected]
[2012/06/28 14:06:04 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/06/28 14:06:04 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/06/28 01:40:51 | 000,000,000 | --SD | C] -- C:\Users\Colin\Google Drive
[2012/06/28 01:32:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2012/06/25 17:06:59 | 000,000,000 | ---D | C] -- C:\Users\Colin\Documents\New folder (8)
[2012/06/25 16:48:53 | 000,000,000 | ---D | C] -- C:\Users\Colin\Documents\Usenet.nl
[2012/06/25 16:48:52 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Roaming\Usenet.nl
[2012/06/25 16:48:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Usenet.nl
[2012/06/25 16:48:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Usenet.nl
[2012/06/25 14:13:35 | 000,000,000 | ---D | C] -- C:\Users\Colin\Desktop\LADBROKES GMAIL_files
[2012/06/23 11:13:00 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/23 11:13:00 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/23 11:13:00 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/23 11:12:31 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/23 11:12:31 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/23 11:12:30 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/23 11:11:54 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/23 11:11:54 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/13 19:02:38 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/13 19:02:38 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/13 19:02:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/13 19:02:36 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/13 19:02:34 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/13 19:02:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/13 19:02:33 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/13 19:02:33 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/13 19:02:30 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/13 19:02:30 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/13 19:02:29 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/13 19:02:28 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/13 19:02:28 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/13 17:40:46 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/13 17:40:46 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/13 17:40:45 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/13 17:40:34 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/13 17:40:31 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/13 17:40:30 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/13 17:12:48 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/13 17:11:51 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/13 17:11:49 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/06/06 23:41:36 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BlackBerry
[2012/06/06 22:21:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
[2012/06/06 22:21:26 | 000,000,000 | ---D | C] -- C:\rei
[2012/06/06 22:21:12 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2012/06/06 22:20:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ReImageCompanion
[2012/06/06 21:39:41 | 000,000,000 | ---D | C] -- C:\MATS
[2012/06/06 11:13:44 | 000,000,000 | ---D | C] -- C:\8b96cd66e904b54a5771d097
[2012/06/06 02:13:55 | 000,000,000 | ---D | C] -- C:\BLUETOOTH JUNE 2012
[2012/06/06 02:13:50 | 000,000,000 | ---D | C] -- C:\New folder (2)
[2012/06/06 02:12:55 | 000,000,000 | ---D | C] -- C:\Users\Colin\Documents\Blueooth drivers etc June 2012
[2012/06/06 00:14:10 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Local\SlimWare Utilities Inc
[2012/06/06 00:13:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2012/06/05 23:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Drivers For Free
[2012/06/05 23:14:19 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Local\Drivers_For_Free
[2012/06/05 23:13:58 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Roaming\Drivers For Free
[2012/06/05 20:29:09 | 000,000,000 | ---D | C] -- C:\VAIO
[2012/06/05 20:23:02 | 000,000,000 | ---D | C] -- C:\New folder
[2012/06/04 15:35:49 | 000,000,000 | ---D | C] -- C:\Users\Colin\Desktop\BLACKBERRY TRANSFERS
[2012/06/04 14:16:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion
[2012/06/04 14:15:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\XCPCSync.OEM
[2012/06/04 10:20:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Deployment Toolkit
[2012/06/04 10:20:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Deployment Toolkit

========== Files - Modified Within 30 Days ==========

[2012/07/02 01:59:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/02 01:27:03 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-247563849-1891965759-2374117565-1000UA.job
[2012/07/02 01:26:25 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/02 01:24:47 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/02 01:24:47 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/02 01:22:02 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/07/02 01:20:57 | 000,873,490 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/02 01:20:57 | 000,732,570 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/02 01:20:57 | 000,149,348 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/02 01:15:11 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012/07/02 01:12:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/02 01:12:43 | 2311,335,936 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/01 20:47:31 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\82644766.sys
[2012/07/01 20:32:59 | 000,513,320 | ---- | M] () -- C:\Users\Colin\Desktop\erunt.zip
[2012/07/01 20:06:25 | 000,001,008 | ---- | M] () -- C:\Users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_82644766.lnk
[2012/07/01 18:52:07 | 000,022,740 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/07/01 18:00:00 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2012/07/01 12:28:07 | 000,001,133 | ---- | M] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2012/07/01 12:16:49 | 000,001,099 | ---- | M] () -- C:\Users\Colin\Desktop\IObit - Shortcut.lnk
[2012/07/01 12:05:48 | 019,551,736 | ---- | M] (IObit ) -- C:\Users\Colin\Desktop\imf-setup.exe
[2012/07/01 11:48:09 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/07/01 11:28:37 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-247563849-1891965759-2374117565-1000Core.job
[2012/07/01 11:25:20 | 100,891,471 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/06/30 20:58:45 | 000,000,925 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/06/30 20:56:44 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/06/30 20:56:44 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/06/30 20:10:13 | 000,000,250 | ---- | M] () -- C:\user.js
[2012/06/30 01:11:15 | 000,005,828 | ---- | M] () -- C:\Users\Colin\Desktop\Default_EXE.reg
[2012/06/30 01:08:33 | 000,024,433 | ---- | M] () -- C:\Users\Colin\Desktop\error code 5.JPG
[2012/06/30 01:08:01 | 000,000,235 | ---- | M] () -- C:\Users\Colin\Desktop\is-2CPQ7 tmp file addres.rtf
[2012/06/29 16:44:51 | 000,000,133 | ---- | M] () -- C:\Users\Colin\Desktop\Today's Racecards Sporting Life - Horse Racing News Live Racing Results, Racecards, Live Betting Shows.url
[2012/06/28 19:49:36 | 000,003,727 | ---- | M] () -- C:\Users\Colin\Desktop\[email protected]
[2012/06/28 14:06:04 | 000,514,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/06/28 14:06:04 | 000,366,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/06/28 04:47:00 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
[2012/06/28 03:09:37 | 000,075,387 | ---- | M] () -- C:\Users\Colin\Desktop\Usenet cancellation 2.JPG
[2012/06/28 01:40:52 | 000,001,707 | ---- | M] () -- C:\Users\Colin\Desktop\Google Drive.lnk
[2012/06/25 16:53:34 | 000,001,849 | ---- | M] () -- C:\Users\Colin\Desktop\Usenet.nl.lnk
[2012/06/25 14:13:35 | 000,011,609 | ---- | M] () -- C:\Users\Colin\Desktop\LADBROKES GMAIL.htm
[2012/06/25 14:03:21 | 000,000,202 | ---- | M] () -- C:\Users\Colin\Desktop\EMPLOYEE SURVEY.url
[2012/06/24 15:45:59 | 000,000,236 | ---- | M] () -- C:\Users\Colin\Desktop\Special Audiobook Download Offer Downloadable Audio Books, iPhone, Android and Digital Audio Books Audible Audiobooks Audible.co.uk.url
[2012/06/23 11:59:46 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/23 11:59:46 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/19 22:40:40 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/06/13 19:55:58 | 000,546,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/11 15:21:11 | 000,001,118 | ---- | M] () -- C:\Users\Colin\Desktop\Ladbrokes - Shortcut.lnk
[2012/06/10 22:19:34 | 000,007,168 | -H-- | M] () -- C:\Users\Colin\Desktop\photothumb.db
[2012/06/10 22:00:00 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2012/06/10 21:43:41 | 000,000,344 | ---- | M] () -- C:\Users\Colin\Desktop\Google Accounts.url
[2012/06/06 23:58:56 | 000,068,527 | ---- | M] () -- C:\Users\Colin\Desktop\BlackBerry Desktop Software readme.rtf
[2012/06/06 23:24:05 | 000,002,865 | ---- | M] () -- C:\Users\Colin\Desktop\BlackBerry - Shortcut (2).lnk
[2012/06/06 22:22:17 | 000,000,286 | ---- | M] () -- C:\Windows\reimage.ini
[2012/06/06 18:18:44 | 000,000,355 | ---- | M] () -- C:\Users\Colin\Computer - Shortcut.lnk
[2012/06/06 10:18:29 | 000,000,123 | ---- | M] () -- C:\Users\Colin\Desktop\Microsoft Fix it.url
[2012/06/06 04:58:11 | 000,015,672 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2012/06/06 00:20:24 | 000,000,162 | -H-- | M] () -- C:\Users\Colin\Desktop\~$IO DRIVERS FOR DISK READER ETC.rtf
[2012/06/05 23:07:03 | 000,004,871 | ---- | M] () -- C:\Users\Colin\Desktop\VAIO DRIVERS FOR DISK READER ETC.rtf
[2012/06/05 17:29:36 | 000,006,936 | ---- | M] () -- C:\Users\Colin\Desktop\cc_20120605_172927.reg
[2012/06/05 15:32:33 | 000,007,621 | ---- | M] () -- C:\Users\Colin\AppData\Local\resmon.resmoncfg
[2012/06/04 18:07:44 | 000,002,191 | ---- | M] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
[2012/06/04 01:34:27 | 000,000,218 | ---- | M] () -- C:\Users\Colin\Desktop\Back To The Noose by Jak Paxton Song Free Music, Listen Now.url
[2012/06/02 23:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/02 23:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/02 23:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/02 23:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/02 23:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/02 23:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe

========== Files Created - No Company Name ==========

[2012/07/01 20:33:07 | 000,513,320 | ---- | C] () -- C:\Users\Colin\Desktop\erunt.zip
[2012/07/01 20:06:25 | 000,001,008 | ---- | C] () -- C:\Users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_82644766.lnk
[2012/07/01 18:52:05 | 000,022,740 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/07/01 12:28:07 | 000,001,133 | ---- | C] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2012/07/01 12:16:49 | 000,001,099 | ---- | C] () -- C:\Users\Colin\Desktop\IObit - Shortcut.lnk
[2012/07/01 11:25:20 | 100,891,471 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/06/30 20:58:45 | 000,000,925 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/06/30 20:56:44 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/06/30 20:56:44 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/06/30 20:10:11 | 000,000,250 | ---- | C] () -- C:\user.js
[2012/06/30 01:11:33 | 000,005,828 | ---- | C] () -- C:\Users\Colin\Desktop\Default_EXE.reg
[2012/06/30 01:08:32 | 000,024,433 | ---- | C] () -- C:\Users\Colin\Desktop\error code 5.JPG
[2012/06/30 01:08:01 | 000,000,235 | ---- | C] () -- C:\Users\Colin\Desktop\is-2CPQ7 tmp file addres.rtf
[2012/06/29 16:44:51 | 000,000,133 | ---- | C] () -- C:\Users\Colin\Desktop\Today's Racecards Sporting Life - Horse Racing News Live Racing Results, Racecards, Live Betting Shows.url
[2012/06/28 19:49:56 | 000,003,727 | ---- | C] () -- C:\Users\Colin\Desktop\[email protected]
[2012/06/28 03:09:37 | 000,075,387 | ---- | C] () -- C:\Users\Colin\Desktop\Usenet cancellation 2.JPG
[2012/06/28 01:40:52 | 000,001,707 | ---- | C] () -- C:\Users\Colin\Desktop\Google Drive.lnk
[2012/06/25 16:48:44 | 000,001,849 | ---- | C] () -- C:\Users\Colin\Desktop\Usenet.nl.lnk
[2012/06/25 14:13:33 | 000,011,609 | ---- | C] () -- C:\Users\Colin\Desktop\LADBROKES GMAIL.htm
[2012/06/25 14:01:48 | 000,000,202 | ---- | C] () -- C:\Users\Colin\Desktop\EMPLOYEE SURVEY.url
[2012/06/24 15:45:59 | 000,000,236 | ---- | C] () -- C:\Users\Colin\Desktop\Special Audiobook Download Offer Downloadable Audio Books, iPhone, Android and Digital Audio Books Audible Audiobooks Audible.co.uk.url
[2012/06/19 22:40:40 | 000,001,974 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/06/10 21:43:41 | 000,000,344 | ---- | C] () -- C:\Users\Colin\Desktop\Google Accounts.url
[2012/06/10 14:55:06 | 000,007,168 | -H-- | C] () -- C:\Users\Colin\Desktop\photothumb.db
[2012/06/10 14:54:06 | 000,000,098 | -HS- | C] () -- C:\Windows\WSYS049.SYS
[2012/06/06 23:58:55 | 000,068,527 | ---- | C] () -- C:\Users\Colin\Desktop\BlackBerry Desktop Software readme.rtf
[2012/06/06 23:24:05 | 000,002,865 | ---- | C] () -- C:\Users\Colin\Desktop\BlackBerry - Shortcut (2).lnk
[2012/06/06 18:18:44 | 000,000,355 | ---- | C] () -- C:\Users\Colin\Computer - Shortcut.lnk
[2012/06/06 10:18:29 | 000,000,123 | ---- | C] () -- C:\Users\Colin\Desktop\Microsoft Fix it.url
[2012/06/06 00:20:24 | 000,000,162 | -H-- | C] () -- C:\Users\Colin\Desktop\~$IO DRIVERS FOR DISK READER ETC.rtf
[2012/06/06 00:14:13 | 000,015,672 | ---- | C] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2012/06/05 20:17:36 | 000,004,871 | ---- | C] () -- C:\Users\Colin\Desktop\VAIO DRIVERS FOR DISK READER ETC.rtf
[2012/06/05 17:29:31 | 000,006,936 | ---- | C] () -- C:\Users\Colin\Desktop\cc_20120605_172927.reg
[2012/06/04 01:34:25 | 000,000,218 | ---- | C] () -- C:\Users\Colin\Desktop\Back To The Noose by Jak Paxton Song Free Music, Listen Now.url
[2011/12/23 00:33:05 | 000,002,496 | ---- | C] () -- C:\Windows\SysWow64\AVRedirector.ini
[2011/12/23 00:33:05 | 000,001,248 | ---- | C] () -- C:\Windows\SysWow64\AVRedirectorOff.ini
[2011/12/12 11:25:40 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/12/07 00:55:54 | 000,159,249 | ---- | C] () -- C:\Windows\Bet wizard Uninstaller.exe
[2011/11/20 23:13:38 | 000,000,189 | ---- | C] () -- C:\Users\Colin\Guitar Tuner @ Chordbook.Com.url
[2011/09/26 22:12:31 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011/08/28 02:17:02 | 000,012,288 | ---- | C] () -- C:\Users\Colin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/03 01:45:38 | 000,704,000 | ---- | C] () -- C:\Windows\is-NAUMG.exe
[2011/07/02 22:31:16 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/07/02 22:31:16 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/07/02 21:55:27 | 000,017,408 | ---- | C] () -- C:\Users\Colin\AppData\Local\WebpageIcons.db
[2011/07/02 01:41:11 | 000,208,178 | ---- | C] () -- C:\Windows\Photo Pos Pro Uninstaller.exe
[2011/06/05 19:41:31 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011/02/27 00:50:51 | 001,503,232 | ---- | C] () -- C:\Windows\SysWow64\ptj.exe
[2011/02/27 00:50:50 | 004,369,408 | ---- | C] () -- C:\Windows\SysWow64\pdftk.exe
[2011/02/27 00:50:50 | 000,235,008 | ---- | C] () -- C:\Windows\SysWow64\office.exe
[2011/01/20 21:40:03 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2011/01/11 21:31:07 | 000,356,197 | ---- | C] () -- C:\Users\Colin\mural-tile.jpg
[2010/12/08 15:42:32 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfinpa.dll
[2010/12/08 15:42:32 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfiesc.dll
[2010/12/08 15:42:32 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcfcomx.dll
[2010/12/08 15:42:32 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\lxcfinst.dll
[2010/12/08 15:42:31 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfpmui.dll
[2010/12/08 15:42:30 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfusb1.dll
[2010/12/08 15:42:29 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfserv.dll
[2010/12/08 15:42:29 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfppls.exe
[2010/12/08 15:42:29 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfprox.dll
[2010/12/08 15:42:29 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfpplc.dll
[2010/12/08 15:42:28 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfhbn3.dll
[2010/12/08 15:42:28 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcflmpm.dll
[2010/12/08 15:42:28 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfcoms.exe
[2010/12/08 15:42:28 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfih.exe
[2010/12/08 15:42:27 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfcomc.dll
[2010/12/08 15:42:27 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfcomm.dll
[2010/12/08 15:42:26 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfcfg.exe
[2010/10/23 04:39:14 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2010/10/19 07:17:01 | 000,000,000 | ---- | C] () -- C:\Users\Colin\AppData\Roaming\wklnhst.dat
[2010/09/24 13:20:39 | 000,127,494 | ---- | C] () -- C:\Users\Colin\cc dots.bmp
[2010/09/24 13:02:37 | 000,018,432 | -H-- | C] () -- C:\Users\Colin\photothumb.db
[2010/09/24 09:46:36 | 000,015,064 | ---- | C] () -- C:\Users\Colin\ear.jpg
[2010/08/11 11:43:50 | 000,159,464 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2010/07/26 14:03:32 | 000,004,096 | -H-- | C] () -- C:\Users\Colin\AppData\Local\keyfile3.drm
[2010/07/18 21:14:55 | 000,000,632 | ---- | C] () -- C:\Users\Colin\ntuser.pol
[2010/07/14 08:24:28 | 000,038,491 | ---- | C] () -- C:\Users\Colin\AppData\Roaming\Comma Separated Values (DOS).ADR
[2010/07/05 13:43:50 | 000,059,074 | ---- | C] () -- C:\Users\Colin\start.class
[2010/07/05 13:43:50 | 000,020,415 | ---- | C] () -- C:\Users\Colin\W800.1bt
[2010/07/05 13:43:50 | 000,009,656 | ---- | C] () -- C:\Users\Colin\g.class
[2010/07/05 13:43:50 | 000,008,916 | ---- | C] () -- C:\Users\Colin\f.class
[2010/07/05 13:43:50 | 000,004,494 | ---- | C] () -- C:\Users\Colin\q.class
[2010/07/05 13:43:50 | 000,003,984 | ---- | C] () -- C:\Users\Colin\b.class
[2010/07/05 13:43:50 | 000,003,374 | ---- | C] () -- C:\Users\Colin\d.class
[2010/07/05 13:43:50 | 000,002,872 | ---- | C] () -- C:\Users\Colin\l.class
[2010/07/05 13:43:50 | 000,002,634 | ---- | C] () -- C:\Users\Colin\k.class
[2010/07/05 13:43:50 | 000,002,521 | ---- | C] () -- C:\Users\Colin\c.class
[2010/07/05 13:43:50 | 000,002,206 | ---- | C] () -- C:\Users\Colin\j.class
[2010/07/05 13:43:50 | 000,002,118 | ---- | C] () -- C:\Users\Colin\i.class
[2010/07/05 13:43:50 | 000,001,950 | ---- | C] () -- C:\Users\Colin\v.class
[2010/07/05 13:43:50 | 000,001,495 | ---- | C] () -- C:\Users\Colin\h.class
[2010/07/05 13:43:50 | 000,001,461 | ---- | C] () -- C:\Users\Colin\u.class
[2010/07/05 13:43:50 | 000,001,445 | ---- | C] () -- C:\Users\Colin\s.class
[2010/07/05 13:43:50 | 000,001,002 | ---- | C] () -- C:\Users\Colin\c
[2010/07/05 13:43:50 | 000,000,959 | ---- | C] () -- C:\Users\Colin\a
[2010/07/05 13:43:50 | 000,000,949 | ---- | C] () -- C:\Users\Colin\r.class
[2010/07/05 13:43:50 | 000,000,884 | ---- | C] () -- C:\Users\Colin\e.class
[2010/07/05 13:43:50 | 000,000,863 | ---- | C] () -- C:\Users\Colin\b
[2010/07/05 13:43:50 | 000,000,839 | ---- | C] () -- C:\Users\Colin\p.class
[2010/07/05 13:43:50 | 000,000,771 | ---- | C] () -- C:\Users\Colin\m.class
[2010/07/05 13:43:50 | 000,000,682 | ---- | C] () -- C:\Users\Colin\n.class
[2010/07/05 13:43:50 | 000,000,113 | ---- | C] () -- C:\Users\Colin\LED
[2010/07/05 13:43:50 | 000,000,095 | ---- | C] () -- C:\Users\Colin\o.class
[2010/07/05 13:43:50 | 000,000,091 | ---- | C] () -- C:\Users\Colin\t.class
[2010/07/05 13:43:50 | 000,000,091 | ---- | C] () -- C:\Users\Colin\a.class
[2010/06/26 09:30:26 | 010,294,792 | ---- | C] () -- C:\Users\Colin\mirror world cup wallchartA3.pdf
[2010/05/29 08:29:40 | 000,113,306 | ---- | C] () -- C:\Users\Colin\Mobile_Phone_Software_Pack_2010_Edition.zip
[2010/05/28 07:36:40 | 000,000,167 | ---- | C] () -- C:\Users\Colin\udownload.dat
[2010/05/22 13:45:57 | 000,005,007 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2010/05/19 06:15:46 | 000,000,359 | ---- | C] () -- C:\Users\Colin\Recycle Bin - Shortcut.lnk
[2010/05/16 12:58:30 | 000,007,621 | ---- | C] () -- C:\Users\Colin\AppData\Local\resmon.resmoncfg
[2010/05/09 01:32:55 | 000,037,704 | ---- | C] () -- C:\Users\Colin\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/05/05 18:08:35 | 000,000,005 | ---- | C] () -- C:\Users\Colin\AppData\Roaming\openList.awt
[2010/05/05 18:08:35 | 000,000,005 | ---- | C] () -- C:\Users\Colin\AppData\Roaming\closedList.awt
[2010/04/08 05:36:40 | 000,893,952 | ---- | C] () -- C:\Users\Colin\opticalillusions01-1-1.pps
[2010/04/06 19:54:15 | 000,152,031 | ---- | C] () -- C:\Users\Colin\Southern Shih Tzu Application form-pdf.pdf
[2010/03/11 17:43:13 | 000,000,009 | ---- | C] () -- C:\Users\Colin\usb003
[2010/03/08 23:07:12 | 000,000,600 | ---- | C] () -- C:\Users\Colin\PUTTY.RND
[2010/02/05 09:35:45 | 001,492,261 | ---- | C] () -- C:\Users\Colin\PJ033236-Pubsclubscombinedpresentation_Final_V1aqua.pdf
[2009/12/10 20:13:48 | 000,000,010 | ---- | C] () -- C:\Users\Colin\USB001
[2009/12/09 05:33:55 | 000,222,942 | ---- | C] () -- C:\Users\Colin\Full page fax print.pdf
[2009/11/02 05:39:39 | 000,255,358 | ---- | C] () -- C:\Users\Colin\13 x 18 cm. cutout prints.pdf
[2009/05/10 17:23:44 | 000,619,939 | ---- | C] () -- C:\Users\Colin\19 Longford Road.pdf
[2008/12/12 17:15:15 | 000,525,668 | ---- | C] () -- C:\Users\Colin\mhtml_mid___00000013_.pdf
[2008/12/12 17:06:20 | 000,019,844 | ---- | C] () -- C:\Users\Colin\Document1.pdf
[2006/01/04 01:00:00 | 000,094,533 | ---- | C] () -- C:\Users\Colin\btscanner.jar

========== LOP Check ==========

[2011/07/26 01:53:25 | 000,000,000 | ---D | M] -- C:\Users\CC\AppData\Roaming\Vodafone
[2011/02/09 22:43:07 | 000,000,000 | -HSD | M] -- C:\Users\Colin\AppData\Roaming\.#
[2012/06/05 16:43:50 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Amazon
[2012/06/30 21:00:09 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\AVG2012
[2011/12/23 00:29:34 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\AVSoftware
[2012/06/30 20:09:39 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Babylon
[2010/10/31 00:46:33 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\BitZipper
[2010/05/22 13:45:58 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Carambis
[2010/05/22 04:01:59 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\DeviceDoctorSoftware
[2010/05/22 06:00:18 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\DriverCure
[2010/05/22 08:37:47 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\DriverFinder
[2012/06/05 23:13:58 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Drivers For Free
[2011/08/29 01:26:08 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\eBookPro6
[2011/02/22 01:30:39 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\FCTB000061107
[2011/07/02 21:32:28 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\FDRLab
[2011/11/29 03:48:10 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\gcaltoolkit
[2010/10/07 00:30:56 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\GetRightToGo
[2011/07/06 01:49:00 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\GlarySoft
[2012/07/01 16:49:45 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\GoodSync
[2011/12/10 20:53:48 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\IObit
[2010/05/05 01:01:22 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\LegalSounds
[2011/06/05 20:10:06 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\MAGIX
[2011/12/28 00:27:50 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Nokia
[2011/12/01 06:59:44 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Paltalk
[2011/01/24 14:42:42 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\ParetoLogic
[2010/10/14 07:12:36 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Participatory Culture Foundation
[2011/12/28 00:27:09 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\PC Suite
[2010/10/19 05:37:00 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\PCF-VLC
[2011/01/02 03:30:30 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\PhotoScape
[2011/12/09 23:06:55 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Research In Motion
[2011/07/06 01:46:41 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Sammsoft
[2010/07/17 01:05:59 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Serif
[2010/10/21 23:10:44 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\SmartDraw
[2012/07/01 12:42:12 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Software Informer
[2012/06/21 19:51:19 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Spotify
[2011/06/05 20:14:22 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\SynthMaker
[2010/07/05 12:03:20 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\TeamViewer
[2010/10/19 07:17:01 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Template
[2011/06/24 08:05:28 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Tific
[2011/05/22 22:15:11 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\TomTom
[2010/05/05 03:29:01 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Trusteer
[2010/05/31 14:33:34 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\TuneUp Software
[2010/06/05 04:01:17 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Uniblue
[2012/06/28 03:09:44 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Usenet.nl
[2011/04/06 21:17:39 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Vodafone
[2011/04/17 19:58:49 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\WhiteSmoke
[2010/12/30 02:45:09 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Windows Live Writer
[2011/12/01 05:55:28 | 000,000,000 | ---D | M] -- C:\Users\Colin Campbell\AppData\Roaming\IObit
[2010/07/24 03:07:14 | 000,000,000 | ---D | M] -- C:\Users\Colin_2\AppData\Roaming\GoodSync
[2010/07/07 23:55:05 | 000,000,000 | ---D | M] -- C:\Users\Colin_2\AppData\Roaming\TuneUp Software
[2011/12/01 05:55:28 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2011/12/01 05:55:28 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
[2010/10/02 16:36:20 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\BitZipper
[2010/10/14 19:42:12 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Software Informer
[2010/10/08 17:28:57 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Trusteer
[2011/06/18 15:17:23 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Vodafone
[2010/10/10 14:01:52 | 000,000,000 | ---D | M] -- C:\Users\owner 2\AppData\Roaming\DriverCure
[2011/01/24 03:26:56 | 000,000,000 | ---D | M] -- C:\Users\owner 2\AppData\Roaming\GoodSync
[2010/10/10 23:49:37 | 000,000,000 | ---D | M] -- C:\Users\owner 2\AppData\Roaming\IObit
[2010/10/10 14:01:52 | 000,000,000 | ---D | M] -- C:\Users\owner 2\AppData\Roaming\ParetoLogic
[2010/10/10 13:43:44 | 000,000,000 | ---D | M] -- C:\Users\owner 2\AppData\Roaming\Trusteer
[2010/10/10 16:14:43 | 000,000,000 | ---D | M] -- C:\Users\owner 2\AppData\Roaming\Uniblue
[2012/07/02 01:15:11 | 000,000,324 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2012/07/01 18:00:00 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
[2012/05/08 08:31:34 | 000,000,494 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
[2012/06/28 04:47:00 | 000,000,404 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor Defrag.job
[2012/04/28 15:13:52 | 000,000,276 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
[2012/05/16 07:47:35 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/06/10 22:00:00 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\SmartDefrag.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:DBC416F8
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:05E9FFE5
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:A3E39C6A

< End of report >


______________________________________________________________________________________________________________________________



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-02 19:55:55
-----------------------------
19:55:55.798 OS Version: Windows x64 6.1.7601 Service Pack 1
19:55:55.798 Number of processors: 2 586 0x170A
19:55:55.807 ComputerName: COLIN-VAIO UserName: Colin
19:56:00.953 Initialize success
19:56:36.824 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:56:36.839 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
19:56:36.845 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000093
19:56:36.850 Disk 1 Vendor: RICOH 02 Size: 305245MB BusType: 0
19:56:36.873 Disk 0 MBR read successfully
19:56:36.878 Disk 0 MBR scan
19:56:36.884 Disk 0 Windows 7 default MBR code
19:56:36.974 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 9656 MB offset 2048
19:56:37.033 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 19777536
19:56:37.044 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 295487 MB offset 19982336
19:56:37.288 Disk 0 scanning C:\Windows\system32\drivers
19:56:59.592 Service scanning
19:58:23.780 Modules scanning
19:58:23.800 Disk 0 trace - called modules:
19:58:23.860 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys ACPI.sys iaStor.sys hal.dll
19:58:23.860 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003e09790]
19:58:23.870 3 CLASSPNP.SYS[fffff8800200143f] -> nt!IofCallDriver -> [0xfffffa8003e06690]
19:58:23.880 5 PCTCore64.sys[fffff8800180c600] -> nt!IofCallDriver -> [0xfffffa8002351950]
19:58:23.890 7 ACPI.sys[fffff88000ed87a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002dc9050]
19:58:23.900 Scan finished successfully
19:59:28.772 Disk 0 MBR has been saved successfully to "C:\Users\Colin\Desktop\Fix Malware\MBR.dat"
19:59:28.862 The log file has been saved successfully to "C:\Users\Colin\Desktop\Fix Malware\OTL-2.7.12. 2.14Txt.txt"
20:10:18.350 Disk 0 MBR has been saved successfully to "C:\Users\Colin\Desktop\Fix Malware\MBR.dat"
20:10:18.357 The log file has been saved successfully to "C:\Users\Colin\Desktop\Fix Malware\aswMBR.txt"
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi you have posted the original OTL log - could I see the latest one please
  • 0

#5
smileysmile

smileysmile

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Apologies - here it is. For info Internet Explorer is being diverted even when I don't set Google Search as the homepage.

Thanks,


OTL logfile created on: 02/07/2012 19:11:15 - Run 2
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Colin\Desktop\Downloads\DOWNLOADS FROM JULY 2011
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 37.34% Memory free
7.17 Gb Paging File | 4.79 Gb Available in Paging File | 66.78% Paging File free
Paging file location(s): c:\pagefile.sys 4408 4408 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.56 Gb Total Space | 110.48 Gb Free Space | 38.29% Space Free | Partition Type: NTFS

Computer Name: COLIN-VAIO | User Name: Colin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Colin\Desktop\Downloads\DOWNLOADS FROM JULY 2011\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe ()
PRC - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
PRC - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.57\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll ()
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Users\Colin\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Colin\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll ()
MOD - C:\Users\Colin\AppData\Local\Google\Chrome\Application\20.0.1132.47\libglesv2.dll ()
MOD - C:\Users\Colin\AppData\Local\Google\Chrome\Application\20.0.1132.47\libegl.dll ()
MOD - C:\Users\Colin\AppData\Local\Google\Chrome\Application\20.0.1132.47\avutil-51.dll ()
MOD - C:\Users\Colin\AppData\Local\Google\Chrome\Application\20.0.1132.47\avformat-54.dll ()
MOD - C:\Users\Colin\AppData\Local\Google\Chrome\Application\20.0.1132.47\avcodec-54.dll ()
MOD - C:\Users\Colin\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll ()
MOD - C:\Users\Colin\AppData\Local\Google\Chrome\APPLIC~1\200113~1.47\gcswf32.dll ()
MOD - C:\Program Files (x86)\Hotspot Shield\bin\lang\gui-eng.dll ()
MOD - C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (SolutoService) -- C:\Program Files\Soluto\SolutoService.exe (Soluto)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (VUAgent) -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
SRV:64bit: - (SNMP) -- C:\Windows\SysNative\snmp.exe (Microsoft Corporation)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (VSNService) -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
SRV:64bit: - (FcsNapSha) -- C:\Windows\SysNative\FcsNapSha.exe (Microsoft Corporation)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (RtkAudioService) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor)
SRV:64bit: - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV:64bit: - (VcmINSMgr) -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
SRV:64bit: - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (TlntSvr) -- C:\Windows\SysNative\tlntsvr.exe (Microsoft Corporation)
SRV:64bit: - (simptcp) -- C:\Windows\SysNative\TCPSVCS.EXE (Microsoft Corporation)
SRV:64bit: - (CISVC) -- C:\Windows\SysNative\CISVC.EXE (Microsoft Corporation)
SRV:64bit: - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)
SRV:64bit: - (lxcf_device) -- C:\Windows\SysNative\lxcfcoms.exe ( )
SRV - (vToolbarUpdater11.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (HssTrayService) -- C:\Program Files (x86)\Hotspot Shield\bin\HSSTrayService.exe ()
SRV - (hshld) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe ()
SRV - (HssWd) -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe ()
SRV - (AdvancedSystemCareService5) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (IMFservice) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (HssSrv) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (PCCUJobMgr) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.57\ccSvcHst.exe (Symantec Corporation)
SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.57\SymcPCCULaunchSvc.exe (Symantec Corporation)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (SNMP) -- C:\Windows\SysWOW64\snmp.exe (Microsoft Corporation)
SRV - (FirebirdGuardianDefaultInstance) -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe (Firebird Project)
SRV - (FirebirdServerDefaultInstance) -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe (Firebird Project)
SRV - (VmbService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe (Vodafone)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (McSysmon) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (sdCoreService) -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (SOHPlMgr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (SOHDBSvr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (simptcp) -- C:\Windows\SysWOW64\TCPSVCS.EXE (Microsoft Corporation)
SRV - (Roxio Upnp Server 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (lxcf_device) -- C:\Windows\SysWOW64\lxcfcoms.exe ( )


========== Driver Services (SafeList) ==========

DRV:64bit: - (82644766) -- C:\Windows\SysNative\drivers\82644766.sys (Kaspersky Lab ZAO)
DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\drivers\SWDUMon.sys ()
DRV:64bit: - (Soluto) -- C:\Windows\SysNative\drivers\Soluto.sys (Soluto LTD.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (HssDrv) -- C:\Windows\SysNative\drivers\HssDrv.sys (AnchorFree Inc.)
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (Avgfwfd) -- C:\Windows\SysNative\drivers\avgfwd6a.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (ZTEusbwwan) -- C:\Windows\SysNative\drivers\ZTEusbwwan.sys (ZTE Incorporated)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys ()
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (ZTEusbvoice) -- C:\Windows\SysNative\drivers\zteusbvoice.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (MBB Incorporated)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (vodafone_K380x-z_dc_enum) -- C:\Windows\SysNative\drivers\vodafone_K380x-z_dc_enum.sys (Vodafone)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Btcsrusb) -- C:\Windows\SysNative\drivers\btcusb.sys (IVT Corporation.)
DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys (McAfee, Inc.)
DRV:64bit: - (CbFs) -- C:\Windows\SysNative\drivers\cbfs.sys (EldoS Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (PCTCore) -- C:\Windows\SysNative\drivers\PCTCore64.sys (PC Tools)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (BthAvrcp) -- C:\Windows\SysNative\drivers\BthAvrcp.sys (CSR, plc)
DRV:64bit: - (IntcHdmiAddService) Intel® -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel® Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (risdptsk) -- C:\Windows\SysNative\drivers\risdsn64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimssn64.sys (REDC)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (Dot4Scan) -- C:\Windows\SysNative\drivers\Dot4Scan.sys (Microsoft Corporation)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (netw5v64) Intel® -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (MPFP) -- C:\Windows\SysNative\drivers\Mpfp.sys (McAfee, Inc.)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (csr_a2dp) -- C:\Windows\SysNative\drivers\bthav.sys (CSR, plc)
DRV:64bit: - (emAudio) -- C:\Windows\SysNative\drivers\emAudio64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (DCamUSBEMPIA) -- C:\Windows\SysNative\drivers\emDevice64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (FiltUSBEMPIA) -- C:\Windows\SysNative\drivers\emFilter64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (ScanUSBEMPIA) -- C:\Windows\SysNative\drivers\emScan64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (MarvinBus) -- C:\Windows\SysNative\drivers\MarvinBus64.sys (Pinnacle Systems GmbH)
DRV - (UrlFilter) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys (IObit.com)
DRV - (RegFilter) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys (IObit.com)
DRV - (FileMonitor) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys (IObit)
DRV - (PfFilter) -- C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys (IObit Information Technology)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsof...obby/search.asp
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsof...obby/search.asp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim....3.1010000&st=10
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{099EF85B-3260-4b87-9239-33355EE6A548}: "URL" = http://results.myway...r={searchTerms}
IE - HKLM\..\SearchScopes\{09BF01E0-CFE9-4104-B0BB-B5724D999A05}: "URL" = http://slirsredirect...hromesbox-en-uk
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Colin\Favorites\Downloads\FOOTBALL BETTING SOFTWARE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim....3.1010000&st=10
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{2282A0CE-B42D-4BE2-97DF-98322F665385}: "URL" = http://visualsearch....q={searchTerms}
IE - HKCU\..\SearchScopes\{4C8B3851-05E2-4660-B181-72840E5785F3}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{6BC079BB-5474-4CD2-A048-905E648B6E21}: "URL" = http://uk.search.yah...p={searchTerms}
IE - HKCU\..\SearchScopes\{6F8D3DBD-C0AB-4ACE-9E22-6A4CA4EF8E67}: "URL" = http://www.google.co...rchTerms}&meta=
IE - HKCU\..\SearchScopes\{861E8928-6140-4CB5-8DF7-7E7E9FD7EA98}: "URL" = http://websearch.ask...apn_dtid=OSJ000
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-06-30 20:58:29&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...540501721747738
IE - HKCU\..\SearchScopes\{E36AC8FA-77B0-4E67-9AB8-B1F9E88AAF31}: "URL" = http://services.zini...}&rf=sonyslices
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com Search"
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "SweetIM Search"
FF - prefs.js..browser.startup.homepage: "http://home.sweetim.....1010000&st=10"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.3
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.3
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.3.1
FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.1.3
FF - prefs.js..extensions.enabledItems: {45e16761-660c-41a4-984f-56986fba2137}:1.0.2
FF - prefs.js..extensions.enabledItems: {5C46D283-ABDE-4dce-B83C-08881401921C}:2.1.6
FF - prefs.js..extensions.enabledItems: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.4.14
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.95
FF - prefs.js..extensions.enabledItems: {c95a4e8e-816d-4655-8c79-d736da1adb6d}:3.7.0.6
FF - prefs.js..extensions.enabledItems: {d5ea4520-61a1-11da-8cd6-0800200c9a66}:2009.07.19
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.1
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:3.7.0.6
FF - prefs.js..extensions.enabledItems: {5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8}:2.0
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.67
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.socks_version: 4
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: ""
FF - prefs.js..browser.startup.homepage: ""


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Colin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Colin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2011/02/12 13:37:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2010/05/01 01:57:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/05 22:00:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2011/12/28 00:25:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/06/30 20:58:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/06/30 20:54:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/06/30 20:58:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/19 10:51:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/19 22:40:39 | 000,000,000 | ---D | M]

[2012/07/01 11:44:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Colin\AppData\Roaming\mozilla\Extensions
[2011/05/22 22:15:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Colin\AppData\Roaming\mozilla\Extensions\[email protected]
[2012/07/01 21:44:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\t98nhymg.default\extensions
[2011/10/13 09:36:52 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\t98nhymg.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2011/10/13 09:36:47 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\t98nhymg.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2011/03/21 20:57:01 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\t98nhymg.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2011/11/09 00:13:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\t98nhymg.default\extensions\{90eee664-34b1-422a-a782-779af65cdf6d}-trash
[2011/10/13 09:36:42 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\t98nhymg.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/10/09 18:39:00 | 000,000,000 | ---D | M] (QuickProxy) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\t98nhymg.default\extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66}
[2012/06/06 22:20:39 | 000,000,000 | ---D | M] (ReImage Helper) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\t98nhymg.default\extensions\[email protected]
[2011/11/20 12:18:26 | 000,000,000 | ---D | M] (FDislike) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\t98nhymg.default\extensions\[email protected]
[2011/07/02 21:48:16 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\t98nhymg.default\extensions\[email protected]
[2011/10/13 09:36:58 | 000,000,000 | ---D | M] (Shareaholic) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\t98nhymg.default\extensions\[email protected]
[2012/06/30 20:09:30 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\t98nhymg.default\extensions\[email protected]
[2011/10/13 09:36:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\t98nhymg.default\extensions\[email protected]\chrome
[2011/10/13 09:36:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\t98nhymg.default\extensions\[email protected]\defaults
[2011/11/17 20:25:44 | 000,002,333 | ---- | M] () -- C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\t98nhymg.default\searchplugins\askcom.xml
[2012/02/27 11:11:29 | 000,002,306 | ---- | M] () -- C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\t98nhymg.default\searchplugins\askcomsearch.xml
[2010/12/15 16:12:32 | 000,000,923 | ---- | M] () -- C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\t98nhymg.default\searchplugins\conduit.xml
[2011/03/20 23:36:33 | 000,002,207 | ---- | M] () -- C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\t98nhymg.default\searchplugins\MyStart Search.xml
[2012/07/02 17:12:35 | 000,003,948 | ---- | M] () -- C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\t98nhymg.default\searchplugins\sweetim.xml
[2012/07/01 11:44:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/27 11:10:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/04/29 21:00:28 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2012/07/01 11:42:44 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2011/11/25 05:38:18 | 000,623,219 | ---- | M] () (No name found) -- C:\USERS\COLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T98NHYMG.DEFAULT\EXTENSIONS\[email protected]
[2011/11/05 08:10:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/10/13 23:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2012/02/27 11:09:49 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/05 04:44:20 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/06/30 20:58:18 | 000,003,748 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/11/05 04:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/05 04:44:20 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/11/05 04:44:20 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/12/22 07:31:34 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2011/11/05 04:44:20 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: SweetIM Search (Enabled)
CHR - default_search_provider: search_url = http://search.sweeti...q={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Colin\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Colin\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Colin\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Colin\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: The Guardian = C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\amckaikgfcndaokapfcedicfmagoghlg\1.7.2_0\
CHR - Extension: Wunderlist = C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjliknjliaohjgjajlgolhijphojjdkc\1.0.2_0\
CHR - Extension: ReImage Browser Helper = C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmdfpnpdmnjaffhcdbobdjpolhpacaem\1.0.5_0\
CHR - Extension: AVG Safe Search = C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\
CHR - Extension: RoboForm Lite = C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kidhjpmgjfbkmcfpfakmdddddgfbhahj\3.2.0_0\
CHR - Extension: AVG Do Not Track = C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\

O1 HOSTS File: ([2012/07/02 18:53:33 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110125133743.dll (McAfee, Inc.)
O2:64bit: - BHO: (BrowserHelper Class) - {EDF48A39-1442-463F-9F4E-F376A78D034A} - C:\Program Files (x86)\Livedrive\LivedriveExplorerExtensions.dll (Livedrive Internet Ltd)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110125133743.dll (McAfee, Inc.)
O2 - BHO: (ReImage Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\ReImageCompanion\updatebhoWin32.dll ( )
O2 - BHO: (ReImage Browser Helper) - {a0e8bc7d-6959-40b6-8e05-204d9768ad6e} - C:\Program Files (x86)\ReImageCompanion\jsloader.dll (ReImage)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [RIMDeviceManager] C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe (Research In Motion Limited)
O4 - Startup: C:\Users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_82644766.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Clear Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComClearFields.html ()
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Identities Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html ()
O8:64bit: - Extra context menu item: Logoff - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComLogoff.html ()
O8:64bit: - Extra context menu item: Passcards Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditPass.html ()
O8:64bit: - Extra context menu item: Password Generator - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html ()
O8:64bit: - Extra context menu item: Reset Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComResetFields.html ()
O8:64bit: - Extra context menu item: RoboForm Options - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComOptions.html ()
O8:64bit: - Extra context menu item: RoboForm TaskBar Icon - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Safenotes Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditNote.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Set Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSetFields.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Clear Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComClearFields.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Identities Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html ()
O8 - Extra context menu item: Logoff - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComLogoff.html ()
O8 - Extra context menu item: Passcards Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditPass.html ()
O8 - Extra context menu item: Password Generator - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html ()
O8 - Extra context menu item: Reset Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComResetFields.html ()
O8 - Extra context menu item: RoboForm Options - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComOptions.html ()
O8 - Extra context menu item: RoboForm TaskBar Icon - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Safenotes Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditNote.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Set Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSetFields.html ()
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: google.com ([mail] https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Value error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...40320.363287037 (Update Class)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.bl...re/AxLoader.cab (RIM AxLoader)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valu...ashax/iefax.cab (Flash Casino Helper Control)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../PCPitStop2.cab (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37AC3727-0134-4EE1-95FD-A8B4B2A3119B}: NameServer = 10.73.152.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AD2AAC8-8A36-4590-84E6-260F6CF5030E}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E71868B7-EED6-40BE-9356-C83791F0C615}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\base64 - No CLSID value found
O18:64bit: - Protocol\Handler\chrome - No CLSID value found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\prox - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\ReImageCompanion\tdataprotocol.dll (reimage)
O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\ReImageCompanion\tdataprotocol.dll (reimage)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\ReImageCompanion\tdataprotocol.dll (reimage)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/02 19:05:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/07/02 18:52:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/02 18:19:44 | 000,000,000 | ---D | C] -- C:\Users\Colin\Desktop\RK_Quarantine
[2012/07/02 18:13:25 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/02 17:59:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/02 17:55:28 | 000,000,000 | ---D | C] -- C:\Users\Colin\Desktop\GOOGLE APPS
[2012/07/02 17:14:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/02 17:14:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/02 17:14:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/02 17:13:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/02 17:12:49 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/02 01:21:58 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/07/01 22:20:01 | 000,000,000 | ---D | C] -- C:\Users\Colin\Desktop\Fix Malware
[2012/07/01 20:06:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/07/01 20:04:24 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\82644766.sys
[2012/07/01 12:28:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2012/07/01 12:05:45 | 019,551,736 | ---- | C] (IObit ) -- C:\Users\Colin\Desktop\imf-setup.exe
[2012/06/30 21:00:09 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Roaming\AVG2012
[2012/06/30 20:59:21 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Local\AVG Secure Search
[2012/06/30 20:58:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/06/30 20:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/06/30 20:58:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/06/30 20:58:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/06/30 20:57:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/06/30 20:56:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012/06/30 20:53:36 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/06/30 20:53:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2012/06/30 20:13:06 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Local\Macromedia
[2012/06/30 20:12:20 | 000,000,000 | ---D | C] -- C:\ProgramData\hssff
[2012/06/30 20:12:04 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Local\Zoom_Downloader
[2012/06/30 20:09:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2012/06/30 19:47:42 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/06/30 19:44:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/06/30 19:39:16 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/06/28 01:40:51 | 000,000,000 | --SD | C] -- C:\Users\Colin\Google Drive
[2012/06/28 01:32:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2012/06/25 17:06:59 | 000,000,000 | ---D | C] -- C:\Users\Colin\Documents\New folder (8)
[2012/06/25 16:48:53 | 000,000,000 | ---D | C] -- C:\Users\Colin\Documents\Usenet.nl
[2012/06/25 16:48:52 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Roaming\Usenet.nl
[2012/06/25 16:48:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Usenet.nl
[2012/06/25 16:48:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Usenet.nl
[2012/06/06 23:41:36 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BlackBerry
[2012/06/06 22:21:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
[2012/06/06 22:21:26 | 000,000,000 | ---D | C] -- C:\rei
[2012/06/06 22:21:12 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2012/06/06 22:20:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ReImageCompanion
[2012/06/06 21:39:41 | 000,000,000 | ---D | C] -- C:\MATS
[2012/06/06 11:13:44 | 000,000,000 | ---D | C] -- C:\8b96cd66e904b54a5771d097
[2012/06/06 02:13:55 | 000,000,000 | ---D | C] -- C:\BLUETOOTH JUNE 2012
[2012/06/06 02:13:50 | 000,000,000 | ---D | C] -- C:\New folder (2)
[2012/06/06 02:12:55 | 000,000,000 | ---D | C] -- C:\Users\Colin\Documents\Blueooth drivers etc June 2012
[2012/06/06 00:14:10 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Local\SlimWare Utilities Inc
[2012/06/06 00:13:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2012/06/05 23:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Drivers For Free
[2012/06/05 23:14:19 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Local\Drivers_For_Free
[2012/06/05 23:13:58 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Roaming\Drivers For Free
[2012/06/05 20:29:09 | 000,000,000 | ---D | C] -- C:\VAIO
[2012/06/05 20:23:02 | 000,000,000 | ---D | C] -- C:\New folder
[2012/06/04 15:35:49 | 000,000,000 | ---D | C] -- C:\Users\Colin\Desktop\BLACKBERRY TRANSFERS
[2012/06/04 14:16:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion
[2012/06/04 14:15:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\XCPCSync.OEM
[2012/06/04 10:20:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Deployment Toolkit
[2012/06/04 10:20:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Deployment Toolkit

========== Files - Modified Within 30 Days ==========

[2012/07/02 19:27:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-247563849-1891965759-2374117565-1000UA.job
[2012/07/02 19:26:02 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/02 19:10:52 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/02 19:10:52 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/02 19:05:15 | 000,001,030 | ---- | M] () -- C:\Users\Colin\Desktop\07022012_185209 - Shortcut.lnk
[2012/07/02 19:00:59 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012/07/02 19:00:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/02 19:00:02 | 2311,335,936 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/02 18:56:32 | 100,961,505 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/07/02 18:56:30 | 000,191,013 | ---- | M] () -- C:\Users\Colin\Desktop\700955.htm
[2012/07/02 18:55:58 | 000,024,533 | ---- | M] () -- C:\Users\Colin\Desktop\search.htm
[2012/07/02 18:53:33 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/07/02 18:00:00 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2012/07/02 17:59:06 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/02 17:12:40 | 000,002,065 | ---- | M] () -- C:\Users\Colin\Desktop\Continue SweetIM Installation.lnk
[2012/07/02 11:48:01 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/07/02 01:20:57 | 000,873,490 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/02 01:20:57 | 000,732,570 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/02 01:20:57 | 000,149,348 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/01 20:47:31 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\82644766.sys
[2012/07/01 20:06:25 | 000,001,008 | ---- | M] () -- C:\Users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_82644766.lnk
[2012/07/01 18:52:07 | 000,022,740 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/07/01 12:28:07 | 000,001,133 | ---- | M] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2012/07/01 12:16:49 | 000,001,099 | ---- | M] () -- C:\Users\Colin\Desktop\IObit - Shortcut.lnk
[2012/07/01 12:05:48 | 019,551,736 | ---- | M] (IObit ) -- C:\Users\Colin\Desktop\imf-setup.exe
[2012/07/01 11:28:37 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-247563849-1891965759-2374117565-1000Core.job
[2012/06/30 20:56:44 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/06/30 20:56:44 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/06/30 20:10:13 | 000,000,250 | ---- | M] () -- C:\user.js
[2012/06/29 16:44:51 | 000,000,133 | ---- | M] () -- C:\Users\Colin\Desktop\Today's Racecards Sporting Life - Horse Racing News Live Racing Results, Racecards, Live Betting Shows.url
[2012/06/28 03:09:37 | 000,075,387 | ---- | M] () -- C:\Users\Colin\Desktop\Usenet cancellation 2.JPG
[2012/06/28 01:40:52 | 000,001,707 | ---- | M] () -- C:\Users\Colin\Desktop\Google Drive.lnk
[2012/06/25 16:53:34 | 000,001,849 | ---- | M] () -- C:\Users\Colin\Desktop\Usenet.nl.lnk
[2012/06/25 14:03:21 | 000,000,202 | ---- | M] () -- C:\Users\Colin\Desktop\EMPLOYEE SURVEY.url
[2012/06/24 15:45:59 | 000,000,236 | ---- | M] () -- C:\Users\Colin\Desktop\Special Audiobook Download Offer Downloadable Audio Books, iPhone, Android and Digital Audio Books Audible Audiobooks Audible.co.uk.url
[2012/06/13 19:55:58 | 000,546,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/11 15:21:11 | 000,001,118 | ---- | M] () -- C:\Users\Colin\Desktop\Ladbrokes - Shortcut.lnk
[2012/06/10 22:19:34 | 000,007,168 | -H-- | M] () -- C:\Users\Colin\Desktop\photothumb.db
[2012/06/06 23:58:56 | 000,068,527 | ---- | M] () -- C:\Users\Colin\Desktop\BlackBerry Desktop Software readme.rtf
[2012/06/06 23:24:05 | 000,002,865 | ---- | M] () -- C:\Users\Colin\Desktop\BlackBerry - Shortcut (2).lnk
[2012/06/06 22:22:17 | 000,000,286 | ---- | M] () -- C:\Windows\reimage.ini
[2012/06/06 18:18:44 | 000,000,355 | ---- | M] () -- C:\Users\Colin\Computer - Shortcut.lnk
[2012/06/06 10:18:29 | 000,000,123 | ---- | M] () -- C:\Users\Colin\Desktop\Microsoft Fix it.url
[2012/06/06 04:58:11 | 000,015,672 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2012/06/06 00:20:24 | 000,000,162 | -H-- | M] () -- C:\Users\Colin\Desktop\~$IO DRIVERS FOR DISK READER ETC.rtf
[2012/06/05 15:32:33 | 000,007,621 | ---- | M] () -- C:\Users\Colin\AppData\Local\resmon.resmoncfg
[2012/06/04 18:07:44 | 000,002,191 | ---- | M] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
[2012/06/04 01:34:27 | 000,000,218 | ---- | M] () -- C:\Users\Colin\Desktop\Back To The Noose by Jak Paxton Song Free Music, Listen Now.url

========== Files Created - No Company Name ==========

[2012/07/02 19:05:15 | 000,001,030 | ---- | C] () -- C:\Users\Colin\Desktop\07022012_185209 - Shortcut.lnk
[2012/07/02 18:56:37 | 000,191,013 | ---- | C] () -- C:\Users\Colin\Desktop\700955.htm
[2012/07/02 18:56:32 | 100,961,505 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/07/02 18:56:23 | 000,024,533 | ---- | C] () -- C:\Users\Colin\Desktop\search.htm
[2012/07/02 17:14:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/02 17:14:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/02 17:14:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/02 17:14:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/02 17:14:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/02 17:02:03 | 000,002,065 | ---- | C] () -- C:\Users\Colin\Desktop\Continue SweetIM Installation.lnk
[2012/07/01 20:06:25 | 000,001,008 | ---- | C] () -- C:\Users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_82644766.lnk
[2012/07/01 18:52:05 | 000,022,740 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/07/01 12:28:07 | 000,001,133 | ---- | C] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2012/07/01 12:16:49 | 000,001,099 | ---- | C] () -- C:\Users\Colin\Desktop\IObit - Shortcut.lnk
[2012/06/30 20:56:44 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/06/30 20:56:44 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/06/30 20:10:11 | 000,000,250 | ---- | C] () -- C:\user.js
[2012/06/29 16:44:51 | 000,000,133 | ---- | C] () -- C:\Users\Colin\Desktop\Today's Racecards Sporting Life - Horse Racing News Live Racing Results, Racecards, Live Betting Shows.url
[2012/06/28 03:09:37 | 000,075,387 | ---- | C] () -- C:\Users\Colin\Desktop\Usenet cancellation 2.JPG
[2012/06/28 01:40:52 | 000,001,707 | ---- | C] () -- C:\Users\Colin\Desktop\Google Drive.lnk
[2012/06/25 16:48:44 | 000,001,849 | ---- | C] () -- C:\Users\Colin\Desktop\Usenet.nl.lnk
[2012/06/25 14:01:48 | 000,000,202 | ---- | C] () -- C:\Users\Colin\Desktop\EMPLOYEE SURVEY.url
[2012/06/24 15:45:59 | 000,000,236 | ---- | C] () -- C:\Users\Colin\Desktop\Special Audiobook Download Offer Downloadable Audio Books, iPhone, Android and Digital Audio Books Audible Audiobooks Audible.co.uk.url
[2012/06/10 14:55:06 | 000,007,168 | -H-- | C] () -- C:\Users\Colin\Desktop\photothumb.db
[2012/06/10 14:54:06 | 000,000,098 | -HS- | C] () -- C:\Windows\WSYS049.SYS
[2012/06/06 23:58:55 | 000,068,527 | ---- | C] () -- C:\Users\Colin\Desktop\BlackBerry Desktop Software readme.rtf
[2012/06/06 23:24:05 | 000,002,865 | ---- | C] () -- C:\Users\Colin\Desktop\BlackBerry - Shortcut (2).lnk
[2012/06/06 18:18:44 | 000,000,355 | ---- | C] () -- C:\Users\Colin\Computer - Shortcut.lnk
[2012/06/06 10:18:29 | 000,000,123 | ---- | C] () -- C:\Users\Colin\Desktop\Microsoft Fix it.url
[2012/06/06 00:20:24 | 000,000,162 | -H-- | C] () -- C:\Users\Colin\Desktop\~$IO DRIVERS FOR DISK READER ETC.rtf
[2012/06/06 00:14:13 | 000,015,672 | ---- | C] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2012/06/04 01:34:25 | 000,000,218 | ---- | C] () -- C:\Users\Colin\Desktop\Back To The Noose by Jak Paxton Song Free Music, Listen Now.url
[2011/12/23 00:33:05 | 000,002,496 | ---- | C] () -- C:\Windows\SysWow64\AVRedirector.ini
[2011/12/23 00:33:05 | 000,001,248 | ---- | C] () -- C:\Windows\SysWow64\AVRedirectorOff.ini
[2011/12/12 11:25:40 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/12/07 00:55:54 | 000,159,249 | ---- | C] () -- C:\Windows\Bet wizard Uninstaller.exe
[2011/11/20 23:13:38 | 000,000,189 | ---- | C] () -- C:\Users\Colin\Guitar Tuner @ Chordbook.Com.url
[2011/09/26 22:12:31 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011/08/28 02:17:02 | 000,012,288 | ---- | C] () -- C:\Users\Colin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/03 01:45:38 | 000,704,000 | ---- | C] () -- C:\Windows\is-NAUMG.exe
[2011/07/02 22:31:16 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/07/02 22:31:16 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/07/02 21:55:27 | 000,017,408 | ---- | C] () -- C:\Users\Colin\AppData\Local\WebpageIcons.db
[2011/07/02 01:41:11 | 000,208,178 | ---- | C] () -- C:\Windows\Photo Pos Pro Uninstaller.exe
[2011/06/05 19:41:31 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011/02/27 00:50:51 | 001,503,232 | ---- | C] () -- C:\Windows\SysWow64\ptj.exe
[2011/02/27 00:50:50 | 004,369,408 | ---- | C] () -- C:\Windows\SysWow64\pdftk.exe
[2011/02/27 00:50:50 | 000,235,008 | ---- | C] () -- C:\Windows\SysWow64\office.exe
[2011/01/20 21:40:03 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2011/01/11 21:31:07 | 000,356,197 | ---- | C] () -- C:\Users\Colin\mural-tile.jpg
[2010/12/08 15:42:32 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfinpa.dll
[2010/12/08 15:42:32 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfiesc.dll
[2010/12/08 15:42:32 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcfcomx.dll
[2010/12/08 15:42:32 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\lxcfinst.dll
[2010/12/08 15:42:31 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfpmui.dll
[2010/12/08 15:42:30 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfusb1.dll
[2010/12/08 15:42:29 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfserv.dll
[2010/12/08 15:42:29 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfppls.exe
[2010/12/08 15:42:29 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfprox.dll
[2010/12/08 15:42:29 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfpplc.dll
[2010/12/08 15:42:28 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfhbn3.dll
[2010/12/08 15:42:28 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcflmpm.dll
[2010/12/08 15:42:28 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfcoms.exe
[2010/12/08 15:42:28 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfih.exe
[2010/12/08 15:42:27 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfcomc.dll
[2010/12/08 15:42:27 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfcomm.dll
[2010/12/08 15:42:26 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfcfg.exe
[2010/10/23 04:39:14 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2010/10/19 07:17:01 | 000,000,000 | ---- | C] () -- C:\Users\Colin\AppData\Roaming\wklnhst.dat
[2010/09/24 13:20:39 | 000,127,494 | ---- | C] () -- C:\Users\Colin\cc dots.bmp
[2010/09/24 13:02:37 | 000,018,432 | -H-- | C] () -- C:\Users\Colin\photothumb.db
[2010/09/24 09:46:36 | 000,015,064 | ---- | C] () -- C:\Users\Colin\ear.jpg
[2010/08/11 11:43:50 | 000,159,464 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2010/07/26 14:03:32 | 000,004,096 | -H-- | C] () -- C:\Users\Colin\AppData\Local\keyfile3.drm
[2010/07/18 21:14:55 | 000,000,632 | ---- | C] () -- C:\Users\Colin\ntuser.pol
[2010/07/14 08:24:28 | 000,038,491 | ---- | C] () -- C:\Users\Colin\AppData\Roaming\Comma Separated Values (DOS).ADR
[2010/07/05 13:43:50 | 000,059,074 | ---- | C] () -- C:\Users\Colin\start.class
[2010/07/05 13:43:50 | 000,020,415 | ---- | C] () -- C:\Users\Colin\W800.1bt
[2010/07/05 13:43:50 | 000,009,656 | ---- | C] () -- C:\Users\Colin\g.class
[2010/07/05 13:43:50 | 000,008,916 | ---- | C] () -- C:\Users\Colin\f.class
[2010/07/05 13:43:50 | 000,004,494 | ---- | C] () -- C:\Users\Colin\q.class
[2010/07/05 13:43:50 | 000,003,984 | ---- | C] () -- C:\Users\Colin\b.class
[2010/07/05 13:43:50 | 000,003,374 | ---- | C] () -- C:\Users\Colin\d.class
[2010/07/05 13:43:50 | 000,002,872 | ---- | C] () -- C:\Users\Colin\l.class
[2010/07/05 13:43:50 | 000,002,634 | ---- | C] () -- C:\Users\Colin\k.class
[2010/07/05 13:43:50 | 000,002,521 | ---- | C] () -- C:\Users\Colin\c.class
[2010/07/05 13:43:50 | 000,002,206 | ---- | C] () -- C:\Users\Colin\j.class
[2010/07/05 13:43:50 | 000,002,118 | ---- | C] () -- C:\Users\Colin\i.class
[2010/07/05 13:43:50 | 000,001,950 | ---- | C] () -- C:\Users\Colin\v.class
[2010/07/05 13:43:50 | 000,001,495 | ---- | C] () -- C:\Users\Colin\h.class
[2010/07/05 13:43:50 | 000,001,461 | ---- | C] () -- C:\Users\Colin\u.class
[2010/07/05 13:43:50 | 000,001,445 | ---- | C] () -- C:\Users\Colin\s.class
[2010/07/05 13:43:50 | 000,001,002 | ---- | C] () -- C:\Users\Colin\c
[2010/07/05 13:43:50 | 000,000,959 | ---- | C] () -- C:\Users\Colin\a
[2010/07/05 13:43:50 | 000,000,949 | ---- | C] () -- C:\Users\Colin\r.class
[2010/07/05 13:43:50 | 000,000,884 | ---- | C] () -- C:\Users\Colin\e.class
[2010/07/05 13:43:50 | 000,000,863 | ---- | C] () -- C:\Users\Colin\b
[2010/07/05 13:43:50 | 000,000,839 | ---- | C] () -- C:\Users\Colin\p.class
[2010/07/05 13:43:50 | 000,000,771 | ---- | C] () -- C:\Users\Colin\m.class
[2010/07/05 13:43:50 | 000,000,682 | ---- | C] () -- C:\Users\Colin\n.class
[2010/07/05 13:43:50 | 000,000,113 | ---- | C] () -- C:\Users\Colin\LED
[2010/07/05 13:43:50 | 000,000,095 | ---- | C] () -- C:\Users\Colin\o.class
[2010/07/05 13:43:50 | 000,000,091 | ---- | C] () -- C:\Users\Colin\t.class
[2010/07/05 13:43:50 | 000,000,091 | ---- | C] () -- C:\Users\Colin\a.class
[2010/06/26 09:30:26 | 010,294,792 | ---- | C] () -- C:\Users\Colin\mirror world cup wallchartA3.pdf
[2010/05/29 08:29:40 | 000,113,306 | ---- | C] () -- C:\Users\Colin\Mobile_Phone_Software_Pack_2010_Edition.zip
[2010/05/28 07:36:40 | 000,000,167 | ---- | C] () -- C:\Users\Colin\udownload.dat
[2010/05/22 13:45:57 | 000,005,007 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2010/05/19 06:15:46 | 000,000,359 | ---- | C] () -- C:\Users\Colin\Recycle Bin - Shortcut.lnk
[2010/05/16 12:58:30 | 000,007,621 | ---- | C] () -- C:\Users\Colin\AppData\Local\resmon.resmoncfg
[2010/05/09 01:32:55 | 000,037,704 | ---- | C] () -- C:\Users\Colin\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/05/05 18:08:35 | 000,000,005 | ---- | C] () -- C:\Users\Colin\AppData\Roaming\openList.awt
[2010/05/05 18:08:35 | 000,000,005 | ---- | C] () -- C:\Users\Colin\AppData\Roaming\closedList.awt
[2010/04/08 05:36:40 | 000,893,952 | ---- | C] () -- C:\Users\Colin\opticalillusions01-1-1.pps
[2010/04/06 19:54:15 | 000,152,031 | ---- | C] () -- C:\Users\Colin\Southern Shih Tzu Application form-pdf.pdf
[2010/03/11 17:43:13 | 000,000,009 | ---- | C] () -- C:\Users\Colin\usb003
[2010/03/08 23:07:12 | 000,000,600 | ---- | C] () -- C:\Users\Colin\PUTTY.RND
[2010/02/05 09:35:45 | 001,492,261 | ---- | C] () -- C:\Users\Colin\PJ033236-Pubsclubscombinedpresentation_Final_V1aqua.pdf
[2009/12/10 20:13:48 | 000,000,010 | ---- | C] () -- C:\Users\Colin\USB001
[2009/12/09 05:33:55 | 000,222,942 | ---- | C] () -- C:\Users\Colin\Full page fax print.pdf
[2009/11/02 05:39:39 | 000,255,358 | ---- | C] () -- C:\Users\Colin\13 x 18 cm. cutout prints.pdf
[2009/05/10 17:23:44 | 000,619,939 | ---- | C] () -- C:\Users\Colin\19 Longford Road.pdf
[2008/12/12 17:15:15 | 000,525,668 | ---- | C] () -- C:\Users\Colin\mhtml_mid___00000013_.pdf
[2008/12/12 17:06:20 | 000,019,844 | ---- | C] () -- C:\Users\Colin\Document1.pdf
[2006/01/04 01:00:00 | 000,094,533 | ---- | C] () -- C:\Users\Colin\btscanner.jar

========== LOP Check ==========

[2012/06/05 16:43:50 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Amazon
[2012/06/30 21:00:09 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\AVG2012
[2011/12/23 00:29:34 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\AVSoftware
[2010/10/31 00:46:33 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\BitZipper
[2010/05/22 13:45:58 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Carambis
[2010/05/22 04:01:59 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\DeviceDoctorSoftware
[2010/05/22 06:00:18 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\DriverCure
[2010/05/22 08:37:47 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\DriverFinder
[2012/06/05 23:13:58 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Drivers For Free
[2011/08/29 01:26:08 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\eBookPro6
[2011/02/22 01:30:39 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\FCTB000061107
[2011/07/02 21:32:28 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\FDRLab
[2011/11/29 03:48:10 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\gcaltoolkit
[2010/10/07 00:30:56 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\GetRightToGo
[2011/07/06 01:49:00 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\GlarySoft
[2012/07/01 16:49:45 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\GoodSync
[2011/12/10 20:53:48 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\IObit
[2010/05/05 01:01:22 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\LegalSounds
[2011/06/05 20:10:06 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\MAGIX
[2011/12/28 00:27:50 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Nokia
[2011/12/01 06:59:44 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Paltalk
[2011/01/24 14:42:42 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\ParetoLogic
[2010/10/14 07:12:36 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Participatory Culture Foundation
[2011/12/28 00:27:09 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\PC Suite
[2010/10/19 05:37:00 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\PCF-VLC
[2011/01/02 03:30:30 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\PhotoScape
[2011/12/09 23:06:55 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Research In Motion
[2011/07/06 01:46:41 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Sammsoft
[2010/07/17 01:05:59 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Serif
[2010/10/21 23:10:44 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\SmartDraw
[2012/07/01 12:42:12 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Software Informer
[2012/06/21 19:51:19 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Spotify
[2011/06/05 20:14:22 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\SynthMaker
[2010/07/05 12:03:20 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\TeamViewer
[2010/10/19 07:17:01 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Template
[2011/06/24 08:05:28 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Tific
[2011/05/22 22:15:11 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\TomTom
[2010/05/05 03:29:01 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Trusteer
[2010/05/31 14:33:34 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\TuneUp Software
[2010/06/05 04:01:17 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Uniblue
[2012/06/28 03:09:44 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Usenet.nl
[2011/04/06 21:17:39 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Vodafone
[2010/12/30 02:45:09 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Windows Live Writer
[2012/07/02 19:00:59 | 000,000,324 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2012/07/02 18:00:00 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
[2012/05/08 08:31:34 | 000,000,494 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
[2012/04/28 15:13:52 | 000,000,276 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
[2012/05/16 07:47:35 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:DBC416F8
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:05E9FFE5
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:A3E39C6A

< End of report >
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Did you run aswMBR ?

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#7
smileysmile

smileysmile

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi - please find the ComboFix log below. Unfortunately Internet Explorer is still being diverted :(

Colin



ComboFix 12-06-28.03 - Colin 02/07/2012 21:53:31.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2939.1110 [GMT 1:00]
Running from: c:\users\Colin\Desktop\Downloads\DOWNLOADS FROM JULY 2011\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Spyware Doctor *Disabled/Outdated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-02 to 2012-07-02 )))))))))))))))))))))))))))))))
.
.
2012-07-02 21:24 . 2012-07-02 21:24 -------- d-----w- c:\users\owner 2\AppData\Local\temp
2012-07-02 21:24 . 2012-07-02 21:24 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-02 21:24 . 2012-07-02 21:24 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2012-07-02 21:24 . 2012-07-02 21:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-02 21:24 . 2012-07-02 21:24 -------- d-----w- c:\users\Colin_2\AppData\Local\temp
2012-07-02 21:24 . 2012-07-02 21:24 -------- d-----w- c:\users\Colin Campbell\AppData\Local\temp
2012-07-02 21:24 . 2012-07-02 21:24 -------- d-----w- c:\users\CC\AppData\Local\temp
2012-07-02 18:11 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1557BEF-7557-4178-800A-5C2277397F5B}\mpengine.dll
2012-07-02 17:52 . 2012-07-02 17:52 -------- d-----w- C:\_OTL
2012-07-02 00:21 . 2012-07-02 00:21 -------- d-----w- C:\_OTM
2012-07-01 19:06 . 2012-07-01 19:06 -------- d-----w- c:\programdata\Kaspersky Lab
2012-07-01 19:04 . 2012-07-01 19:47 460888 ----a-w- c:\windows\system32\drivers\82644766.sys
2012-07-01 10:41 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-30 20:00 . 2012-06-30 20:00 -------- d-----w- c:\users\Colin\AppData\Roaming\AVG2012
2012-06-30 19:59 . 2012-06-30 19:59 -------- d-----w- c:\users\Colin\AppData\Local\AVG Secure Search
2012-06-30 19:58 . 2012-06-30 19:59 -------- d-----w- c:\programdata\AVG Secure Search
2012-06-30 19:58 . 2012-06-30 19:58 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-06-30 19:58 . 2012-06-30 19:58 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-06-30 19:57 . 2012-06-30 19:57 -------- d--h--w- c:\programdata\Common Files
2012-06-30 19:56 . 2012-06-30 19:56 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-06-30 19:53 . 2012-06-30 19:53 -------- d-----w- C:\$AVG
2012-06-30 19:53 . 2012-07-02 17:56 -------- d-----w- c:\windows\system32\drivers\AVG
2012-06-30 19:13 . 2012-06-30 19:13 -------- d-----w- c:\users\Colin\AppData\Local\Macromedia
2012-06-30 19:12 . 2012-06-30 19:12 -------- d-----w- c:\programdata\hssff
2012-06-30 19:12 . 2012-06-30 19:12 -------- d-----w- c:\users\Colin\AppData\Local\Zoom_Downloader
2012-06-30 19:10 . 2012-06-30 19:10 250 ----a-w- C:\user.js
2012-06-30 19:09 . 2012-07-02 18:02 -------- d-----w- c:\program files (x86)\Yontoo
2012-06-30 18:47 . 2012-07-01 18:04 -------- d-----w- c:\programdata\AVG2012
2012-06-30 18:44 . 2012-06-30 18:44 -------- d-----w- c:\program files (x86)\AVG
2012-06-30 18:39 . 2012-07-02 17:56 -------- d-----w- c:\programdata\MFAData
2012-06-28 13:06 . 2012-06-28 13:06 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-28 13:06 . 2012-06-28 13:06 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-28 00:40 . 2012-06-30 19:02 -------- d-s---w- c:\users\Colin\Google Drive
2012-06-25 15:48 . 2012-06-28 02:09 -------- d-----w- c:\users\Colin\AppData\Roaming\Usenet.nl
2012-06-25 15:48 . 2012-06-25 15:53 -------- d-----w- c:\program files (x86)\Usenet.nl
2012-06-23 10:13 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-23 10:13 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-23 10:13 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-23 10:13 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-23 10:12 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-23 10:12 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-23 10:12 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-23 10:11 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-23 10:11 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-13 16:40 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 16:40 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 16:40 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 16:40 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 16:40 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-13 16:40 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 16:40 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 16:40 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 16:13 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 16:12 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-13 16:12 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-13 16:11 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 16:11 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-13 16:11 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 16:11 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 16:11 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-13 16:11 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-13 11:45 . 2012-02-10 07:40 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F441ADDE-19B5-4D2F-86D9-2C17549BEB24}\gapaengine.dll
2012-06-10 13:54 . 2002-07-31 18:55 98 --sh--w- c:\windows\WSYS049.SYS
2012-06-06 22:41 . 2012-06-06 22:55 69632 ----a-w- c:\users\Colin\AppData\Roaming\Microsoft\Installer\{6BE4AE10-65E3-4A04-A936-EF8D4DFDFFC5}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
2012-06-06 22:41 . 2012-06-06 22:55 413696 ----a-w- c:\users\Colin\AppData\Roaming\Microsoft\Installer\{6BE4AE10-65E3-4A04-A936-EF8D4DFDFFC5}\ARPPRODUCTICON.exe
2012-06-06 21:21 . 2012-06-06 21:22 -------- d-----w- C:\rei
2012-06-06 21:21 . 2012-06-06 21:21 -------- d-----w- c:\program files\Reimage
2012-06-06 21:20 . 2012-06-06 21:20 -------- d-----w- c:\program files (x86)\ReImageCompanion
2012-06-06 20:39 . 2012-06-06 20:39 -------- d-----w- C:\MATS
2012-06-06 10:13 . 2012-06-06 12:04 -------- d-----w- C:\8b96cd66e904b54a5771d097
2012-06-06 01:13 . 2012-06-06 17:52 -------- d-----w- C:\BLUETOOTH JUNE 2012
2012-06-06 01:13 . 2012-06-06 01:13 -------- d-----w- C:\New folder (2)
2012-06-05 23:14 . 2012-06-06 03:58 15672 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-06-05 23:14 . 2012-06-05 23:14 -------- d-----w- c:\users\Colin\AppData\Local\SlimWare Utilities Inc
2012-06-05 22:16 . 2012-06-05 22:16 -------- d-----w- c:\programdata\Drivers For Free
2012-06-05 22:14 . 2012-06-05 22:14 -------- d-----w- c:\users\Colin\AppData\Local\Drivers_For_Free
2012-06-05 22:13 . 2012-06-05 22:13 -------- d-----w- c:\users\Colin\AppData\Roaming\Drivers For Free
2012-06-05 19:29 . 2012-06-06 05:15 -------- d-----w- C:\VAIO
2012-06-05 19:23 . 2012-06-05 19:23 -------- d-----w- C:\New folder
2012-06-04 13:16 . 2012-06-04 13:16 -------- d-----w- c:\programdata\Research In Motion
2012-06-04 13:15 . 2012-06-04 13:16 -------- d-----w- c:\program files (x86)\Common Files\XCPCSync.OEM
2012-06-04 09:20 . 2012-06-04 09:20 -------- d-----w- c:\program files\Microsoft Deployment Toolkit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 10:59 . 2012-03-30 11:04 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 10:59 . 2011-07-02 20:53 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-12 07:54 . 2012-05-12 07:54 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-04-24 16:13 . 2011-07-15 23:06 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys
2012-04-19 03:50 . 2012-04-19 03:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-11 15:40 . 2012-04-11 15:40 56832 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2012-04-06 18:15 . 2012-04-06 18:15 38632 ----a-w- c:\windows\system32\drivers\taphss.sys
.
.
((((((((((((((((((((((((((((( [email protected]_16.55.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-07-02 18:02 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-07-01 18:06 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-07-02 21:02 . 2012-07-02 18:02 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-01 18:06 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-02 18:02 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2012-07-02 18:04 79950 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-04-21 10:53 . 2012-07-02 18:04 38542 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-247563849-1891965759-2374117565-1000_UserData.bin
+ 2010-04-03 14:55 . 2012-07-02 17:58 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-03 14:55 . 2012-07-02 12:44 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-07-02 00:22 . 2012-07-02 12:44 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-07-02 00:22 . 2012-07-02 17:58 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-02 12:44 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-02 17:58 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-07-02 18:00 . 2012-07-02 18:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-02 08:32 . 2012-07-02 08:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-02 08:32 . 2012-07-02 08:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-02 18:00 . 2012-07-02 18:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-08-01 09:25 . 2012-07-01 18:06 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-08-01 09:25 . 2012-07-02 18:02 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-11-18 19:56 . 2012-07-02 18:04 150196 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:01 . 2012-07-02 17:58 481240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-02 03:20 481240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-12-09 09:39 . 2012-07-02 03:20 3707816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-12-09 09:39 . 2012-07-02 17:58 3707816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-04-21 19:09 . 2012-07-02 03:20 18479372 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-247563849-1891965759-2374117565-1000-8192.dat
+ 2010-04-21 19:09 . 2012-07-02 17:58 18479372 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-247563849-1891965759-2374117565-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RIMDeviceManager"="c:\program files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" [2012-03-01 2066256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-06-30 1107552]
"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2012-05-09 4464472]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-07-04 160328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-07-01 18:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
"MobileBroadband"=c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
.
R2 0116101295971338mcinstcleanup;McAfee Application Installer Cleanup (0116101295971338); [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-04-30 5106744]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 FcsNapSha;FcsNapSha;c:\windows\system32\FcsNapSha.exe [2010-04-15 54168]
R2 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-06-26 313840]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-06-26 362992]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 29184]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-30 35104]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-13 62800]
R3 cpuz134;cpuz134;c:\users\Colin\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 csr_a2dp;Bluetooth AV Profile;c:\windows\system32\drivers\bthav.sys [2008-07-10 40448]
R3 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [2010-09-17 98304]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [2010-09-17 3735552]
R3 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-02 133104]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-02 133104]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-08-05 139264]
R3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2010-08-11 11776]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-13 94864]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service [x]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-07-27 120104]
R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-07-27 70952]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-07-27 427304]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-07-27 75048]
R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-07-27 91432]
R4 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.57\SymcPCCULaunchSvc.exe [2011-06-06 123320]
S0 82644766;82644766;c:\windows\system32\DRIVERS\82644766.sys [2012-07-01 460888]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2009-11-09 218056]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-05-20 55280]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]
S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [2012-04-24 54728]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2011-05-23 48992]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2010-02-16 191960]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-10-13 75032]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-10-13 283360]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-04-10 542552]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-04-02 329544]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-09 821592]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-13 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-13 149032]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.57\ccSvcHst.exe [2011-06-06 126392]
S2 PfFilter;PfFilter;c:\program files (x86)\IObit\Protected Folder\pffilter.sys [2011-03-16 36792]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-12-25 190496]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\Spyware Doctor\pctsAuxs.exe [2009-10-30 359624]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-13 441328]
S3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2012-04-28 33184]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2009-06-11 11392]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 10:59]
.
2012-07-02 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2011-07-02 16:09]
.
2012-07-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-10-27 19:43]
.
2012-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-02 23:28]
.
2012-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-02 23:28]
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-247563849-1891965759-2374117565-1000Core.job
- c:\users\Colin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-09 04:57]
.
2012-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-247563849-1891965759-2374117565-1000UA.job
- c:\users\Colin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-09 04:57]
.
2012-07-02 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-05-08 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-12 05:01]
.
2012-04-28 c:\windows\Tasks\RegistryBooster.job
- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2010-10-22 12:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupOverlay]
@="{B44A5D93-1351-41A1-BD91-5E92435D8ECD}"
[HKEY_CLASSES_ROOT\CLSID\{B44A5D93-1351-41A1-BD91-5E92435D8ECD}]
2011-02-22 13:17 444240 ----a-w- c:\program files (x86)\Livedrive\LivedriveExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-06-20 18:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-06-20 18:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-06-20 18:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-06-20 18:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveDownloadOverlay]
@="{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}"
[HKEY_CLASSES_ROOT\CLSID\{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}]
2011-02-22 13:17 444240 ----a-w- c:\program files (x86)\Livedrive\LivedriveExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveSharedOverlay]
@="{84CEF1E4-1356-4063-845F-05047F4DD52C}"
[HKEY_CLASSES_ROOT\CLSID\{84CEF1E4-1356-4063-845F-05047F4DD52C}]
2011-02-22 13:17 444240 ----a-w- c:\program files (x86)\Livedrive\LivedriveExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveUploadOverlay]
@="{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}"
[HKEY_CLASSES_ROOT\CLSID\{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}]
2011-02-22 13:17 444240 ----a-w- c:\program files (x86)\Livedrive\LivedriveExtensions.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.co.uk/
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000&st=10
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = local;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Clear Fields - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComClearFields.html
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Identities Editor - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
IE: Logoff - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComLogoff.html
IE: Passcards Editor - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComEditPass.html
IE: Password Generator - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
IE: Reset Fields - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComResetFields.html
IE: RoboForm Options - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComOptions.html
IE: RoboForm TaskBar Icon - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Safenotes Editor - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComEditNote.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Set Fields - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSetFields.html
Trusted Zone: google.com\mail
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{9AD2AAC8-8A36-4590-84E6-260F6CF5030E}: NameServer = 8.8.8.8,8.8.4.4
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files (x86)\ReImageCompanion\tdataprotocol.dll
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files (x86)\ReImageCompanion\tdataprotocol.dll
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files (x86)\ReImageCompanion\tdataprotocol.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-SolutoService
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{C44F9E21-D93F-490C-B41C-B3548BDD19FC} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
ShellIconOverlayIdentifiers-{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} - (no file)
ShellIconOverlayIdentifiers-{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} - (no file)
ShellIconOverlayIdentifiers-{A759AFF6-5851-457D-A540-F4ECED148351} - (no file)
ShellIconOverlayIdentifiers-{1574C9EF-7D58-488F-B358-8B78C1538F51} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.57\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.57\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}"=hex:51,66,7a,6c,4c,1d,38,12,3a,a3,f7,
fd,83,a7,ad,0e,fc,b5,35,e1,ab,2d,25,64
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{724D43A0-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,ce,40,5e,
76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e
"{724D43A9-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,c7,40,5e,
76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8}"=hex:51,66,7a,6c,4c,1d,38,12,35,c7,1d,
59,d6,9c,be,08,da,a4,2a,9d,ea,b6,16,bc
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:18,e8,96,54,ec,ff,cb,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,76,88,10,54,70,66,11,48,be,58,20,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,76,88,10,54,70,66,11,48,be,58,20,\
.
[HKEY_USERS\S-1-5-21-247563849-1891965759-2374117565-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\À`£*s*o*r*t*e*d* *B*o*o*k*m*a*r*k*s*\Buying a pub or restaurant]
"Order"=hex:08,00,00,00,02,00,00,00,aa,00,00,00,01,00,00,00,01,00,00,00,9e,00,
00,00,00,00,00,00,90,00,32,00,5a,01,00,00,c2,3c,28,67,80,00,54,48,49,4e,4b,\
.
[HKEY_USERS\S-1-5-21-247563849-1891965759-2374117565-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4C4BE764-FBF9-E603-E6A7-B053862D0BDC}*]
"iabpdliajfcmijpbeb"=hex:6a,61,6e,66,6d,63,67,6e,6a,6a,67,64,6c,67,6c,62,64,6b,
6b,6d,00,fe
"hadojiipofopiapi"=hex:69,61,62,67,62,65,66,6a,66,64,6d,64,70,64,64,64,63,66,
00,77
"haobokpcpjmcefca"=hex:66,61,6c,66,62,65,67,70,66,68,66,6c,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{3DA165B6-CC41-11d2-BDC6-00C04F79EC6B}\ProgID]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{3DA165B6-CC41-11d2-BDC6-00C04F79EC6B}\Version]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-02 22:32:50
ComboFix-quarantined-files.txt 2012-07-02 21:32
ComboFix2.txt 2012-07-02 17:13
.
Pre-Run: 120,350,662,656 bytes free
Post-Run: 120,264,347,648 bytes free
.
- - End Of File - - EA753B585CBFD360DE707E6FDC8A22D7
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Is Firefox still crashing ?

Download MBAM clean from here

Download a fresh copy of MBAM from here

Uninstall MBAM from Control panel
Run MBAM clean

Reinstall MBAM and run a quick scan

Have you used TDSSKiller recently ?
  • 0

#9
smileysmile

smileysmile

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hello again - I actually uninstalled Firefox yesterday morning before we spoke as I do not use it a great deal anyway.

I ran MBAM clean and rebooted as it instructed but still not able to install a fresh copy - there was and is no program to uninstall from Control Panel and I get the error message attached when trying to download it.

I did run TDSSKiller early yesterday before you helped me as I was getting a bit desperate - sorry if this was the wrong thing to do.

Cheers,

Colin
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets reset the system permissions before we go any further, after this has run could you then retry to install MBAM please. If it fails I will go for a deeper look

Download Windows Repair (all in one) from this site

Install the programme then run

Posted Image

Go to step 3 and allow it to run SFC
Posted Image


On the start repairs tab click start
Posted Image

Select the following items and tick restart system when finished
Posted Image
  • 0

Advertisements


#11
smileysmile

smileysmile

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi - I ran Windows Repair - it took some time!! - but still cannot install MBAM. Still getting the same error message.
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you run a fresh OTL log for me please - selecting all users

Are the redirects still present ?
  • 0

#13
smileysmile

smileysmile

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
The redirect problem seems to be sorted thanks. Here is the OTL log.



OTL logfile created on: 04/07/2012 22:32:26 - Run 3
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Colin\Desktop\Downloads\DOWNLOADS FROM JULY 2011
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 49.30% Memory free
7.17 Gb Paging File | 5.13 Gb Available in Paging File | 71.50% Paging File free
Paging file location(s): c:\pagefile.sys 4408 4408 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.56 Gb Total Space | 111.10 Gb Free Space | 38.50% Space Free | Partition Type: NTFS

Computer Name: COLIN-VAIO | User Name: Colin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Colin\Desktop\Downloads\DOWNLOADS FROM JULY 2011\OTL (2).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\11.2.0\ScriptHelper.exe ()
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
PRC - C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe ()
PRC - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
PRC - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.57\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\11.2.0\ScriptHelper.exe ()
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files (x86)\Hotspot Shield\bin\lang\gui-eng.dll ()
MOD - C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\sqlite.dll ()
MOD - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeXMP.dll ()
MOD - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ccme_base.dll ()
MOD - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\cryptocme2.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (VUAgent) -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
SRV:64bit: - (SNMP) -- C:\Windows\SysNative\snmp.exe (Microsoft Corporation)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (VSNService) -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
SRV:64bit: - (FcsNapSha) -- C:\Windows\SysNative\FcsNapSha.exe (Microsoft Corporation)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (RtkAudioService) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor)
SRV:64bit: - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV:64bit: - (VcmINSMgr) -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
SRV:64bit: - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (TlntSvr) -- C:\Windows\SysNative\tlntsvr.exe (Microsoft Corporation)
SRV:64bit: - (simptcp) -- C:\Windows\SysNative\TCPSVCS.EXE (Microsoft Corporation)
SRV:64bit: - (CISVC) -- C:\Windows\SysNative\CISVC.EXE (Microsoft Corporation)
SRV:64bit: - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)
SRV:64bit: - (lxcf_device) -- C:\Windows\SysNative\lxcfcoms.exe ( )
SRV - (vToolbarUpdater11.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (HssTrayService) -- C:\Program Files (x86)\Hotspot Shield\bin\HSSTrayService.exe ()
SRV - (hshld) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe ()
SRV - (HssWd) -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe ()
SRV - (AdvancedSystemCareService5) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (IMFservice) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (HssSrv) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (PCCUJobMgr) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.57\ccSvcHst.exe (Symantec Corporation)
SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.57\SymcPCCULaunchSvc.exe (Symantec Corporation)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (SNMP) -- C:\Windows\SysWOW64\snmp.exe (Microsoft Corporation)
SRV - (FirebirdGuardianDefaultInstance) -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe (Firebird Project)
SRV - (FirebirdServerDefaultInstance) -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe (Firebird Project)
SRV - (VmbService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe (Vodafone)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (McSysmon) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (sdCoreService) -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (SOHPlMgr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (SOHDBSvr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (simptcp) -- C:\Windows\SysWOW64\TCPSVCS.EXE (Microsoft Corporation)
SRV - (Roxio Upnp Server 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (lxcf_device) -- C:\Windows\SysWOW64\lxcfcoms.exe ( )


========== Driver Services (SafeList) ==========

DRV:64bit: - (82644766) -- C:\Windows\SysNative\drivers\82644766.sys (Kaspersky Lab ZAO)
DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\drivers\SWDUMon.sys ()
DRV:64bit: - (Soluto) -- C:\Windows\SysNative\drivers\Soluto.sys (Soluto LTD.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (HssDrv) -- C:\Windows\SysNative\drivers\HssDrv.sys (AnchorFree Inc.)
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (Avgfwfd) -- C:\Windows\SysNative\drivers\avgfwd6a.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (ZTEusbwwan) -- C:\Windows\SysNative\drivers\ZTEusbwwan.sys (ZTE Incorporated)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys ()
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (ZTEusbvoice) -- C:\Windows\SysNative\drivers\zteusbvoice.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (MBB Incorporated)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (vodafone_K380x-z_dc_enum) -- C:\Windows\SysNative\drivers\vodafone_K380x-z_dc_enum.sys (Vodafone)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Btcsrusb) -- C:\Windows\SysNative\drivers\btcusb.sys (IVT Corporation.)
DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys (McAfee, Inc.)
DRV:64bit: - (CbFs) -- C:\Windows\SysNative\drivers\cbfs.sys (EldoS Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (PCTCore) -- C:\Windows\SysNative\drivers\PCTCore64.sys (PC Tools)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (BthAvrcp) -- C:\Windows\SysNative\drivers\BthAvrcp.sys (CSR, plc)
DRV:64bit: - (IntcHdmiAddService) Intel® -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel® Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (risdptsk) -- C:\Windows\SysNative\drivers\risdsn64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimssn64.sys (REDC)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (Dot4Scan) -- C:\Windows\SysNative\drivers\Dot4Scan.sys (Microsoft Corporation)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (netw5v64) Intel® -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (MPFP) -- C:\Windows\SysNative\drivers\Mpfp.sys (McAfee, Inc.)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (csr_a2dp) -- C:\Windows\SysNative\drivers\bthav.sys (CSR, plc)
DRV:64bit: - (emAudio) -- C:\Windows\SysNative\drivers\emAudio64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (DCamUSBEMPIA) -- C:\Windows\SysNative\drivers\emDevice64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (FiltUSBEMPIA) -- C:\Windows\SysNative\drivers\emFilter64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (ScanUSBEMPIA) -- C:\Windows\SysNative\drivers\emScan64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (MarvinBus) -- C:\Windows\SysNative\drivers\MarvinBus64.sys (Pinnacle Systems GmbH)
DRV - (UrlFilter) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys (IObit.com)
DRV - (RegFilter) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys (IObit.com)
DRV - (FileMonitor) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys (IObit)
DRV - (PfFilter) -- C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys (IObit Information Technology)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsof...obby/search.asp
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....p://www.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-re...q={searchTerms}
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsof...obby/search.asp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim....3.1010000&st=10
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{099EF85B-3260-4b87-9239-33355EE6A548}: "URL" = http://results.myway...r={searchTerms}
IE - HKLM\..\SearchScopes\{09BF01E0-CFE9-4104-B0BB-B5724D999A05}: "URL" = http://slirsredirect...hromesbox-en-uk
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Colin\Favorites\Downloads\FOOTBALL BETTING SOFTWARE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://bing.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{2282A0CE-B42D-4BE2-97DF-98322F665385}: "URL" = http://visualsearch....q={searchTerms}
IE - HKCU\..\SearchScopes\{4C8B3851-05E2-4660-B181-72840E5785F3}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{6BC079BB-5474-4CD2-A048-905E648B6E21}: "URL" = http://uk.search.yah...p={searchTerms}
IE - HKCU\..\SearchScopes\{6F8D3DBD-C0AB-4ACE-9E22-6A4CA4EF8E67}: "URL" = http://www.google.co...rchTerms}&meta=
IE - HKCU\..\SearchScopes\{861E8928-6140-4CB5-8DF7-7E7E9FD7EA98}: "URL" = http://websearch.ask...apn_dtid=OSJ000
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-06-30 20:58:29&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...540501721747738
IE - HKCU\..\SearchScopes\{E36AC8FA-77B0-4E67-9AB8-B1F9E88AAF31}: "URL" = http://services.zini...}&rf=sonyslices
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.7.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Colin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Colin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2011/02/12 13:37:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2010/05/01 01:57:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/05 22:00:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2011/12/28 00:25:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/07/03 10:09:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/03 10:09:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/06/30 20:58:42 | 000,000,000 | ---D | M]

[2012/07/02 21:04:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Colin\AppData\Roaming\mozilla\Extensions
[2011/05/22 22:15:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Colin\AppData\Roaming\mozilla\Extensions\[email protected]
[2012/07/02 21:04:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\t98nhymg.default\extensions
[2012/07/02 21:04:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\t98nhymg.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2012/07/02 21:05:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/02 21:12:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/07/02 21:12:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2011/05/22 23:27:24 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Colin\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Colin\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Colin\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Colin\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: The Guardian = C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\amckaikgfcndaokapfcedicfmagoghlg\1.7.2_0\
CHR - Extension: Wunderlist = C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjliknjliaohjgjajlgolhijphojjdkc\1.0.2_0\
CHR - Extension: AVG Safe Search = C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\
CHR - Extension: RoboForm Lite = C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kidhjpmgjfbkmcfpfakmdddddgfbhahj\3.2.0_0\
CHR - Extension: AVG Do Not Track = C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\

O1 HOSTS File: ([2012/07/03 00:05:27 | 000,000,238 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.2 http://rolotorodofok...p?avted=1&n=265
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110125133743.dll (McAfee, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (BrowserHelper Class) - {EDF48A39-1442-463F-9F4E-F376A78D034A} - C:\Program Files (x86)\Livedrive\LivedriveExplorerExtensions.dll (Livedrive Internet Ltd)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110125133743.dll (McAfee, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [RIMDeviceManager] C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe (Research In Motion Limited)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Clear Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComClearFields.html ()
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Identities Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html ()
O8:64bit: - Extra context menu item: Logoff - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComLogoff.html ()
O8:64bit: - Extra context menu item: Passcards Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditPass.html ()
O8:64bit: - Extra context menu item: Password Generator - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html ()
O8:64bit: - Extra context menu item: Reset Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComResetFields.html ()
O8:64bit: - Extra context menu item: RoboForm Options - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComOptions.html ()
O8:64bit: - Extra context menu item: RoboForm TaskBar Icon - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Safenotes Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditNote.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Set Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSetFields.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Clear Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComClearFields.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Identities Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html ()
O8 - Extra context menu item: Logoff - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComLogoff.html ()
O8 - Extra context menu item: Passcards Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditPass.html ()
O8 - Extra context menu item: Password Generator - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html ()
O8 - Extra context menu item: Reset Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComResetFields.html ()
O8 - Extra context menu item: RoboForm Options - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComOptions.html ()
O8 - Extra context menu item: RoboForm TaskBar Icon - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Safenotes Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditNote.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Set Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSetFields.html ()
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: google.com ([mail] https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Value error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...40320.363287037 (Update Class)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.bl...re/AxLoader.cab (RIM AxLoader)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valu...ashax/iefax.cab (Flash Casino Helper Control)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../PCPitStop2.cab (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AD2AAC8-8A36-4590-84E6-260F6CF5030E}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E71868B7-EED6-40BE-9356-C83791F0C615}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\base64 - No CLSID value found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\chrome - No CLSID value found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\prox - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\base64 - No CLSID value found
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\chrome - No CLSID value found
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\prox - No CLSID value found
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/04 16:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/07/04 15:55:00 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/07/03 23:09:10 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\subinacl.exe
[2012/07/03 23:07:09 | 000,000,000 | ---D | C] -- C:\Reg_Backup
[2012/07/03 23:07:07 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/07/03 22:21:43 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2012/07/03 22:21:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2012/07/03 22:21:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2012/07/03 10:11:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/07/03 10:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/07/02 23:38:27 | 056,731,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012/07/02 22:42:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/02 22:32:54 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/02 18:52:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/02 18:19:44 | 000,000,000 | ---D | C] -- C:\Users\Colin\Desktop\RK_Quarantine
[2012/07/02 17:55:28 | 000,000,000 | ---D | C] -- C:\Users\Colin\Desktop\GOOGLE APPS
[2012/07/02 17:14:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/02 17:14:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/02 17:14:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/02 17:13:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/02 17:12:49 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/02 01:21:58 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/07/01 22:20:01 | 000,000,000 | ---D | C] -- C:\Users\Colin\Desktop\Fix Malware
[2012/07/01 20:06:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/07/01 20:04:24 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\82644766.sys
[2012/07/01 12:28:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2012/07/01 12:05:45 | 019,551,736 | ---- | C] (IObit ) -- C:\Users\Colin\Desktop\imf-setup.exe
[2012/06/30 21:00:09 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Roaming\AVG2012
[2012/06/30 20:59:21 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Local\AVG Secure Search
[2012/06/30 20:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/06/30 20:58:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/06/30 20:58:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/06/30 20:57:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Files
[2012/06/30 20:56:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012/06/30 20:53:36 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/06/30 20:53:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2012/06/30 20:13:06 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Local\Macromedia
[2012/06/30 20:12:20 | 000,000,000 | ---D | C] -- C:\ProgramData\hssff
[2012/06/30 20:12:04 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Local\Zoom_Downloader
[2012/06/30 20:09:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2012/06/30 19:47:42 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/06/30 19:44:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/06/30 19:39:16 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/06/28 14:06:04 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/06/28 14:06:04 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/06/28 01:40:51 | 000,000,000 | --SD | C] -- C:\Users\Colin\Google Drive
[2012/06/28 01:32:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2012/06/25 17:06:59 | 000,000,000 | ---D | C] -- C:\Users\Colin\Documents\New folder (8)
[2012/06/25 16:48:53 | 000,000,000 | ---D | C] -- C:\Users\Colin\Documents\Usenet.nl
[2012/06/23 11:13:00 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/23 11:13:00 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/23 11:13:00 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/23 11:12:31 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/23 11:12:31 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/23 11:12:30 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/23 11:11:54 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/23 11:11:54 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/13 19:02:38 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/13 19:02:38 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/13 19:02:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/13 19:02:36 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/13 19:02:34 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/13 19:02:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/13 19:02:33 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/13 19:02:33 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/13 19:02:30 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/13 19:02:30 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/13 19:02:29 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/13 19:02:28 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/13 19:02:28 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/13 17:40:46 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/13 17:40:46 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/13 17:40:45 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/13 17:40:34 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/13 17:40:31 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/13 17:40:30 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/13 17:12:48 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/13 17:11:51 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/13 17:11:49 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/06/06 23:41:36 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BlackBerry
[2012/06/06 21:39:41 | 000,000,000 | ---D | C] -- C:\MATS
[2012/06/06 11:13:44 | 000,000,000 | ---D | C] -- C:\8b96cd66e904b54a5771d097
[2012/06/06 02:13:55 | 000,000,000 | ---D | C] -- C:\BLUETOOTH JUNE 2012
[2012/06/06 02:13:50 | 000,000,000 | ---D | C] -- C:\New folder (2)
[2012/06/06 02:12:55 | 000,000,000 | ---D | C] -- C:\Users\Colin\Documents\Blueooth drivers etc June 2012
[2012/06/06 00:14:10 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Local\SlimWare Utilities Inc
[2012/06/06 00:13:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2012/06/05 23:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Drivers For Free
[2012/06/05 23:14:19 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Local\Drivers_For_Free
[2012/06/05 23:13:58 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Roaming\Drivers For Free
[2012/06/05 20:29:09 | 000,000,000 | ---D | C] -- C:\VAIO
[2012/06/05 20:23:02 | 000,000,000 | ---D | C] -- C:\New folder

========== Files - Modified Within 30 Days ==========

[2012/07/04 22:59:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/04 22:27:07 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-247563849-1891965759-2374117565-1000UA.job
[2012/07/04 22:26:09 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/04 18:00:00 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2012/07/04 17:51:48 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2012/07/04 16:39:48 | 000,873,490 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/04 16:39:48 | 000,732,570 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/04 16:39:48 | 000,149,348 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/04 16:39:31 | 000,010,096 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/04 16:39:31 | 000,010,096 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/04 16:32:58 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012/07/04 16:32:09 | 000,546,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/04 16:31:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/04 16:31:22 | 2311,335,936 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/04 16:27:26 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/07/04 16:27:25 | 000,000,042 | ---- | M] () -- C:\repairs_running.dat
[2012/07/04 16:27:11 | 000,047,155 | ---- | M] () -- C:\Users\Colin\Desktop\insight competencies.JPG
[2012/07/04 12:07:57 | 101,084,984 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/07/04 12:01:39 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-247563849-1891965759-2374117565-1000Core.job
[2012/07/04 12:01:17 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/07/03 22:21:33 | 000,002,247 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/07/03 17:02:49 | 000,024,341 | ---- | M] () -- C:\Users\Colin\Desktop\Error Message re Malwarebytes.JPG
[2012/07/03 00:09:23 | 000,001,050 | ---- | M] () -- C:\Users\Colin\Desktop\Hosts - Shortcut.lnk
[2012/07/03 00:05:27 | 000,000,238 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/07/02 19:05:15 | 000,001,030 | ---- | M] () -- C:\Users\Colin\Desktop\07022012_185209 - Shortcut.lnk
[2012/07/02 18:56:30 | 000,191,013 | ---- | M] () -- C:\Users\Colin\Desktop\700955.htm
[2012/07/02 18:55:58 | 000,024,533 | ---- | M] () -- C:\Users\Colin\Desktop\search.htm
[2012/07/02 17:12:40 | 000,002,065 | ---- | M] () -- C:\Users\Colin\Desktop\Continue SweetIM Installation.lnk
[2012/07/01 20:47:31 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\82644766.sys
[2012/07/01 18:52:07 | 000,022,740 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/07/01 12:28:07 | 000,001,133 | ---- | M] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2012/07/01 12:16:49 | 000,001,099 | ---- | M] () -- C:\Users\Colin\Desktop\IObit - Shortcut.lnk
[2012/07/01 12:05:48 | 019,551,736 | ---- | M] (IObit ) -- C:\Users\Colin\Desktop\imf-setup.exe
[2012/06/30 20:56:44 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/06/30 20:56:44 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/06/30 20:10:13 | 000,000,250 | ---- | M] () -- C:\user.js
[2012/06/29 16:44:51 | 000,000,133 | ---- | M] () -- C:\Users\Colin\Desktop\Today's Racecards Sporting Life - Horse Racing News Live Racing Results, Racecards, Live Betting Shows.url
[2012/06/28 14:06:04 | 000,514,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/06/28 14:06:04 | 000,366,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/06/28 03:09:37 | 000,075,387 | ---- | M] () -- C:\Users\Colin\Desktop\Usenet cancellation 2.JPG
[2012/06/28 01:40:52 | 000,001,707 | ---- | M] () -- C:\Users\Colin\Desktop\Google Drive.lnk
[2012/06/25 14:03:21 | 000,000,202 | ---- | M] () -- C:\Users\Colin\Desktop\EMPLOYEE SURVEY.url
[2012/06/24 15:45:59 | 000,000,236 | ---- | M] () -- C:\Users\Colin\Desktop\Special Audiobook Download Offer Downloadable Audio Books, iPhone, Android and Digital Audio Books Audible Audiobooks Audible.co.uk.url
[2012/06/23 11:59:46 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/23 11:59:46 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/11 15:21:11 | 000,001,118 | ---- | M] () -- C:\Users\Colin\Desktop\Ladbrokes - Shortcut.lnk
[2012/06/10 22:19:34 | 000,007,168 | ---- | M] () -- C:\Users\Colin\Desktop\photothumb.db
[2012/06/06 23:58:56 | 000,068,527 | ---- | M] () -- C:\Users\Colin\Desktop\BlackBerry Desktop Software readme.rtf
[2012/06/06 23:24:05 | 000,002,865 | ---- | M] () -- C:\Users\Colin\Desktop\BlackBerry - Shortcut (2).lnk
[2012/06/06 22:22:17 | 000,000,286 | ---- | M] () -- C:\Windows\reimage.ini
[2012/06/06 18:18:44 | 000,000,355 | ---- | M] () -- C:\Users\Colin\Computer - Shortcut.lnk
[2012/06/06 10:18:29 | 000,000,123 | ---- | M] () -- C:\Users\Colin\Desktop\Microsoft Fix it.url
[2012/06/06 04:58:11 | 000,015,672 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2012/06/06 00:20:24 | 000,000,162 | ---- | M] () -- C:\Users\Colin\Desktop\~$IO DRIVERS FOR DISK READER ETC.rtf
[2012/06/05 15:32:33 | 000,007,621 | ---- | M] () -- C:\Users\Colin\AppData\Local\resmon.resmoncfg

========== Files Created - No Company Name ==========

[2012/07/04 16:27:25 | 000,000,042 | ---- | C] () -- C:\repairs_running.dat
[2012/07/04 16:27:10 | 000,047,155 | ---- | C] () -- C:\Users\Colin\Desktop\insight competencies.JPG
[2012/07/04 12:24:16 | 000,303,616 | ---- | C] ( ) -- C:\SetACL.exe
[2012/07/04 12:07:57 | 101,084,984 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/07/03 22:21:33 | 000,002,247 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/07/03 17:02:48 | 000,024,341 | ---- | C] () -- C:\Users\Colin\Desktop\Error Message re Malwarebytes.JPG
[2012/07/03 00:09:23 | 000,001,050 | ---- | C] () -- C:\Users\Colin\Desktop\Hosts - Shortcut.lnk
[2012/07/02 19:05:15 | 000,001,030 | ---- | C] () -- C:\Users\Colin\Desktop\07022012_185209 - Shortcut.lnk
[2012/07/02 18:56:37 | 000,191,013 | ---- | C] () -- C:\Users\Colin\Desktop\700955.htm
[2012/07/02 18:56:23 | 000,024,533 | ---- | C] () -- C:\Users\Colin\Desktop\search.htm
[2012/07/02 17:14:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/02 17:14:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/02 17:14:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/02 17:14:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/02 17:14:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/02 17:02:03 | 000,002,065 | ---- | C] () -- C:\Users\Colin\Desktop\Continue SweetIM Installation.lnk
[2012/07/01 18:52:05 | 000,022,740 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/07/01 12:28:07 | 000,001,133 | ---- | C] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2012/07/01 12:16:49 | 000,001,099 | ---- | C] () -- C:\Users\Colin\Desktop\IObit - Shortcut.lnk
[2012/06/30 20:56:44 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/06/30 20:56:44 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/06/30 20:10:11 | 000,000,250 | ---- | C] () -- C:\user.js
[2012/06/29 16:44:51 | 000,000,133 | ---- | C] () -- C:\Users\Colin\Desktop\Today's Racecards Sporting Life - Horse Racing News Live Racing Results, Racecards, Live Betting Shows.url
[2012/06/28 03:09:37 | 000,075,387 | ---- | C] () -- C:\Users\Colin\Desktop\Usenet cancellation 2.JPG
[2012/06/28 01:40:52 | 000,001,707 | ---- | C] () -- C:\Users\Colin\Desktop\Google Drive.lnk
[2012/06/25 14:01:48 | 000,000,202 | ---- | C] () -- C:\Users\Colin\Desktop\EMPLOYEE SURVEY.url
[2012/06/24 15:45:59 | 000,000,236 | ---- | C] () -- C:\Users\Colin\Desktop\Special Audiobook Download Offer Downloadable Audio Books, iPhone, Android and Digital Audio Books Audible Audiobooks Audible.co.uk.url
[2012/06/10 14:55:06 | 000,007,168 | ---- | C] () -- C:\Users\Colin\Desktop\photothumb.db
[2012/06/10 14:54:06 | 000,000,098 | -HS- | C] () -- C:\Windows\WSYS049.SYS
[2012/06/06 23:58:55 | 000,068,527 | ---- | C] () -- C:\Users\Colin\Desktop\BlackBerry Desktop Software readme.rtf
[2012/06/06 23:24:05 | 000,002,865 | ---- | C] () -- C:\Users\Colin\Desktop\BlackBerry - Shortcut (2).lnk
[2012/06/06 18:18:44 | 000,000,355 | ---- | C] () -- C:\Users\Colin\Computer - Shortcut.lnk
[2012/06/06 10:18:29 | 000,000,123 | ---- | C] () -- C:\Users\Colin\Desktop\Microsoft Fix it.url
[2012/06/06 00:20:24 | 000,000,162 | ---- | C] () -- C:\Users\Colin\Desktop\~$IO DRIVERS FOR DISK READER ETC.rtf
[2012/06/06 00:14:13 | 000,015,672 | ---- | C] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2011/12/23 00:33:05 | 000,002,496 | ---- | C] () -- C:\Windows\SysWow64\AVRedirector.ini
[2011/12/23 00:33:05 | 000,001,248 | ---- | C] () -- C:\Windows\SysWow64\AVRedirectorOff.ini
[2011/12/12 11:25:40 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/12/07 00:55:54 | 000,159,249 | ---- | C] () -- C:\Windows\Bet wizard Uninstaller.exe
[2011/11/20 23:13:38 | 000,000,189 | ---- | C] () -- C:\Users\Colin\Guitar Tuner @ Chordbook.Com.url
[2011/09/26 22:12:31 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011/08/28 02:17:02 | 000,012,288 | ---- | C] () -- C:\Users\Colin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/03 01:45:38 | 000,704,000 | ---- | C] () -- C:\Windows\is-NAUMG.exe
[2011/07/02 22:31:16 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/07/02 22:31:16 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/07/02 21:55:27 | 000,017,408 | ---- | C] () -- C:\Users\Colin\AppData\Local\WebpageIcons.db
[2011/07/02 01:41:11 | 000,208,178 | ---- | C] () -- C:\Windows\Photo Pos Pro Uninstaller.exe
[2011/06/05 19:41:31 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011/02/27 00:50:51 | 001,503,232 | ---- | C] () -- C:\Windows\SysWow64\ptj.exe
[2011/02/27 00:50:50 | 004,369,408 | ---- | C] () -- C:\Windows\SysWow64\pdftk.exe
[2011/02/27 00:50:50 | 000,235,008 | ---- | C] () -- C:\Windows\SysWow64\office.exe
[2011/01/20 21:40:03 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2011/01/11 21:31:07 | 000,356,197 | ---- | C] () -- C:\Users\Colin\mural-tile.jpg
[2010/12/08 15:42:32 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfinpa.dll
[2010/12/08 15:42:32 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfiesc.dll
[2010/12/08 15:42:32 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcfcomx.dll
[2010/12/08 15:42:32 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\lxcfinst.dll
[2010/12/08 15:42:31 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfpmui.dll
[2010/12/08 15:42:30 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfusb1.dll
[2010/12/08 15:42:29 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfserv.dll
[2010/12/08 15:42:29 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfppls.exe
[2010/12/08 15:42:29 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfprox.dll
[2010/12/08 15:42:29 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfpplc.dll
[2010/12/08 15:42:28 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfhbn3.dll
[2010/12/08 15:42:28 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcflmpm.dll
[2010/12/08 15:42:28 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfcoms.exe
[2010/12/08 15:42:28 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfih.exe
[2010/12/08 15:42:27 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfcomc.dll
[2010/12/08 15:42:27 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfcomm.dll
[2010/12/08 15:42:26 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfcfg.exe
[2010/10/23 04:39:14 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2010/10/19 07:17:01 | 000,000,000 | ---- | C] () -- C:\Users\Colin\AppData\Roaming\wklnhst.dat
[2010/09/24 13:20:39 | 000,127,494 | ---- | C] () -- C:\Users\Colin\cc dots.bmp
[2010/09/24 13:02:37 | 000,018,432 | ---- | C] () -- C:\Users\Colin\photothumb.db
[2010/09/24 09:46:36 | 000,015,064 | ---- | C] () -- C:\Users\Colin\ear.jpg
[2010/08/11 11:43:50 | 000,159,464 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2010/07/26 14:03:32 | 000,004,096 | ---- | C] () -- C:\Users\Colin\AppData\Local\keyfile3.drm
[2010/07/18 21:14:55 | 000,000,632 | ---- | C] () -- C:\Users\Colin\ntuser.pol
[2010/07/14 08:24:28 | 000,038,491 | ---- | C] () -- C:\Users\Colin\AppData\Roaming\Comma Separated Values (DOS).ADR
[2010/07/05 13:43:50 | 000,059,074 | ---- | C] () -- C:\Users\Colin\start.class
[2010/07/05 13:43:50 | 000,020,415 | ---- | C] () -- C:\Users\Colin\W800.1bt
[2010/07/05 13:43:50 | 000,009,656 | ---- | C] () -- C:\Users\Colin\g.class
[2010/07/05 13:43:50 | 000,008,916 | ---- | C] () -- C:\Users\Colin\f.class
[2010/07/05 13:43:50 | 000,004,494 | ---- | C] () -- C:\Users\Colin\q.class
[2010/07/05 13:43:50 | 000,003,984 | ---- | C] () -- C:\Users\Colin\b.class
[2010/07/05 13:43:50 | 000,003,374 | ---- | C] () -- C:\Users\Colin\d.class
[2010/07/05 13:43:50 | 000,002,872 | ---- | C] () -- C:\Users\Colin\l.class
[2010/07/05 13:43:50 | 000,002,634 | ---- | C] () -- C:\Users\Colin\k.class
[2010/07/05 13:43:50 | 000,002,521 | ---- | C] () -- C:\Users\Colin\c.class
[2010/07/05 13:43:50 | 000,002,206 | ---- | C] () -- C:\Users\Colin\j.class
[2010/07/05 13:43:50 | 000,002,118 | ---- | C] () -- C:\Users\Colin\i.class
[2010/07/05 13:43:50 | 000,001,950 | ---- | C] () -- C:\Users\Colin\v.class
[2010/07/05 13:43:50 | 000,001,495 | ---- | C] () -- C:\Users\Colin\h.class
[2010/07/05 13:43:50 | 000,001,461 | ---- | C] () -- C:\Users\Colin\u.class
[2010/07/05 13:43:50 | 000,001,445 | ---- | C] () -- C:\Users\Colin\s.class
[2010/07/05 13:43:50 | 000,001,002 | ---- | C] () -- C:\Users\Colin\c
[2010/07/05 13:43:50 | 000,000,959 | ---- | C] () -- C:\Users\Colin\a
[2010/07/05 13:43:50 | 000,000,949 | ---- | C] () -- C:\Users\Colin\r.class
[2010/07/05 13:43:50 | 000,000,884 | ---- | C] () -- C:\Users\Colin\e.class
[2010/07/05 13:43:50 | 000,000,863 | ---- | C] () -- C:\Users\Colin\b
[2010/07/05 13:43:50 | 000,000,839 | ---- | C] () -- C:\Users\Colin\p.class
[2010/07/05 13:43:50 | 000,000,771 | ---- | C] () -- C:\Users\Colin\m.class
[2010/07/05 13:43:50 | 000,000,682 | ---- | C] () -- C:\Users\Colin\n.class
[2010/07/05 13:43:50 | 000,000,113 | ---- | C] () -- C:\Users\Colin\LED
[2010/07/05 13:43:50 | 000,000,095 | ---- | C] () -- C:\Users\Colin\o.class
[2010/07/05 13:43:50 | 000,000,091 | ---- | C] () -- C:\Users\Colin\t.class
[2010/07/05 13:43:50 | 000,000,091 | ---- | C] () -- C:\Users\Colin\a.class
[2010/06/26 09:30:26 | 010,294,792 | ---- | C] () -- C:\Users\Colin\mirror world cup wallchartA3.pdf
[2010/05/29 08:29:40 | 000,113,306 | ---- | C] () -- C:\Users\Colin\Mobile_Phone_Software_Pack_2010_Edition.zip
[2010/05/28 07:36:40 | 000,000,167 | ---- | C] () -- C:\Users\Colin\udownload.dat
[2010/05/22 13:45:57 | 000,005,007 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2010/05/19 06:15:46 | 000,000,359 | ---- | C] () -- C:\Users\Colin\Recycle Bin - Shortcut.lnk
[2010/05/16 12:58:30 | 000,007,621 | ---- | C] () -- C:\Users\Colin\AppData\Local\resmon.resmoncfg
[2010/05/09 01:32:55 | 000,037,704 | ---- | C] () -- C:\Users\Colin\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/05/05 18:08:35 | 000,000,005 | ---- | C] () -- C:\Users\Colin\AppData\Roaming\openList.awt
[2010/05/05 18:08:35 | 000,000,005 | ---- | C] () -- C:\Users\Colin\AppData\Roaming\closedList.awt
[2010/04/08 05:36:40 | 000,893,952 | ---- | C] () -- C:\Users\Colin\opticalillusions01-1-1.pps
[2010/04/06 19:54:15 | 000,152,031 | ---- | C] () -- C:\Users\Colin\Southern Shih Tzu Application form-pdf.pdf
[2010/03/11 17:43:13 | 000,000,009 | ---- | C] () -- C:\Users\Colin\usb003
[2010/03/08 23:07:12 | 000,000,600 | ---- | C] () -- C:\Users\Colin\PUTTY.RND
[2010/02/05 09:35:45 | 001,492,261 | ---- | C] () -- C:\Users\Colin\PJ033236-Pubsclubscombinedpresentation_Final_V1aqua.pdf
[2009/12/10 20:13:48 | 000,000,010 | ---- | C] () -- C:\Users\Colin\USB001
[2009/12/09 05:33:55 | 000,222,942 | ---- | C] () -- C:\Users\Colin\Full page fax print.pdf
[2009/11/02 05:39:39 | 000,255,358 | ---- | C] () -- C:\Users\Colin\13 x 18 cm. cutout prints.pdf
[2009/05/10 17:23:44 | 000,619,939 | ---- | C] () -- C:\Users\Colin\19 Longford Road.pdf
[2008/12/12 17:15:15 | 000,525,668 | ---- | C] () -- C:\Users\Colin\mhtml_mid___00000013_.pdf
[2008/12/12 17:06:20 | 000,019,844 | ---- | C] () -- C:\Users\Colin\Document1.pdf
[2006/01/04 01:00:00 | 000,094,533 | ---- | C] () -- C:\Users\Colin\btscanner.jar

========== LOP Check ==========

[2012/06/05 16:43:50 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Amazon
[2012/06/30 21:00:09 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\AVG2012
[2011/12/23 00:29:34 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\AVSoftware
[2010/10/31 00:46:33 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\BitZipper
[2010/05/22 13:45:58 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Carambis
[2010/05/22 04:01:59 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\DeviceDoctorSoftware
[2010/05/22 06:00:18 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\DriverCure
[2010/05/22 08:37:47 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\DriverFinder
[2012/06/05 23:13:58 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Drivers For Free
[2011/08/29 01:26:08 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\eBookPro6
[2011/02/22 01:30:39 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\FCTB000061107
[2011/07/02 21:32:28 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\FDRLab
[2011/11/29 03:48:10 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\gcaltoolkit
[2010/10/07 00:30:56 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\GetRightToGo
[2011/07/06 01:49:00 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\GlarySoft
[2012/07/04 21:16:58 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\GoodSync
[2011/12/10 20:53:48 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\IObit
[2010/05/05 01:01:22 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\LegalSounds
[2011/06/05 20:10:06 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\MAGIX
[2011/12/28 00:27:50 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Nokia
[2011/12/01 06:59:44 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Paltalk
[2011/01/24 14:42:42 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\ParetoLogic
[2010/10/14 07:12:36 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Participatory Culture Foundation
[2011/12/28 00:27:09 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\PC Suite
[2010/10/19 05:37:00 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\PCF-VLC
[2011/01/02 03:30:30 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\PhotoScape
[2011/12/09 23:06:55 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Research In Motion
[2011/07/06 01:46:41 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Sammsoft
[2010/07/17 01:05:59 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Serif
[2010/10/21 23:10:44 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\SmartDraw
[2012/07/01 12:42:12 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Software Informer
[2012/06/21 19:51:19 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Spotify
[2011/06/05 20:14:22 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\SynthMaker
[2010/07/05 12:03:20 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\TeamViewer
[2010/10/19 07:17:01 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Template
[2011/06/24 08:05:28 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Tific
[2011/05/22 22:15:11 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\TomTom
[2010/05/05 03:29:01 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Trusteer
[2010/05/31 14:33:34 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\TuneUp Software
[2010/06/05 04:01:17 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Uniblue
[2011/04/06 21:17:39 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Vodafone
[2010/12/30 02:45:09 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Windows Live Writer
[2012/07/04 16:32:58 | 000,000,324 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2012/07/04 18:00:00 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
[2012/05/08 08:31:34 | 000,000,494 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
[2012/04/28 15:13:52 | 000,000,276 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
[2012/05/16 07:47:35 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:DBC416F8
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:05E9FFE5
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:A3E39C6A

< End of report >
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm your host file has just been hijacked - so I will fix that

What is your main Antivirus as I can see McAfee, Norton and AVG and in addition you have Iobit malware fighter



Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :Files
    ipconfig /release /c
    ipconfig /renew /c

    :Commands
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#15
smileysmile

smileysmile

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
AVG is my main anti-virus.

Quick scan log below:


OTL logfile created on: 06/07/2012 21:21:32 - Run 4
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Colin\Desktop\Downloads\DOWNLOADS FROM JULY 2011
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 37.50% Memory free
7.17 Gb Paging File | 5.02 Gb Available in Paging File | 69.98% Paging File free
Paging file location(s): c:\pagefile.sys 4408 4408 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.56 Gb Total Space | 109.01 Gb Free Space | 37.78% Space Free | Partition Type: NTFS

Computer Name: COLIN-VAIO | User Name: Colin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Colin\Desktop\Downloads\DOWNLOADS FROM JULY 2011\OTL (2).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
PRC - C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe ()
PRC - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
PRC - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.57\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll ()
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Users\Colin\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Colin\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll ()
MOD - C:\Users\Colin\AppData\Local\Google\Chrome\Application\20.0.1132.47\libglesv2.dll ()
MOD - C:\Users\Colin\AppData\Local\Google\Chrome\Application\20.0.1132.47\libegl.dll ()
MOD - C:\Users\Colin\AppData\Local\Google\Chrome\Application\20.0.1132.47\avutil-51.dll ()
MOD - C:\Users\Colin\AppData\Local\Google\Chrome\Application\20.0.1132.47\avformat-54.dll ()
MOD - C:\Users\Colin\AppData\Local\Google\Chrome\Application\20.0.1132.47\avcodec-54.dll ()
MOD - C:\Program Files (x86)\Hotspot Shield\bin\lang\gui-eng.dll ()
MOD - C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (VUAgent) -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
SRV:64bit: - (SNMP) -- C:\Windows\SysNative\snmp.exe (Microsoft Corporation)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (VSNService) -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
SRV:64bit: - (FcsNapSha) -- C:\Windows\SysNative\FcsNapSha.exe (Microsoft Corporation)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (RtkAudioService) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor)
SRV:64bit: - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV:64bit: - (VcmINSMgr) -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
SRV:64bit: - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (TlntSvr) -- C:\Windows\SysNative\tlntsvr.exe (Microsoft Corporation)
SRV:64bit: - (simptcp) -- C:\Windows\SysNative\TCPSVCS.EXE (Microsoft Corporation)
SRV:64bit: - (CISVC) -- C:\Windows\SysNative\CISVC.EXE (Microsoft Corporation)
SRV:64bit: - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)
SRV:64bit: - (lxcf_device) -- C:\Windows\SysNative\lxcfcoms.exe ( )
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (vToolbarUpdater11.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (HssTrayService) -- C:\Program Files (x86)\Hotspot Shield\bin\HSSTrayService.exe ()
SRV - (hshld) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe ()
SRV - (HssWd) -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe ()
SRV - (AdvancedSystemCareService5) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (IMFservice) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (HssSrv) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (PCCUJobMgr) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.57\ccSvcHst.exe (Symantec Corporation)
SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.57\SymcPCCULaunchSvc.exe (Symantec Corporation)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (SNMP) -- C:\Windows\SysWOW64\snmp.exe (Microsoft Corporation)
SRV - (FirebirdGuardianDefaultInstance) -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe (Firebird Project)
SRV - (FirebirdServerDefaultInstance) -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe (Firebird Project)
SRV - (VmbService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe (Vodafone)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (McSysmon) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (sdCoreService) -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (SOHPlMgr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (SOHDBSvr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (simptcp) -- C:\Windows\SysWOW64\TCPSVCS.EXE (Microsoft Corporation)
SRV - (Roxio Upnp Server 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (lxcf_device) -- C:\Windows\SysWOW64\lxcfcoms.exe ( )


========== Driver Services (SafeList) ==========

DRV:64bit: - (82644766) -- C:\Windows\SysNative\drivers\82644766.sys (Kaspersky Lab ZAO)
DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\drivers\SWDUMon.sys ()
DRV:64bit: - (Soluto) -- C:\Windows\SysNative\drivers\Soluto.sys (Soluto LTD.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (HssDrv) -- C:\Windows\SysNative\drivers\HssDrv.sys (AnchorFree Inc.)
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (Avgfwfd) -- C:\Windows\SysNative\drivers\avgfwd6a.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (ZTEusbwwan) -- C:\Windows\SysNative\drivers\ZTEusbwwan.sys (ZTE Incorporated)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys ()
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (ZTEusbvoice) -- C:\Windows\SysNative\drivers\zteusbvoice.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (MBB Incorporated)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (vodafone_K380x-z_dc_enum) -- C:\Windows\SysNative\drivers\vodafone_K380x-z_dc_enum.sys (Vodafone)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Btcsrusb) -- C:\Windows\SysNative\drivers\btcusb.sys (IVT Corporation.)
DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys (McAfee, Inc.)
DRV:64bit: - (CbFs) -- C:\Windows\SysNative\drivers\cbfs.sys (EldoS Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (PCTCore) -- C:\Windows\SysNative\drivers\PCTCore64.sys (PC Tools)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (BthAvrcp) -- C:\Windows\SysNative\drivers\BthAvrcp.sys (CSR, plc)
DRV:64bit: - (IntcHdmiAddService) Intel® -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel® Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (risdptsk) -- C:\Windows\SysNative\drivers\risdsn64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimssn64.sys (REDC)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (Dot4Scan) -- C:\Windows\SysNative\drivers\Dot4Scan.sys (Microsoft Corporation)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (netw5v64) Intel® -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (MPFP) -- C:\Windows\SysNative\drivers\Mpfp.sys (McAfee, Inc.)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (csr_a2dp) -- C:\Windows\SysNative\drivers\bthav.sys (CSR, plc)
DRV:64bit: - (emAudio) -- C:\Windows\SysNative\drivers\emAudio64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (DCamUSBEMPIA) -- C:\Windows\SysNative\drivers\emDevice64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (FiltUSBEMPIA) -- C:\Windows\SysNative\drivers\emFilter64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (ScanUSBEMPIA) -- C:\Windows\SysNative\drivers\emScan64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (MarvinBus) -- C:\Windows\SysNative\drivers\MarvinBus64.sys (Pinnacle Systems GmbH)
DRV - (UrlFilter) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys (IObit.com)
DRV - (RegFilter) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys (IObit.com)
DRV - (FileMonitor) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys (IObit)
DRV - (PfFilter) -- C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys (IObit Information Technology)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsof...obby/search.asp
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-re...q={searchTerms}
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsof...obby/search.asp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim....3.1010000&st=10
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{099EF85B-3260-4b87-9239-33355EE6A548}: "URL" = http://results.myway...r={searchTerms}
IE - HKLM\..\SearchScopes\{09BF01E0-CFE9-4104-B0BB-B5724D999A05}: "URL" = http://slirsredirect...hromesbox-en-uk
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Colin\Favorites\Downloads\FOOTBALL BETTING SOFTWARE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://bing.com/
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{2282A0CE-B42D-4BE2-97DF-98322F665385}: "URL" = http://visualsearch....q={searchTerms}
IE - HKCU\..\SearchScopes\{4C8B3851-05E2-4660-B181-72840E5785F3}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{6BC079BB-5474-4CD2-A048-905E648B6E21}: "URL" = http://uk.search.yah...p={searchTerms}
IE - HKCU\..\SearchScopes\{6F8D3DBD-C0AB-4ACE-9E22-6A4CA4EF8E67}: "URL" = http://www.google.co...rchTerms}&meta=
IE - HKCU\..\SearchScopes\{861E8928-6140-4CB5-8DF7-7E7E9FD7EA98}: "URL" = http://websearch.ask...apn_dtid=OSJ000
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-06-30 20:58:29&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...540501721747738
IE - HKCU\..\SearchScopes\{E36AC8FA-77B0-4E67-9AB8-B1F9E88AAF31}: "URL" = http://services.zini...}&rf=sonyslices
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.7.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Colin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Colin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2011/02/12 13:37:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2010/05/01 01:57:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/05 22:00:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2011/12/28 00:25:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/07/06 15:13:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/03 10:09:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/06/30 20:58:42 | 000,000,000 | ---D | M]

[2012/07/02 21:04:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Colin\AppData\Roaming\mozilla\Extensions
[2011/05/22 22:15:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Colin\AppData\Roaming\mozilla\Extensions\[email protected]
[2012/07/02 21:04:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\t98nhymg.default\extensions
[2012/07/02 21:04:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\t98nhymg.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2012/07/02 21:05:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/02 21:12:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/07/02 21:12:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2011/05/22 23:27:24 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Colin\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Colin\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Colin\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Colin\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: The Guardian = C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\amckaikgfcndaokapfcedicfmagoghlg\1.7.2_0\
CHR - Extension: Wunderlist = C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjliknjliaohjgjajlgolhijphojjdkc\1.0.2_0\
CHR - Extension: AVG Safe Search = C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\
CHR - Extension: RoboForm Lite = C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kidhjpmgjfbkmcfpfakmdddddgfbhahj\3.2.0_0\
CHR - Extension: AVG Do Not Track = C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\

O1 HOSTS File: ([2012/07/06 21:04:53 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110125133743.dll (McAfee, Inc.)
O2:64bit: - BHO: (BrowserHelper Class) - {EDF48A39-1442-463F-9F4E-F376A78D034A} - C:\Program Files (x86)\Livedrive\LivedriveExplorerExtensions.dll (Livedrive Internet Ltd)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110125133743.dll (McAfee, Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [RIMDeviceManager] C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe (Research In Motion Limited)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Clear Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComClearFields.html ()
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Identities Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html ()
O8:64bit: - Extra context menu item: Logoff - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComLogoff.html ()
O8:64bit: - Extra context menu item: Passcards Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditPass.html ()
O8:64bit: - Extra context menu item: Password Generator - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html ()
O8:64bit: - Extra context menu item: Reset Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComResetFields.html ()
O8:64bit: - Extra context menu item: RoboForm Options - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComOptions.html ()
O8:64bit: - Extra context menu item: RoboForm TaskBar Icon - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Safenotes Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditNote.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Set Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSetFields.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Clear Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComClearFields.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Identities Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html ()
O8 - Extra context menu item: Logoff - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComLogoff.html ()
O8 - Extra context menu item: Passcards Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditPass.html ()
O8 - Extra context menu item: Password Generator - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html ()
O8 - Extra context menu item: Reset Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComResetFields.html ()
O8 - Extra context menu item: RoboForm Options - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComOptions.html ()
O8 - Extra context menu item: RoboForm TaskBar Icon - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Safenotes Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditNote.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Set Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSetFields.html ()
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: google.com ([mail] https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Value error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...40320.363287037 (Update Class)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.bl...re/AxLoader.cab (RIM AxLoader)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valu...ashax/iefax.cab (Flash Casino Helper Control)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../PCPitStop2.cab (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AD2AAC8-8A36-4590-84E6-260F6CF5030E}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E71868B7-EED6-40BE-9356-C83791F0C615}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\base64 - No CLSID value found
O18:64bit: - Protocol\Handler\chrome - No CLSID value found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\prox - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\base64 - No CLSID value found
O18 - Protocol\Handler\chrome - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\prox - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/06 21:17:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/07/06 15:13:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/07/04 15:55:00 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/07/03 23:07:09 | 000,000,000 | ---D | C] -- C:\Reg_Backup
[2012/07/03 23:07:07 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/07/03 22:21:43 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2012/07/03 22:21:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2012/07/03 22:21:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2012/07/03 10:11:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/07/02 22:42:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/02 22:32:54 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/02 18:52:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/02 18:19:44 | 000,000,000 | ---D | C] -- C:\Users\Colin\Desktop\RK_Quarantine
[2012/07/02 17:55:28 | 000,000,000 | ---D | C] -- C:\Users\Colin\Desktop\GOOGLE APPS
[2012/07/02 17:14:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/02 17:14:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/02 17:14:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/02 17:13:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/02 17:12:49 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/02 01:21:58 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/07/01 22:20:01 | 000,000,000 | ---D | C] -- C:\Users\Colin\Desktop\Fix Malware
[2012/07/01 20:06:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/07/01 20:04:24 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\82644766.sys
[2012/07/01 12:28:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2012/07/01 12:05:45 | 019,551,736 | ---- | C] (IObit ) -- C:\Users\Colin\Desktop\imf-setup.exe
[2012/06/30 21:00:09 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Roaming\AVG2012
[2012/06/30 20:59:21 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Local\AVG Secure Search
[2012/06/30 20:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/06/30 20:58:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/06/30 20:58:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/06/30 20:57:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Files
[2012/06/30 20:56:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012/06/30 20:53:36 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/06/30 20:53:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2012/06/30 20:13:06 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Local\Macromedia
[2012/06/30 20:12:20 | 000,000,000 | ---D | C] -- C:\ProgramData\hssff
[2012/06/30 20:12:04 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Local\Zoom_Downloader
[2012/06/30 20:09:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2012/06/30 19:47:42 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/06/30 19:44:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/06/30 19:39:16 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/06/28 01:40:51 | 000,000,000 | --SD | C] -- C:\Users\Colin\Google Drive
[2012/06/28 01:32:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2012/06/25 17:06:59 | 000,000,000 | ---D | C] -- C:\Users\Colin\Documents\New folder (8)
[2012/06/25 16:48:53 | 000,000,000 | ---D | C] -- C:\Users\Colin\Documents\Usenet.nl
[2012/06/06 23:41:36 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BlackBerry
[2012/06/06 21:39:41 | 000,000,000 | ---D | C] -- C:\MATS

========== Files - Modified Within 30 Days ==========

[2012/07/06 21:27:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-247563849-1891965759-2374117565-1000UA.job
[2012/07/06 21:26:04 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/06 21:18:04 | 000,010,096 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/06 21:18:04 | 000,010,096 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/06 21:11:54 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012/07/06 21:11:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/06 21:10:47 | 2311,335,936 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/06 21:04:53 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/07/06 20:59:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/06 18:50:51 | 000,047,286 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/07/06 18:00:00 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2012/07/06 15:11:07 | 101,200,596 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/07/05 20:35:13 | 000,873,490 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/05 20:35:13 | 000,732,570 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/05 20:35:13 | 000,149,348 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/04 17:51:48 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2012/07/04 16:32:09 | 000,546,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/04 16:27:26 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/07/04 16:27:25 | 000,000,042 | ---- | M] () -- C:\repairs_running.dat
[2012/07/04 16:27:11 | 000,047,155 | ---- | M] () -- C:\Users\Colin\Desktop\insight competencies.JPG
[2012/07/04 12:01:39 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-247563849-1891965759-2374117565-1000Core.job
[2012/07/04 12:01:17 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/07/03 22:21:33 | 000,002,247 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/07/03 17:02:49 | 000,024,341 | ---- | M] () -- C:\Users\Colin\Desktop\Error Message re Malwarebytes.JPG
[2012/07/03 00:09:23 | 000,001,050 | ---- | M] () -- C:\Users\Colin\Desktop\Hosts - Shortcut.lnk
[2012/07/02 19:05:15 | 000,001,030 | ---- | M] () -- C:\Users\Colin\Desktop\07022012_185209 - Shortcut.lnk
[2012/07/02 18:56:30 | 000,191,013 | ---- | M] () -- C:\Users\Colin\Desktop\700955.htm
[2012/07/02 18:55:58 | 000,024,533 | ---- | M] () -- C:\Users\Colin\Desktop\search.htm
[2012/07/02 17:12:40 | 000,002,065 | ---- | M] () -- C:\Users\Colin\Desktop\Continue SweetIM Installation.lnk
[2012/07/01 20:47:31 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\82644766.sys
[2012/07/01 12:28:07 | 000,001,133 | ---- | M] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2012/07/01 12:16:49 | 000,001,099 | ---- | M] () -- C:\Users\Colin\Desktop\IObit - Shortcut.lnk
[2012/07/01 12:05:48 | 019,551,736 | ---- | M] (IObit ) -- C:\Users\Colin\Desktop\imf-setup.exe
[2012/06/30 20:56:44 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/06/30 20:56:44 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/06/30 20:10:13 | 000,000,250 | ---- | M] () -- C:\user.js
[2012/06/29 16:44:51 | 000,000,133 | ---- | M] () -- C:\Users\Colin\Desktop\Today's Racecards Sporting Life - Horse Racing News Live Racing Results, Racecards, Live Betting Shows.url
[2012/06/28 03:09:37 | 000,075,387 | ---- | M] () -- C:\Users\Colin\Desktop\Usenet cancellation 2.JPG
[2012/06/28 01:40:52 | 000,001,707 | ---- | M] () -- C:\Users\Colin\Desktop\Google Drive.lnk
[2012/06/25 14:03:21 | 000,000,202 | ---- | M] () -- C:\Users\Colin\Desktop\EMPLOYEE SURVEY.url
[2012/06/24 15:45:59 | 000,000,236 | ---- | M] () -- C:\Users\Colin\Desktop\Special Audiobook Download Offer Downloadable Audio Books, iPhone, Android and Digital Audio Books Audible Audiobooks Audible.co.uk.url
[2012/06/11 15:21:11 | 000,001,118 | ---- | M] () -- C:\Users\Colin\Desktop\Ladbrokes - Shortcut.lnk
[2012/06/10 22:19:34 | 000,007,168 | ---- | M] () -- C:\Users\Colin\Desktop\photothumb.db
[2012/06/06 23:58:56 | 000,068,527 | ---- | M] () -- C:\Users\Colin\Desktop\BlackBerry Desktop Software readme.rtf
[2012/06/06 23:24:05 | 000,002,865 | ---- | M] () -- C:\Users\Colin\Desktop\BlackBerry - Shortcut (2).lnk
[2012/06/06 22:22:17 | 000,000,286 | ---- | M] () -- C:\Windows\reimage.ini

========== Files Created - No Company Name ==========

[2012/07/06 18:50:51 | 000,047,286 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/07/06 15:11:07 | 101,200,596 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/07/04 16:27:25 | 000,000,042 | ---- | C] () -- C:\repairs_running.dat
[2012/07/04 16:27:10 | 000,047,155 | ---- | C] () -- C:\Users\Colin\Desktop\insight competencies.JPG
[2012/07/04 12:24:16 | 000,303,616 | ---- | C] ( ) -- C:\SetACL.exe
[2012/07/03 22:21:33 | 000,002,247 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/07/03 17:02:48 | 000,024,341 | ---- | C] () -- C:\Users\Colin\Desktop\Error Message re Malwarebytes.JPG
[2012/07/03 00:09:23 | 000,001,050 | ---- | C] () -- C:\Users\Colin\Desktop\Hosts - Shortcut.lnk
[2012/07/02 19:05:15 | 000,001,030 | ---- | C] () -- C:\Users\Colin\Desktop\07022012_185209 - Shortcut.lnk
[2012/07/02 18:56:37 | 000,191,013 | ---- | C] () -- C:\Users\Colin\Desktop\700955.htm
[2012/07/02 18:56:23 | 000,024,533 | ---- | C] () -- C:\Users\Colin\Desktop\search.htm
[2012/07/02 17:14:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/02 17:14:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/02 17:14:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/02 17:14:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/02 17:14:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/02 17:02:03 | 000,002,065 | ---- | C] () -- C:\Users\Colin\Desktop\Continue SweetIM Installation.lnk
[2012/07/01 12:28:07 | 000,001,133 | ---- | C] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2012/07/01 12:16:49 | 000,001,099 | ---- | C] () -- C:\Users\Colin\Desktop\IObit - Shortcut.lnk
[2012/06/30 20:56:44 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/06/30 20:56:44 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/06/30 20:10:11 | 000,000,250 | ---- | C] () -- C:\user.js
[2012/06/29 16:44:51 | 000,000,133 | ---- | C] () -- C:\Users\Colin\Desktop\Today's Racecards Sporting Life - Horse Racing News Live Racing Results, Racecards, Live Betting Shows.url
[2012/06/28 03:09:37 | 000,075,387 | ---- | C] () -- C:\Users\Colin\Desktop\Usenet cancellation 2.JPG
[2012/06/28 01:40:52 | 000,001,707 | ---- | C] () -- C:\Users\Colin\Desktop\Google Drive.lnk
[2012/06/25 14:01:48 | 000,000,202 | ---- | C] () -- C:\Users\Colin\Desktop\EMPLOYEE SURVEY.url
[2012/06/24 15:45:59 | 000,000,236 | ---- | C] () -- C:\Users\Colin\Desktop\Special Audiobook Download Offer Downloadable Audio Books, iPhone, Android and Digital Audio Books Audible Audiobooks Audible.co.uk.url
[2012/06/10 14:55:06 | 000,007,168 | ---- | C] () -- C:\Users\Colin\Desktop\photothumb.db
[2012/06/10 14:54:06 | 000,000,098 | -HS- | C] () -- C:\Windows\WSYS049.SYS
[2012/06/06 23:58:55 | 000,068,527 | ---- | C] () -- C:\Users\Colin\Desktop\BlackBerry Desktop Software readme.rtf
[2012/06/06 23:24:05 | 000,002,865 | ---- | C] () -- C:\Users\Colin\Desktop\BlackBerry - Shortcut (2).lnk
[2012/06/06 18:18:44 | 000,000,355 | ---- | C] () -- C:\Users\Colin\Computer - Shortcut.lnk
[2011/12/23 00:33:05 | 000,002,496 | ---- | C] () -- C:\Windows\SysWow64\AVRedirector.ini
[2011/12/23 00:33:05 | 000,001,248 | ---- | C] () -- C:\Windows\SysWow64\AVRedirectorOff.ini
[2011/12/12 11:25:40 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/12/07 00:55:54 | 000,159,249 | ---- | C] () -- C:\Windows\Bet wizard Uninstaller.exe
[2011/11/20 23:13:38 | 000,000,189 | ---- | C] () -- C:\Users\Colin\Guitar Tuner @ Chordbook.Com.url
[2011/09/26 22:12:31 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011/08/28 02:17:02 | 000,012,288 | ---- | C] () -- C:\Users\Colin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/03 01:45:38 | 000,704,000 | ---- | C] () -- C:\Windows\is-NAUMG.exe
[2011/07/02 22:31:16 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/07/02 22:31:16 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/07/02 21:55:27 | 000,017,408 | ---- | C] () -- C:\Users\Colin\AppData\Local\WebpageIcons.db
[2011/07/02 01:41:11 | 000,208,178 | ---- | C] () -- C:\Windows\Photo Pos Pro Uninstaller.exe
[2011/06/05 19:41:31 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011/02/27 00:50:51 | 001,503,232 | ---- | C] () -- C:\Windows\SysWow64\ptj.exe
[2011/02/27 00:50:50 | 004,369,408 | ---- | C] () -- C:\Windows\SysWow64\pdftk.exe
[2011/02/27 00:50:50 | 000,235,008 | ---- | C] () -- C:\Windows\SysWow64\office.exe
[2011/01/20 21:40:03 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2011/01/11 21:31:07 | 000,356,197 | ---- | C] () -- C:\Users\Colin\mural-tile.jpg
[2010/12/08 15:42:32 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfinpa.dll
[2010/12/08 15:42:32 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfiesc.dll
[2010/12/08 15:42:32 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcfcomx.dll
[2010/12/08 15:42:32 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\lxcfinst.dll
[2010/12/08 15:42:31 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfpmui.dll
[2010/12/08 15:42:30 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfusb1.dll
[2010/12/08 15:42:29 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfserv.dll
[2010/12/08 15:42:29 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfppls.exe
[2010/12/08 15:42:29 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfprox.dll
[2010/12/08 15:42:29 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfpplc.dll
[2010/12/08 15:42:28 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfhbn3.dll
[2010/12/08 15:42:28 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcflmpm.dll
[2010/12/08 15:42:28 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfcoms.exe
[2010/12/08 15:42:28 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfih.exe
[2010/12/08 15:42:27 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfcomc.dll
[2010/12/08 15:42:27 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfcomm.dll
[2010/12/08 15:42:26 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfcfg.exe
[2010/10/23 04:39:14 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2010/10/19 07:17:01 | 000,000,000 | ---- | C] () -- C:\Users\Colin\AppData\Roaming\wklnhst.dat
[2010/09/24 13:20:39 | 000,127,494 | ---- | C] () -- C:\Users\Colin\cc dots.bmp
[2010/09/24 13:02:37 | 000,018,432 | ---- | C] () -- C:\Users\Colin\photothumb.db
[2010/09/24 09:46:36 | 000,015,064 | ---- | C] () -- C:\Users\Colin\ear.jpg
[2010/08/11 11:43:50 | 000,159,464 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2010/07/26 14:03:32 | 000,004,096 | ---- | C] () -- C:\Users\Colin\AppData\Local\keyfile3.drm
[2010/07/18 21:14:55 | 000,000,632 | ---- | C] () -- C:\Users\Colin\ntuser.pol
[2010/07/14 08:24:28 | 000,038,491 | ---- | C] () -- C:\Users\Colin\AppData\Roaming\Comma Separated Values (DOS).ADR
[2010/07/05 13:43:50 | 000,059,074 | ---- | C] () -- C:\Users\Colin\start.class
[2010/07/05 13:43:50 | 000,020,415 | ---- | C] () -- C:\Users\Colin\W800.1bt
[2010/07/05 13:43:50 | 000,009,656 | ---- | C] () -- C:\Users\Colin\g.class
[2010/07/05 13:43:50 | 000,008,916 | ---- | C] () -- C:\Users\Colin\f.class
[2010/07/05 13:43:50 | 000,004,494 | ---- | C] () -- C:\Users\Colin\q.class
[2010/07/05 13:43:50 | 000,003,984 | ---- | C] () -- C:\Users\Colin\b.class
[2010/07/05 13:43:50 | 000,003,374 | ---- | C] () -- C:\Users\Colin\d.class
[2010/07/05 13:43:50 | 000,002,872 | ---- | C] () -- C:\Users\Colin\l.class
[2010/07/05 13:43:50 | 000,002,634 | ---- | C] () -- C:\Users\Colin\k.class
[2010/07/05 13:43:50 | 000,002,521 | ---- | C] () -- C:\Users\Colin\c.class
[2010/07/05 13:43:50 | 000,002,206 | ---- | C] () -- C:\Users\Colin\j.class
[2010/07/05 13:43:50 | 000,002,118 | ---- | C] () -- C:\Users\Colin\i.class
[2010/07/05 13:43:50 | 000,001,950 | ---- | C] () -- C:\Users\Colin\v.class
[2010/07/05 13:43:50 | 000,001,495 | ---- | C] () -- C:\Users\Colin\h.class
[2010/07/05 13:43:50 | 000,001,461 | ---- | C] () -- C:\Users\Colin\u.class
[2010/07/05 13:43:50 | 000,001,445 | ---- | C] () -- C:\Users\Colin\s.class
[2010/07/05 13:43:50 | 000,001,002 | ---- | C] () -- C:\Users\Colin\c
[2010/07/05 13:43:50 | 000,000,959 | ---- | C] () -- C:\Users\Colin\a
[2010/07/05 13:43:50 | 000,000,949 | ---- | C] () -- C:\Users\Colin\r.class
[2010/07/05 13:43:50 | 000,000,884 | ---- | C] () -- C:\Users\Colin\e.class
[2010/07/05 13:43:50 | 000,000,863 | ---- | C] () -- C:\Users\Colin\b
[2010/07/05 13:43:50 | 000,000,839 | ---- | C] () -- C:\Users\Colin\p.class
[2010/07/05 13:43:50 | 000,000,771 | ---- | C] () -- C:\Users\Colin\m.class
[2010/07/05 13:43:50 | 000,000,682 | ---- | C] () -- C:\Users\Colin\n.class
[2010/07/05 13:43:50 | 000,000,113 | ---- | C] () -- C:\Users\Colin\LED
[2010/07/05 13:43:50 | 000,000,095 | ---- | C] () -- C:\Users\Colin\o.class
[2010/07/05 13:43:50 | 000,000,091 | ---- | C] () -- C:\Users\Colin\t.class
[2010/07/05 13:43:50 | 000,000,091 | ---- | C] () -- C:\Users\Colin\a.class
[2010/06/26 09:30:26 | 010,294,792 | ---- | C] () -- C:\Users\Colin\mirror world cup wallchartA3.pdf
[2010/05/29 08:29:40 | 000,113,306 | ---- | C] () -- C:\Users\Colin\Mobile_Phone_Software_Pack_2010_Edition.zip
[2010/05/28 07:36:40 | 000,000,167 | ---- | C] () -- C:\Users\Colin\udownload.dat
[2010/05/22 13:45:57 | 000,005,007 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2010/05/19 06:15:46 | 000,000,359 | ---- | C] () -- C:\Users\Colin\Recycle Bin - Shortcut.lnk
[2010/05/16 12:58:30 | 000,007,621 | ---- | C] () -- C:\Users\Colin\AppData\Local\resmon.resmoncfg
[2010/05/09 01:32:55 | 000,037,704 | ---- | C] () -- C:\Users\Colin\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/05/05 18:08:35 | 000,000,005 | ---- | C] () -- C:\Users\Colin\AppData\Roaming\openList.awt
[2010/05/05 18:08:35 | 000,000,005 | ---- | C] () -- C:\Users\Colin\AppData\Roaming\closedList.awt
[2010/04/08 05:36:40 | 000,893,952 | ---- | C] () -- C:\Users\Colin\opticalillusions01-1-1.pps
[2010/04/06 19:54:15 | 000,152,031 | ---- | C] () -- C:\Users\Colin\Southern Shih Tzu Application form-pdf.pdf
[2010/03/11 17:43:13 | 000,000,009 | ---- | C] () -- C:\Users\Colin\usb003
[2010/03/08 23:07:12 | 000,000,600 | ---- | C] () -- C:\Users\Colin\PUTTY.RND
[2010/02/05 09:35:45 | 001,492,261 | ---- | C] () -- C:\Users\Colin\PJ033236-Pubsclubscombinedpresentation_Final_V1aqua.pdf
[2009/12/10 20:13:48 | 000,000,010 | ---- | C] () -- C:\Users\Colin\USB001
[2009/12/09 05:33:55 | 000,222,942 | ---- | C] () -- C:\Users\Colin\Full page fax print.pdf
[2009/11/02 05:39:39 | 000,255,358 | ---- | C] () -- C:\Users\Colin\13 x 18 cm. cutout prints.pdf
[2009/05/10 17:23:44 | 000,619,939 | ---- | C] () -- C:\Users\Colin\19 Longford Road.pdf
[2008/12/12 17:15:15 | 000,525,668 | ---- | C] () -- C:\Users\Colin\mhtml_mid___00000013_.pdf
[2008/12/12 17:06:20 | 000,019,844 | ---- | C] () -- C:\Users\Colin\Document1.pdf
[2006/01/04 01:00:00 | 000,094,533 | ---- | C] () -- C:\Users\Colin\btscanner.jar

========== LOP Check ==========

[2012/06/05 16:43:50 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Amazon
[2012/06/30 21:00:09 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\AVG2012
[2011/12/23 00:29:34 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\AVSoftware
[2010/10/31 00:46:33 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\BitZipper
[2010/05/22 13:45:58 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Carambis
[2010/05/22 04:01:59 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\DeviceDoctorSoftware
[2010/05/22 06:00:18 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\DriverCure
[2010/05/22 08:37:47 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\DriverFinder
[2012/06/05 23:13:58 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Drivers For Free
[2011/08/29 01:26:08 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\eBookPro6
[2011/02/22 01:30:39 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\FCTB000061107
[2011/07/02 21:32:28 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\FDRLab
[2011/11/29 03:48:10 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\gcaltoolkit
[2010/10/07 00:30:56 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\GetRightToGo
[2011/07/06 01:49:00 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\GlarySoft
[2012/07/06 01:28:02 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\GoodSync
[2011/12/10 20:53:48 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\IObit
[2010/05/05 01:01:22 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\LegalSounds
[2011/06/05 20:10:06 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\MAGIX
[2011/12/28 00:27:50 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Nokia
[2011/12/01 06:59:44 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Paltalk
[2011/01/24 14:42:42 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\ParetoLogic
[2010/10/14 07:12:36 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Participatory Culture Foundation
[2011/12/28 00:27:09 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\PC Suite
[2010/10/19 05:37:00 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\PCF-VLC
[2011/01/02 03:30:30 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\PhotoScape
[2011/12/09 23:06:55 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Research In Motion
[2011/07/06 01:46:41 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Sammsoft
[2010/07/17 01:05:59 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Serif
[2010/10/21 23:10:44 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\SmartDraw
[2012/07/01 12:42:12 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Software Informer
[2012/06/21 19:51:19 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Spotify
[2011/06/05 20:14:22 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\SynthMaker
[2010/07/05 12:03:20 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\TeamViewer
[2010/10/19 07:17:01 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Template
[2011/06/24 08:05:28 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Tific
[2011/05/22 22:15:11 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\TomTom
[2010/05/05 03:29:01 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Trusteer
[2010/05/31 14:33:34 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\TuneUp Software
[2010/06/05 04:01:17 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Uniblue
[2011/04/06 21:17:39 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Vodafone
[2010/12/30 02:45:09 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Windows Live Writer
[2012/07/06 21:11:54 | 000,000,324 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2012/07/06 18:00:00 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
[2012/05/08 08:31:34 | 000,000,494 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
[2012/04/28 15:13:52 | 000,000,276 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
[2012/05/16 07:47:35 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:DBC416F8
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:05E9FFE5
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:A3E39C6A

< End of report >
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP