[tgill123]

I am getting a whole screen of messages from Google and other web sources popping up telling me to remove the itrkjmp.com I don't even know what this is. Also, just recently when I am on a website such as Geeks To Go - when I clicked on registration it jumped from Geeks To Go to some other website which it has been doing since yesterday (6/17/13). Is this part of the itrkjmp? How do I remove this?

[Advertisements]

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you.

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

• Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  
• Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  
• If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  
• In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  
• If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  
• Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  
• Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  
• I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together
  
  
  • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
• Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.
  
  
  • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

OTL Custom Scan

We need to run an OTL Custom Scan

• Please download OTL from one of the following mirrors:
  • This is THE Mirror
  • Mirror
• Save it to your desktop.
• Double click on the icon on your desktop.
• Click the "Scan All Users" checkbox.
• Copy and Paste the following code into the textbox.
  
  

  msconfig
  safebootminimal
  activex
  drivers32
  netsvcs
  CreateRestorePoint
  "%WinDir%\$NtUninstallKB*$." /30
  C:\Program Files\Common Files\ComObjects\*.* /s
  %systemroot%\*. /mp /s
  %systemroot%\*. /rp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\drivers\*.sys /90
  %SYSTEMDRIVE%\*.exe
  %systemdrive%\$Recycle.Bin|@;true;true;true /fp
  /md5start
  volsnap.sys
  atapi.sys
  explorer.exe
  winlogon.exe
  wininit.exe
  svchost.exe
  tdx.sys
  afd.sys
  netbt.sys
  services.exe
  /md5stop
  hklm\software\clients\startmenuinternet|command /rs
  hklm\software\clients\startmenuinternet|command /64 /rs
  HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s
  

• Push the button.
• A report will open. Copy and Paste that report in your next reply.

NEXT:



Running aswMBR.exe

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan



On completion of the scan click save log, save it to your desktop and post in your next reply





NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. OTL.txt & Extras.txt log files.
3. aswMBR.txt log file.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

[SweetTech]

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you.

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

• Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  
• Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  
• If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  
• In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  
• If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  
• Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  
• Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  
• I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together
  
  
  • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
• Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.
  
  
  • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

OTL Custom Scan

We need to run an OTL Custom Scan

• Please download OTL from one of the following mirrors:
  • This is THE Mirror
  • Mirror
• Save it to your desktop.
• Double click on the icon on your desktop.
• Click the "Scan All Users" checkbox.
• Copy and Paste the following code into the textbox.
  
  

  msconfig
  safebootminimal
  activex
  drivers32
  netsvcs
  CreateRestorePoint
  "%WinDir%\$NtUninstallKB*$." /30
  C:\Program Files\Common Files\ComObjects\*.* /s
  %systemroot%\*. /mp /s
  %systemroot%\*. /rp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\drivers\*.sys /90
  %SYSTEMDRIVE%\*.exe
  %systemdrive%\$Recycle.Bin|@;true;true;true /fp
  /md5start
  volsnap.sys
  atapi.sys
  explorer.exe
  winlogon.exe
  wininit.exe
  svchost.exe
  tdx.sys
  afd.sys
  netbt.sys
  services.exe
  /md5stop
  hklm\software\clients\startmenuinternet|command /rs
  hklm\software\clients\startmenuinternet|command /64 /rs
  HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s
  

• Push the button.
• A report will open. Copy and Paste that report in your next reply.

NEXT:



Running aswMBR.exe

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan



On completion of the scan click save log, save it to your desktop and post in your next reply





NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. OTL.txt & Extras.txt log files.
3. aswMBR.txt log file.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

[tgill123]

Hi ST,

Thank you so much for responding to me and as you will see from the report that I cut and pasted per your instructions I have a lot more issues going on here as I can only run in Safe Mode as BSOD will not go away so I do hope that when you give me instructions that they are ok to run in Safe Mode. BTW, I make great oatmeal chocolate chip cookies as well as an almond joy cookie, white chocolate and crasin oatmeal cookie really delicious. Let me know where I may send some to you.



OTL logfile created on: 6/20/2013 1:53:48 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.84 Gb Total Physical Memory | 0.54 Gb Available Physical Memory | 13.94% Memory free
4.34 Gb Paging File | 1.23 Gb Available in Paging File | 28.30% Paging File free
Paging file location(s): c:\pagefile.sys 512 1024

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 296.92 Gb Total Space | 191.07 Gb Free Space | 64.35% Space Free | Partition Type: NTFS

Computer Name: LPT2011080401 | User Name: Tina | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/20 01:41:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2013/05/21 17:50:44 | 003,623,200 | ---- | M] (Sendori) -- C:\Program Files (x86)\Sendori\sndappv2.exe
PRC - [2011/10/07 01:26:01 | 014,100,992 | ---- | M] (Foxit Software) -- C:\Users\user\Desktop\PDFCreator\Foxit Software\Foxit Phantom\Foxit Phantom.exe
PRC - [2010/12/15 15:23:16 | 001,041,728 | ---- | M] (Avanquest Software) -- C:\Program Files (x86)\EarthLink\Protection Control Center\SSuite.exe
PRC - [2010/04/23 00:46:02 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010/02/22 14:29:56 | 001,012,080 | ---- | M] (Sunbelt Software) -- C:\Program Files (x86)\Common Files\AntiVirus\SBAMSvc.exe
PRC - [2010/01/25 15:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/16 01:39:14 | 013,136,776 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll
MOD - [2013/04/09 01:57:07 | 000,390,096 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
MOD - [2013/04/09 01:57:05 | 004,050,896 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013/04/09 01:56:13 | 001,606,096 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2010/12/09 12:47:12 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\EarthLink\Protection Control Center\MXExHand.dll
MOD - [2010/12/09 12:39:56 | 000,528,384 | ---- | M] () -- C:\Program Files (x86)\EarthLink\Protection Control Center\aqg.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/23 22:25:09 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/07/12 17:53:58 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV:64bit: - [2011/07/12 17:53:40 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV:64bit: - [2011/07/12 17:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2011/07/12 17:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2011/06/22 18:56:46 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Stopped] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2011/04/04 18:22:12 | 000,059,240 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV:64bit: - [2011/04/04 18:21:56 | 000,040,808 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2010/12/03 23:17:04 | 000,965,408 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/12/03 13:01:54 | 000,116,072 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe -- (HyperW7Svc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/05/31 04:19:28 | 000,032,808 | ---- | M] (Just Develop It) [Auto | Stopped] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2013/05/21 17:50:44 | 003,623,200 | ---- | M] (Sendori) [Auto | Running] -- C:\Program Files (x86)\Sendori\sndappv2.exe -- (sndappv2)
SRV - [2013/05/21 17:50:44 | 000,119,072 | ---- | M] (Sendori, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Sendori\SendoriSvc.exe -- (Application Sendori)
SRV - [2013/05/21 17:50:44 | 000,019,744 | ---- | M] (sendori) [Auto | Stopped] -- C:\Program Files (x86)\Sendori\Sendori.Service.exe -- (Service Sendori)
SRV - [2013/05/20 13:27:57 | 001,015,984 | ---- | M] (AVG Secure Search) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe -- (vToolbarUpdater15.2.0)
SRV - [2013/03/01 07:58:50 | 000,067,584 | ---- | M] (PasswordBox, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\PasswordBox\pbbtnService.exe -- (PasswordBox)
SRV - [2013/02/11 00:42:26 | 000,572,928 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch)
SRV - [2012/12/19 16:35:03 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/26 06:30:00 | 000,687,104 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe -- (FastFreeConverterUpdt)
SRV - [2012/10/02 08:24:52 | 000,351,152 | ---- | M] (Avanquest Software) [Auto | Stopped] -- C:\Program Files (x86)\EarthLink\PC FineTune\MXTask.exe -- (PC FineTune Task Manager)
SRV - [2012/10/02 08:24:38 | 000,080,800 | ---- | M] (Avanquest Software) [Auto | Stopped] -- C:\Program Files (x86)\EarthLink\PC FineTune\AQFileRestoreSrv.exe -- (AQFileRestoreSrv)
SRV - [2012/09/26 08:29:00 | 003,051,632 | ---- | M] (NCH Software) [On_Demand | Stopped] -- C:\Program Files (x86)\NCH Software\ExpressAccounts\expressaccounts.exe -- (ExpressAccountsService)
SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 04:40:06 | 000,394,392 | ---- | M] (PCRx.com, LLC) [Auto | Stopped] -- C:\Program Files (x86)\24x7Help\App24x7Svc.exe -- (24x7HelpSvc)
SRV - [2012/06/25 15:16:26 | 000,013,232 | ---- | M] (SRS Labs, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\SRS Labs\SRS HD Audio Lab Service 2\SRSAudioLabService.exe -- (SRSHDAudioService)
SRV - [2012/05/23 18:47:43 | 001,558,532 | ---- | M] (NCH Software) [On_Demand | Stopped] -- C:\Program Files (x86)\NCH Software\Inventoria\inventoria.exe -- (InventoriaService)
SRV - [2012/05/23 18:47:39 | 002,041,860 | ---- | M] (NCH Software) [On_Demand | Stopped] -- C:\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe -- (ExpressInvoiceService)
SRV - [2012/05/23 18:47:02 | 000,886,788 | ---- | M] (NCH Software) [Auto | Stopped] -- C:\Program Files (x86)\NCH Software\FlexiServer\flexiserver.exe -- (FlexiServerService)
SRV - [2012/05/23 18:29:03 | 002,469,380 | ---- | M] (NCH Software) [Auto | Stopped] -- C:\Program Files (x86)\NCH Software\BroadCam\broadcam.exe -- (BroadCamService)
SRV - [2011/10/01 02:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 02:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/11 21:03:00 | 000,630,584 | ---- | M] (FixBee., (www.fixbee.com)) [Auto | Stopped] -- C:\Program Files (x86)\FixBee\FBDefragSrv64.exe -- (FBDiskOptimizer)
SRV - [2011/08/04 13:18:37 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/04/18 11:52:00 | 000,477,032 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)
SRV - [2011/04/18 11:52:00 | 000,143,360 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)
SRV - [2011/04/18 11:52:00 | 000,083,304 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2011/04/14 14:22:28 | 000,263,528 | ---- | M] (Lenovo) [Auto | Stopped] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2011/04/14 14:22:26 | 000,124,264 | ---- | M] (Lenovo) [Auto | Stopped] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2011/02/21 20:19:12 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/21 20:19:08 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/02/07 09:56:11 | 000,138,192 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010/12/09 13:00:40 | 000,517,400 | ---- | M] (Avanquest Software) [Auto | Stopped] -- C:\Program Files (x86)\EarthLink\Protection Control Center\MXTask.exe -- (Protection Control Center Task Manager)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/09/07 09:47:18 | 000,202,048 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/04/23 00:46:02 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/04/16 21:06:36 | 003,218,880 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010/04/01 20:47:34 | 000,419,656 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/22 14:29:56 | 001,012,080 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files (x86)\Common Files\AntiVirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2010/02/17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2010/01/25 15:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/01/25 15:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/01/10 12:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2013/06/13 06:44:38 | 000,015,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2013/05/20 13:27:57 | 000,045,856 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/02/21 18:53:00 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013/02/21 18:43:20 | 000,046,280 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2013/02/11 21:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2013/01/01 08:19:44 | 000,072,280 | ---- | M] (Sunbelt Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2012/10/02 08:24:56 | 000,021,104 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AQFileRestore.sys -- (AQFileRestore)
DRV:64bit: - [2012/09/19 11:02:08 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/09/19 11:02:06 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012/06/21 16:04:52 | 000,549,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SRS_AE_amd64.sys -- (SRS_AE_Service)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/26 18:10:44 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2011/11/02 12:20:57 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/10/01 02:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvolwin7.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 02:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaywin7.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 02:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirwin7.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 02:30:16 | 000,765,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfswin7.sys -- (Sftfs)
DRV:64bit: - [2011/08/10 17:40:58 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/08/04 01:58:20 | 000,154,624 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcusbnet.sys -- (htcusbnet)
DRV:64bit: - [2011/08/01 16:59:06 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/06/22 18:56:28 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2011/04/18 11:52:00 | 000,031,344 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)
DRV:64bit: - [2011/04/18 11:52:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2011/03/24 03:50:30 | 001,423,408 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/06 04:52:22 | 012,264,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/02/23 09:14:44 | 001,142,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/12/09 11:23:04 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2010/12/09 11:23:04 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2010/12/07 21:30:08 | 000,329,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010/12/03 13:01:58 | 000,031,592 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys -- (PHCORE)
DRV:64bit: - [2010/12/01 05:15:30 | 000,426,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2010/11/26 01:31:56 | 000,017,408 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DisplayLinkUsbPort_5.5.29055.0.sys -- (DisplayLinkUsbPort)
DRV:64bit: - [2010/11/24 05:24:24 | 000,145,448 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 06:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 06:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 04:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 04:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/19 23:06:22 | 000,162,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/11/19 23:06:20 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/11/05 07:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/19 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/14 08:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/21 18:14:10 | 000,164,992 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2010/09/07 15:09:34 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2010/08/26 20:14:10 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/06/30 01:27:08 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2010/06/23 01:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/03/08 12:59:16 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2010/03/08 12:59:16 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/03/08 12:59:16 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2010/02/04 23:20:26 | 000,015,360 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HP8207_8307.sys -- (HP8207_8307)
DRV:64bit: - [2009/07/15 09:17:56 | 000,082,992 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbtis.sys -- (sbtis)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 17:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 16:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/13 13:47:34 | 000,013,840 | ---- | M] (UPEK Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)
DRV - [2013/05/22 01:00:00 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20130522.016\ex64.sys -- (NAVEX15)
DRV - [2013/05/22 01:00:00 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20130522.016\eng64.sys -- (NAVENG)
DRV - [2013/01/08 12:26:30 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/08/12 01:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/12/09 13:01:06 | 000,032,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\EarthLink\Protection Control Center\TFilter.sys -- (TFilter)
DRV - [2010/12/09 13:00:58 | 000,050,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\EarthLink\Protection Control Center\KFilter.sys -- (KFilter)
DRV - [2010/03/08 12:59:16 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2010/03/08 12:59:16 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2010/03/08 12:59:16 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2408}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-re...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2408}: "URL" = http://dts.search-re...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{B3E40C8D-6100-4156-A41F-BDA85C39FCE8}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpa...7-E89A8F817265}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.earthlink.net
IE - HKLM\..\URLSearchHook: {7aeae561-714b-45f6-ace3-4a8aed6e227b} - C:\Program Files (x86)\VisualBee_V.1\prxtbVis1.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...mrud=06-09-2012
IE - HKLM\..\SearchScopes\{65A95FBF-F5AC-44fa-8112-5C493C4DE412}: "URL" = http://eimg.net/sw/t...q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2408}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{9d18b218-6967-44c7-961f-c8710bf24559}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{B3E40C8D-6100-4156-A41F-BDA85C39FCE8}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {F1BB23FC-5DEA-49D5-A219-0B8621A6C433}
IE - HKU\.DEFAULT\..\SearchScopes\{37461FDC-9F16-41F8-A65B-14DCB70C4B97}: "URL" = http://websearch.ask...44-4ED58F660755
IE - HKU\.DEFAULT\..\SearchScopes\{F1BB23FC-5DEA-49D5-A219-0B8621A6C433}: "URL" = http://search.condui...589698162363777
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {F1BB23FC-5DEA-49D5-A219-0B8621A6C433}
IE - HKU\S-1-5-18\..\SearchScopes\{37461FDC-9F16-41F8-A65B-14DCB70C4B97}: "URL" = http://websearch.ask...44-4ED58F660755
IE - HKU\S-1-5-18\..\SearchScopes\{F1BB23FC-5DEA-49D5-A219-0B8621A6C433}: "URL" = http://search.condui...589698162363777
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....ponse/index.jsp

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....ponse/index.jsp

IE - HKU\S-1-5-21-2677796953-2230782834-2214540773-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.delta-sea...C79E89A8F817265
IE - HKU\S-1-5-21-2677796953-2230782834-2214540773-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
IE - HKU\S-1-5-21-2677796953-2230782834-2214540773-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2677796953-2230782834-2214540773-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-2677796953-2230782834-2214540773-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.earthlink.net
IE - HKU\S-1-5-21-2677796953-2230782834-2214540773-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-2677796953-2230782834-2214540773-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpa...7-E89A8F817265}
IE - HKU\S-1-5-21-2677796953-2230782834-2214540773-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2677796953-2230782834-2214540773-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-2677796953-2230782834-2214540773-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-2677796953-2230782834-2214540773-1000\..\URLSearchHook: {7aeae561-714b-45f6-ace3-4a8aed6e227b} - C:\Program Files (x86)\VisualBee_V.1\prxtbVis1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2677796953-2230782834-2214540773-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2677796953-2230782834-2214540773-1000\..\SearchScopes,DefaultScope = {00D6BC4D-E21F-4223-B45A-9DB07767033C}
IE - HKU\S-1-5-21-2677796953-2230782834-2214540773-1000\..\SearchScopes\{00D6BC4D-E21F-4223-B45A-9DB07767033C}: "URL" = http://search.condui...1943222618&UM=2
IE - HKU\S-1-5-21-2677796953-2230782834-2214540773-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://mixidj.delta-...C79E89A8F817265
IE - HKU\S-1-5-21-2677796953-2230782834-2214540773-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...44-4ED58F660755
IE - HKU\S-1-5-21-2677796953-2230782834-2214540773-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKU\S-1-5-21-2677796953-2230782834-2214540773-1000\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...mrud=06-09-2012
IE - HKU\S-1-5-21-2677796953-2230782834-2214540773-1000\..\SearchScopes\{5F29C113-0E60-4B9D-B4BD-5706FF68B923}: "URL" = http://websearch.ask...30-4EDA8C2968DE
IE - HKU\S-1-5-21-2677796953-2230782834-2214540773-1000\..\SearchScopes\{5FEF5CF4-50B1-4ABE-A0F9-609B22555473}: "URL" = http://us.yhs4.searc...p={searchTerms}
IE - HKU\S-1-5-21-2677796953-2230782834-2214540773-1000\..\SearchScopes\{65A95FBF-F5AC-44fa-8112-5C493C4DE412}: "URL" = http://eimg.net/sw/t...q={searchTerms}
IE - HKU\S-1-5-21-2677796953-2230782834-2214540773-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-2677796953-2230782834-2214540773-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKU\S-1-5-21-2677796953-2230782834-2214540773-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKU\S-1-5-21-2677796953-2230782834-2214540773-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2408}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKU\S-1-5-21-2677796953-2230782834-2214540773-1000\..\SearchScopes\{B1A500E0-A352-46E5-B0BF-38DF195EF481}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKU\S-1-5-21-2677796953-2230782834-2214540773-1000\..\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}: "URL" = http://www.ask.com/w...q={searchTerms}
IE - HKU\S-1-5-21-2677796953-2230782834-2214540773-1000\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.co...id=80995&lng=en
IE - HKU\S-1-5-21-2677796953-2230782834-2214540773-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2677796953-2230782834-2214540773-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-2677796953-2230782834-2214540773-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8080


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@ReferenceBoss_1p.com/Plugin: C:\Program Files (x86)\ReferenceBoss_1p\bar\1.bin\NP1pStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\www.exent.com/GameTreatWidget: C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\intel.com/AppUp: C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
FF - HKCU\Software\MozillaPlugins\intel.com/AppUpx64: C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/09/09 22:13:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\tina\AppData\Local\RewardsArcade\498\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5 [2013/05/20 13:28:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\SiteRanker\firefox\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\Program Files\Updater By SweetPacks\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\Program Files\Updater By SweetPacks\Firefox
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\LyricsFinder\FF\ [2013/06/06 03:47:59 | 000,000,000 | ---D | M]

[2013/06/01 02:47:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2013/06/01 02:47:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/05/30 20:04:12 | 000,000,000 | ---D | M] (DownloadTerms) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2012/10/19 16:18:49 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2012/02/08 05:42:59 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012/10/19 16:18:57 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/11/30 17:06:15 | 000,002,275 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\ask.xml
[2012/09/18 16:41:55 | 000,159,818 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\testlog.txt
[2012/07/11 11:26:14 | 000,001,068 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahootc.xml

========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/...l_date=20111009
CHR - default_search_provider: suggest_url = http://api.bing.com/...n.aspx?query=%s,
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: BrowserProtect (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll
CHR - plugin: npDefaultTabSearch plugin (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.17_0\plugins/npDefaultTabSearch.dll
CHR - plugin: Inbox Toolbar (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apgjagobplilmcdfelodhgefiidomnfl\1.0.0.9_0\plugins/npIbxTbr.dll
CHR - plugin: Universal NPlugin (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apgjagobplilmcdfelodhgefiidomnfl\1.0.0.9_0\plugins/npUniPlugin.dll
CHR - plugin: registryAccess (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.15.36218_0\background/registryAccess.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlndmljfcnlkbcbbneenigbpikmdfcdh\10.13.20.29_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlndmljfcnlkbcbbneenigbpikmdfcdh\10.13.20.29_0\plugins/np-cwmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll
CHR - plugin: Foxit PhantomPDF Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: AppUp (Enabled) = C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: DocuCom PDF Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
CHR - plugin: RocketLife Secure Plug-In Layer (Enabled) = C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
CHR - plugin: Google Update (Enabled) = C:\Users\user\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Ask Toolbar = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.15.36218_0\
CHR - Extension: Swag Bucks = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apjkpjchfbckhjhokinlgdbmibpbbjak\10.16.4.512_0\
CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Logo Maker = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciojdpgahhgdpmlhnocojjfhkfdmemdh\1_0\
CHR - Extension: Google Search = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmelius - Ad Blocker and Better UI for Gmail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dheionainndbbpoacpnopgmnihkcmnkl\5.7.3_0\
CHR - Extension: Bizodo Free Online Form and Survey Builder = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmmdbcdicmnpoigpgglogaongampheh\1.2.1.8_0\
CHR - Extension: FromDocToPDF = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkplfhgdoihgnihdeobncmjgkplkpgpj\4.94.1.26172_0\
CHR - Extension: Search All = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eekjldapjblgadclklmgolijbagmdnfk\2.1.5_0\
CHR - Extension: PicMonkey = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm\1.5_0\
CHR - Extension: JotForm = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\finjdnhagcdiikmofgpgkmebpmbjcdhf\0.0.0.6_0\
CHR - Extension: Attachments.me for Gmail, Dropbox, Box, Drive = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdgofjdapkmlgpgjfielacjckplcdjjk\1.7.4_0\
CHR - Extension: Attachments.me for Gmail, Dropbox, Box, Drive = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdgofjdapkmlgpgjfielacjckplcdjjk\1.7.4_0\.mustache
CHR - Extension: AdBlock = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.64_0\
CHR - Extension: DocuSign = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\goblijolcnempeilmnkmfbhohlpngemd\2.1.0.0_0\
CHR - Extension: Get SwagBucks Easily = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbbpapaladcfcjneeiphcbocnligoljb\0.5_0\
CHR - Extension: Pixlr Editor = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk\1.2_0\
CHR - Extension: SnapPages = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\iedpncdncgcneohjpggphlkhjofphgkf\1.0.1_0\
CHR - Extension: Free Website Builder & Design Engine - Breezi = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcddmlaijhcifebdodoofgaojgnahlhk\1.7.3_0\
CHR - Extension: HelloSign: Online signatures made easy = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajjckmbclbffbpecfbiecehkfgopppd\1.12_0\
CHR - Extension: Inkspector = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lempeiohnolnmffododaeplaicmmjjnk\1.1.1_0\
CHR - Extension: Quick Note = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok\1.4.8_0\
CHR - Extension: AVG Security Toolbar = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.2.0.5_0\
CHR - Extension: VisualBee V.1 = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlndmljfcnlkbcbbneenigbpikmdfcdh\10.16.4.512_0\
CHR - Extension: Minimalist for Gmail (DEPRECATED!) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\oddhbkghjoccbljmagcgoklbfdjeiinb\1.7.43_0\
CHR - Extension: Picasa = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb\6.2.2_0\
CHR - Extension: Gmail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/06/01 02:52:57 | 000,450,974 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 192.168.10.6 exchange
O1 - Hosts: 192.168.10.6 exchange.north.local
O1 - Hosts: 192.168.2.2 sql
O1 - Hosts: 192.168.2.2 sql.north.local
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 15487 more lines...
O2:64bit: - BHO: (no name) - {AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} - No CLSID value found.
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Accelerator Plugin) - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files (x86)\EarthLink Accelerator\prpl_IePopupBlocker.dll (Propel Software Corporation)
O2 - BHO: (VisualBee V.1 Toolbar) - {7aeae561-714b-45f6-ace3-4a8aed6e227b} - C:\Program Files (x86)\VisualBee_V.1\prxtbVis1.dll (Conduit Ltd.)
O2 - BHO: (ElnkProtectionBHO Class) - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files (x86)\EarthLink\Toolbar\ProtctIE.dll (EarthLink, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (Reg Error: Value error.) - {AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} - Reg Error: Value error. File not found
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (VisualBee V.1 Toolbar) - {7aeae561-714b-45f6-ace3-4a8aed6e227b} - C:\Program Files (x86)\VisualBee_V.1\prxtbVis1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (EarthLink Toolbar) - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files (x86)\EarthLink\Toolbar\Toolbar.dll (EarthLink, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (VisualBee V.1 Toolbar) - {7AEAE561-714B-45F6-ACE3-4A8AED6E227B} - C:\Program Files (x86)\VisualBee_V.1\prxtbVis1.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (EarthLink Toolbar) - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files (x86)\EarthLink\Toolbar\Toolbar.dll (EarthLink, Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (VisualBee V.1 Toolbar) - {7AEAE561-714B-45F6-ACE3-4A8AED6E227B} - C:\Program Files (x86)\VisualBee_V.1\prxtbVis1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (EarthLink Toolbar) - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files (x86)\EarthLink\Toolbar\Toolbar.dll (EarthLink, Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-2677796953-2230782834-2214540773-1000\..\Toolbar\WebBrowser: (no name) - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - No CLSID value found.
O3 - HKU\S-1-5-21-2677796953-2230782834-2214540773-1000\..\Toolbar\WebBrowser: (VisualBee V.1 Toolbar) - {7AEAE561-714B-45F6-ACE3-4A8AED6E227B} - C:\Program Files (x86)\VisualBee_V.1\prxtbVis1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2677796953-2230782834-2214540773-1000\..\Toolbar\WebBrowser: (EarthLink Toolbar) - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files (x86)\EarthLink\Toolbar\Toolbar.dll (EarthLink, Inc.)
O3 - HKU\S-1-5-21-2677796953-2230782834-2214540773-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4:64bit: - HKLM..\Run: [ALCKRESI.EXE] C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SRSAENotifier] C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe (SRS Labs, Inc.)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Sendori Tray] C:\Program Files (x86)\Sendori\SendoriTray.exe (Sendori, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe (AVG Secure Search)
O4 - HKU\.DEFAULT..\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup File not found
O4 - HKU\S-1-5-18..\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup File not found
O4 - HKU\S-1-5-19..\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup File not found
O4 - HKU\S-1-5-20..\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup File not found
O4 - HKU\S-1-5-21-2677796953-2230782834-2214540773-1000..\Run: [Driver Restore] C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe (PC Drivers Headquarters)
O4 - HKU\S-1-5-21-2677796953-2230782834-2214540773-1000..\Run: [PC Antivirus] C:\Program Files (x86)\PC Antivirus\PCCleanerAV.exe (PC Cleaners Inc.)
O4 - HKU\S-1-5-21-2677796953-2230782834-2214540773-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4:64bit: - HKLM..\RunOnce: [GrpConv] C:\Windows\SysNative\grpconv.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [removeSearchqudatamngr] cmd.exe /c RD /S /Q "C:\Program Files (x86)\Searchqu Toolbar" File not found
O4 - HKLM..\RunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar" File not found
O4 - Startup: C:\Users\tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyEnTunnel.lnk.disabled ()
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Safety present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2677796953-2230782834-2214540773-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2677796953-2230782834-2214540773-1000\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-2677796953-2230782834-2214540773-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2677796953-2230782834-2214540773-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKU\S-1-5-21-2677796953-2230782834-2214540773-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html ()
O8:64bit: - Extra context menu item: EarthLink Google Search - C:\Program Files (x86)\EarthLink\Toolbar\SearchUI.dll (EarthLink, Inc.)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html ()
O8 - Extra context menu item: EarthLink Google Search - C:\Program Files (x86)\EarthLink\Toolbar\SearchUI.dll (EarthLink, Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\SysWow64\Sendori.dll (Sendori)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=724 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B1EA593-BB4E-4782-87C5-4D2A7440E85C}: DhcpNameServer = 66.174.92.14 69.78.96.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DDDB9B9-EF60-464C-A5D7-3A6233D3BBEF}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DDDB9B9-EF60-464C-A5D7-3A6233D3BBEF}: NameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49FED173-A3B1-412A-9E77-1709DC409BF3}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A32EFC10-9DBB-46CB-B0AC-AD1F398E74D8}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A32EFC10-9DBB-46CB-B0AC-AD1F398E74D8}: NameServer = 216.146.35.240,216.146.36.240,10.0.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0cad8d05-4994-11e2-bc64-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0cad8d05-4994-11e2-bc64-806e6f6e6963}\Shell\AutoRun\command - "" = D:\ToolLauncher-Bootstrap.exe
O33 - MountPoints2\{1f825b12-6414-11e2-be8c-e89a8f817265}\Shell - "" = AutoRun
O33 - MountPoints2\{1f825b12-6414-11e2-be8c-e89a8f817265}\Shell\AutoRun\command - "" = D:\setup.exe -a
O33 - MountPoints2\{308c5746-ad44-11e0-b43b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f9d5f446-5740-11e2-ad27-e89a8f817265}\Shell - "" = AutoRun
O33 - MountPoints2\{f9d5f446-5740-11e2-ad27-e89a8f817265}\Shell\AutoRun\command - "" = D:\ToolLauncher-Bootstrap.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\ToolLauncher-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^StrongVaultApp.exe - - File not found
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: Symantec Antvirus - Service
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: ccEvtMgr - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: ccSetMgr - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SBAMSvc - C:\Program Files (x86)\Common Files\AntiVirus\SBAMSvc.exe (Sunbelt Software)
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: Symantec Antivirus - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootMin: Symantec Antvirus - Service
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B0A4662E-A094-028F-C31C-3896E4043909} - Themes Setup
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.dvacm - C:\Program Files (x86)\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mpegacm - C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.ulmp3acm - C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.xvid - C:\Windows\SysWow64\xvid.dll ()

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084

========== Files/Folders - Created Within 30 Days ==========

[2013/06/20 01:52:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013/06/17 05:39:25 | 000,000,000 | ---D | C] -- C:\Users\user\Trial Products
[2013/06/16 11:48:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BeCyPDFMetaEdit
[2013/06/16 11:48:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BeCyPDFMetaEdit
[2013/06/14 10:14:20 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\CrashDumps
[2013/06/14 04:22:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lazesoft Data Recovery
[2013/06/14 04:22:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lazesoft Windows Data Recovery
[2013/06/08 05:37:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2013/06/08 05:18:46 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Broadcom
[2013/06/06 03:48:05 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Image Editor Packages
[2013/06/06 03:48:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Converter
[2013/06/06 03:48:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Image Converter
[2013/06/06 03:47:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyricsFinder
[2013/06/06 03:04:00 | 000,000,000 | ---D | C] -- C:\ProgramData\PDFEditor
[2013/06/06 03:03:59 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Wondershare
[2013/06/06 02:47:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FromDocToPDF_65 Chrome Extension
[2013/06/03 08:03:07 | 000,000,000 | ---D | C] -- C:\temp
[2013/06/03 04:49:10 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\CrashRpt
[2013/06/02 19:16:02 | 000,000,000 | ---D | C] -- C:\Users\user\References
[2013/06/01 17:52:40 | 000,000,000 | R--D | C] -- C:\Users\user\Documents\Notes
[2013/06/01 11:59:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Hotspot Shield
[2013/06/01 11:59:52 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Hotspot Shield
[2013/06/01 11:58:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free PDF Unlocker
[2013/06/01 11:58:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free PDF Unlocker
[2013/06/01 11:56:53 | 008,311,568 | ---- | C] (SweetIM Technologies Ltd.) -- C:\Users\user\Desktop\bundlesweetimsetup.exe
[2013/06/01 11:56:53 | 006,090,240 | ---- | C] (rSpark) -- C:\Users\user\Desktop\freepdfunlocker_setup.exe
[2013/06/01 05:01:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/06/01 04:50:58 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\SparkTrust
[2013/06/01 04:50:50 | 000,000,000 | ---D | C] -- C:\ProgramData\SparkTrust
[2013/06/01 04:23:45 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Safer Networking
[2013/06/01 04:01:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lazesoft Windows Recovery
[2013/06/01 04:01:00 | 000,000,000 | ---D | C] -- C:\Program Files\Lazesoft Windows Recovery
[2013/06/01 04:00:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lazesoft Windows Recovery
[2013/06/01 02:41:15 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Open Files
[2013/06/01 02:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2013/05/31 05:18:35 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Freemium - Software for Free_files
[2013/05/31 03:53:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Type Helper
[2013/05/31 03:53:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fast Free Converter
[2013/05/31 03:53:13 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\JollyWallet
[2013/05/30 20:04:10 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\DownloadTerms
[2013/05/30 20:03:55 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\WebCake
[2013/05/30 20:03:52 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Western Digital
[2013/05/30 20:01:56 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
[2013/05/30 20:00:36 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\SwvUpdater
[2013/05/30 20:00:12 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Media Finder
[2013/05/30 20:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
[2013/05/30 20:00:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Media Finder
[2013/05/30 19:59:38 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Foresight Software
[2013/05/30 19:59:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Foresight Software
[2013/05/30 19:26:25 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Zip Opener Packages
[2013/05/30 19:26:22 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
[2013/05/30 19:26:21 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender
[2013/05/30 19:25:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open It!
[2013/05/30 19:25:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenIt
[2013/05/30 19:25:55 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\DSite
[2013/05/30 18:07:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Registry Optimizer
[2013/05/29 15:12:07 | 000,000,000 | -HSD | C] -- C:\found.000
[2013/05/29 06:46:36 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Nico Mak Computing
[2013/05/29 06:46:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip Registry Optimizer
[2013/05/28 15:51:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/05/28 15:51:23 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Programs
[2013/05/28 14:20:22 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013/05/28 13:55:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vafmusic
[2013/05/28 13:54:28 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Uniblue
[2013/05/28 13:54:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2013/05/28 13:54:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SingAlong
[2013/05/27 00:40:51 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/05/26 19:10:35 | 000,000,000 | ---D | C] -- C:\Users\user\Email Accts
[7 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[7 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/20 01:41:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013/06/17 02:50:01 | 000,747,452 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/17 02:50:01 | 000,638,082 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/17 02:50:01 | 000,112,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/17 02:47:55 | 000,524,288 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013/06/17 02:45:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/17 02:44:52 | 3095,769,088 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/16 11:48:03 | 000,001,012 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\BeCyPDFMetaEdit.lnk
[2013/06/16 11:48:03 | 000,000,988 | ---- | M] () -- C:\Users\Public\Desktop\BeCyPDFMetaEdit.lnk
[2013/06/16 00:42:32 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\DriverUpdate Startup.job
[2013/06/15 06:10:00 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013/06/15 06:08:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2013/06/15 05:30:11 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\SLOW-PCfighter64-Tina-Notification.job
[2013/06/15 05:29:52 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2677796953-2230782834-2214540773-1000UA.job
[2013/06/15 05:29:19 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013/06/14 06:35:00 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\PCCleaners-Daily-06-35-02.job
[2013/06/14 04:22:11 | 000,001,461 | ---- | M] () -- C:\Users\Public\Desktop\Lazesoft Data Recovery for Windows 32 bit.lnk
[2013/06/13 06:44:38 | 000,015,712 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2013/06/07 21:25:08 | 000,000,440 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2013/06/06 10:02:57 | 000,004,589 | ---- | M] () -- C:\Windows\wininit.ini
[2013/06/06 03:49:29 | 000,001,106 | ---- | M] () -- C:\Users\user\Desktop\Continue Image Editor Installation.lnk
[2013/06/06 03:48:01 | 000,001,241 | ---- | M] () -- C:\Users\Public\Desktop\Image Converter.lnk
[2013/06/06 03:48:00 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\Lyrics Finder Update.job
[2013/06/06 03:04:03 | 000,001,146 | ---- | M] () -- C:\Users\Public\Desktop\Wondershare PDF Editor.lnk
[2013/06/05 18:41:53 | 000,000,660 | ---- | M] () -- C:\Users\user\Documents\Libraries - Shortcut.lnk
[2013/06/03 08:02:51 | 000,001,072 | ---- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2013/06/03 08:02:51 | 000,001,062 | ---- | M] () -- C:\Users\user\Desktop\MyPC Backup.lnk
[2013/06/03 03:55:55 | 000,051,223 | ---- | M] () -- C:\Users\user\Desktop\Generate report _ Diigo 5 Ref List for Loan 6.2.13.pdf
[2013/06/03 01:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Regwork.job
[2013/06/02 19:16:59 | 000,046,464 | ---- | M] () -- C:\Generate report _ Diigo 5 Ref. Loan 6.2.13.pdf
[2013/06/02 08:47:11 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\SBRC.dat
[2013/06/01 17:30:50 | 000,000,000 | ---- | M] () -- C:\Users\user\AppData\Roaming\bibstats
[2013/06/01 16:33:19 | 000,025,772 | ---- | M] () -- C:\Users\user\Desktop\Chase Mar 2013 Statement.pdf
[2013/06/01 14:51:48 | 000,028,325 | ---- | M] () -- C:\Windows\unins000.dat
[2013/06/01 14:51:41 | 000,714,501 | ---- | M] () -- C:\Windows\unins000.exe
[2013/06/01 12:00:17 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Hotspot Shield Launch.lnk
[2013/06/01 11:59:49 | 000,000,478 | ---- | M] () -- C:\Windows\tasks\DGChrome4943 Watcher.job
[2013/06/01 11:59:14 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\EPUpdater.job
[2013/06/01 11:58:40 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\Free PDF Unlocker.lnk
[2013/06/01 11:57:41 | 008,311,568 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Users\user\Desktop\bundlesweetimsetup.exe
[2013/06/01 11:57:12 | 006,090,240 | ---- | M] (rSpark) -- C:\Users\user\Desktop\freepdfunlocker_setup.exe
[2013/06/01 04:42:42 | 000,000,490 | ---- | M] () -- C:\Windows\tasks\Driver Restore-RTMScan.job
[2013/06/01 04:42:42 | 000,000,488 | ---- | M] () -- C:\Windows\tasks\Driver Restore-RTMUpdater.job
[2013/06/01 04:42:42 | 000,000,478 | ---- | M] () -- C:\Windows\tasks\Driver Restore-RTMRules.job
[2013/06/01 03:57:35 | 000,000,478 | ---- | M] () -- C:\Windows\tasks\DGChrome8764 Watcher.job
[2013/06/01 03:23:49 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2013/06/01 02:52:57 | 000,450,974 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/06/01 02:28:21 | 000,001,257 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2013/05/31 14:54:48 | 000,000,207 | ---- | M] () -- C:\Users\user\Desktop\Amazon.url
[2013/05/31 05:18:36 | 000,010,123 | ---- | M] () -- C:\Users\user\Documents\Freemium - Software for Free.htm
[2013/05/30 20:00:37 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job
[2013/05/30 20:00:14 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\Media Finder.lnk
[2013/05/30 19:25:58 | 000,001,085 | ---- | M] () -- C:\Users\Public\Desktop\Open It!.lnk
[2013/05/30 19:19:51 | 000,000,290 | ---- | M] () -- C:\Windows\tasks\Registry Optimizer.job
[2013/05/30 19:19:48 | 000,001,101 | ---- | M] () -- C:\Users\Public\Desktop\WinZip Registry Optimizer.lnk
[2013/05/30 18:29:40 | 000,446,887 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130601-025257.backup
[2013/05/30 16:56:48 | 000,000,442 | ---- | M] () -- C:\Windows\tasks\SLOW-PCfighter64-Tina-Scheduled.job
[2013/05/29 15:13:32 | 000,009,792 | ---- | M] () -- C:\bootsqm.dat
[2013/05/27 12:54:39 | 000,031,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/27 12:54:39 | 000,031,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/27 02:14:08 | 000,000,000 | ---- | M] () -- C:\t1ds.2
[2013/05/23 02:28:00 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2013/05/22 16:27:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2677796953-2230782834-2214540773-1000Core.job
[2013/05/22 09:24:00 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\FB-Clean.job
[2013/05/22 02:00:25 | 000,001,464 | ---- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2013/05/21 17:50:42 | 000,325,920 | ---- | M] (Sendori) -- C:\Windows\SysWow64\Sendori.dll
[2013/05/21 15:58:10 | 000,000,025 | ---- | M] () -- C:\Users\user\AppData\Roaming\FileUndeleter.dat
[7 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[7 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/16 11:48:03 | 000,001,012 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\BeCyPDFMetaEdit.lnk
[2013/06/16 11:48:03 | 000,000,988 | ---- | C] () -- C:\Users\Public\Desktop\BeCyPDFMetaEdit.lnk
[2013/06/14 04:22:11 | 000,001,461 | ---- | C] () -- C:\Users\Public\Desktop\Lazesoft Data Recovery for Windows 32 bit.lnk
[2013/06/07 06:09:20 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013/06/06 03:49:29 | 000,001,106 | ---- | C] () -- C:\Users\user\Desktop\Continue Image Editor Installation.lnk
[2013/06/06 03:48:01 | 000,001,241 | ---- | C] () -- C:\Users\Public\Desktop\Image Converter.lnk
[2013/06/06 03:48:00 | 000,000,410 | ---- | C] () -- C:\Windows\tasks\Lyrics Finder Update.job
[2013/06/06 03:04:03 | 000,001,146 | ---- | C] () -- C:\Users\Public\Desktop\Wondershare PDF Editor.lnk
[2013/06/05 18:41:53 | 000,000,660 | ---- | C] () -- C:\Users\user\Documents\Libraries - Shortcut.lnk
[2013/06/03 09:00:01 | 000,000,460 | ---- | C] () -- C:\Users\user\Desktop\cc_20130518_000508.reg
[2013/06/03 08:02:51 | 000,001,062 | ---- | C] () -- C:\Users\user\Desktop\MyPC Backup.lnk
[2013/06/03 03:55:55 | 000,051,223 | ---- | C] () -- C:\Users\user\Desktop\Generate report _ Diigo 5 Ref List for Loan 6.2.13.pdf
[2013/06/03 02:25:07 | 000,002,459 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2013/06/03 02:25:07 | 000,002,230 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Marketsplash Print Software.lnk
[2013/06/03 02:25:07 | 000,002,110 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2013/06/03 02:25:07 | 000,002,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
[2013/06/03 02:25:07 | 000,001,634 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\JustCloud.lnk.disabled
[2013/06/03 02:25:07 | 000,001,464 | ---- | C] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2013/06/03 02:25:07 | 000,000,890 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2013/06/02 19:16:58 | 000,046,464 | ---- | C] () -- C:\Generate report _ Diigo 5 Ref. Loan 6.2.13.pdf
[2013/06/02 04:29:01 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\SBRC.dat
[2013/06/01 16:33:19 | 000,025,772 | ---- | C] () -- C:\Users\user\Desktop\Chase Mar 2013 Statement.pdf
[2013/06/01 14:51:48 | 000,714,501 | ---- | C] () -- C:\Windows\unins000.exe
[2013/06/01 14:51:48 | 000,028,325 | ---- | C] () -- C:\Windows\unins000.dat
[2013/06/01 12:00:17 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Hotspot Shield Launch.lnk
[2013/06/01 11:59:49 | 000,000,478 | ---- | C] () -- C:\Windows\tasks\DGChrome4943 Watcher.job
[2013/06/01 11:59:14 | 000,000,280 | ---- | C] () -- C:\Windows\tasks\EPUpdater.job
[2013/06/01 11:58:40 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\Free PDF Unlocker.lnk
[2013/06/01 04:42:42 | 000,000,490 | ---- | C] () -- C:\Windows\tasks\Driver Restore-RTMScan.job
[2013/06/01 04:42:42 | 000,000,488 | ---- | C] () -- C:\Windows\tasks\Driver Restore-RTMUpdater.job
[2013/06/01 04:42:42 | 000,000,478 | ---- | C] () -- C:\Windows\tasks\Driver Restore-RTMRules.job
[2013/06/01 03:57:35 | 000,000,478 | ---- | C] () -- C:\Windows\tasks\DGChrome8764 Watcher.job
[2013/06/01 02:28:21 | 000,001,257 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2013/05/31 05:18:35 | 000,010,123 | ---- | C] () -- C:\Users\user\Documents\Freemium - Software for Free.htm
[2013/05/31 03:16:16 | 000,000,207 | ---- | C] () -- C:\Users\user\Desktop\Amazon.url
[2013/05/30 20:01:56 | 000,001,072 | ---- | C] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2013/05/30 20:00:37 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\AmiUpdXp.job
[2013/05/30 20:00:14 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\Media Finder.lnk
[2013/05/30 19:25:58 | 000,001,085 | ---- | C] () -- C:\Users\Public\Desktop\Open It!.lnk
[2013/05/30 18:07:49 | 000,000,290 | ---- | C] () -- C:\Windows\tasks\Registry Optimizer.job
[2013/05/30 18:07:46 | 000,001,101 | ---- | C] () -- C:\Users\Public\Desktop\WinZip Registry Optimizer.lnk
[2013/05/29 15:13:32 | 000,009,792 | ---- | C] () -- C:\bootsqm.dat
[2013/05/27 02:14:08 | 000,000,000 | ---- | C] () -- C:\t1ds.2
[2013/05/21 15:42:23 | 000,000,025 | ---- | C] () -- C:\Users\user\AppData\Roaming\FileUndeleter.dat
[2013/02/18 22:54:17 | 000,069,440 | ---- | C] () -- C:\Windows\SysWow64\unPPC6000.exe
[2013/02/18 22:54:17 | 000,034,136 | ---- | C] () -- C:\Windows\SysWow64\RegHero.exe
[2013/02/18 22:54:16 | 000,255,296 | ---- | C] () -- C:\Windows\SysWow64\PPCInfo.exe
[2013/02/18 22:54:16 | 000,066,880 | ---- | C] () -- C:\Windows\SysWow64\PPCOUNIN.exe
[2013/02/18 22:54:16 | 000,040,600 | ---- | C] () -- C:\Windows\SysWow64\PPCClean.exe
[2013/02/18 22:54:16 | 000,028,992 | ---- | C] () -- C:\Windows\SysWow64\PopWait.exe
[2013/02/01 01:44:00 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2013/01/01 08:19:44 | 000,308,560 | ---- | C] () -- C:\Windows\SysWow64\vipre.dll
[2013/01/01 08:19:44 | 000,160,768 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/12/24 15:05:46 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012/12/19 06:25:54 | 000,004,608 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/17 05:01:03 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Roaming\bibstats
[2012/09/26 17:14:15 | 000,004,589 | ---- | C] () -- C:\Windows\wininit.ini
[2012/09/19 22:53:40 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012/09/05 22:03:03 | 000,007,600 | ---- | C] () -- C:\Users\user\AppData\Local\resmon.resmoncfg
[2012/09/05 17:34:38 | 000,000,092 | ---- | C] () -- C:\Users\user\AppData\Local\fusioncache.dat
[2012/08/08 03:50:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/07/12 05:51:28 | 000,602,112 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll
[2012/06/13 18:55:47 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\ICE_JNIRegistry.dll
[2012/06/12 22:42:21 | 000,102,912 | ---- | C] () -- C:\Windows\agent_x64.exe
[2012/05/03 03:34:19 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/02/21 03:27:44 | 000,764,084 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/08 22:39:41 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011/09/09 22:09:36 | 000,205,854 | ---- | C] () -- C:\Windows\hpoins49.dat
[2011/09/09 22:09:36 | 000,001,241 | ---- | C] () -- C:\Windows\hpomdl49.dat
[2011/08/05 02:28:30 | 016,515,072 | -HS- | C] () -- C:\Users\user\ntuser.BK1
[2011/08/04 12:26:58 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/07/13 04:45:07 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/07/13 04:45:06 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/07/13 04:45:06 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/07/13 04:29:38 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/07/17 22:11:57 | 000,000,000 | ---D | M] -- C:\Users\tina\AppData\Roaming\24x7 Help
[2012/02/07 03:12:12 | 000,000,000 | ---D | M] -- C:\Users\tina\AppData\Roaming\AcWizard
[2013/01/19 16:17:29 | 000,000,000 | ---D | M] -- C:\Users\tina\AppData\Roaming\AllinOnePDF
[2012/02/04 00:45:50 | 000,000,000 | ---D | M] -- C:\Users\tina\AppData\Roaming\Babylon
[2011/12/13 16:28:42 | 000,000,000 | ---D | M] -- C:\Users\tina\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/05/11 06:26:12 | 000,000,000 | ---D | M] -- C:\Users\tina\AppData\Roaming\DriverCure
[2012/02/08 05:43:28 | 000,000,000 | ---D | M] -- C:\Users\tina\AppData\Roaming\Foxit
[2013/01/26 05:05:17 | 000,000,000 | ---D | M] -- C:\Users\tina\AppData\Roaming\Foxit Software
[2012/06/12 13:56:34 | 000,000,000 | ---D | M] -- C:\Users\tina\AppData\Roaming\Genieo
[2011/08/04 12:28:18 | 000,000,000 | ---D | M] -- C:\Users\tina\AppData\Roaming\Leadertech
[2013/01/19 16:17:28 | 000,000,000 | ---D | M] -- C:\Users\tina\AppData\Roaming\PCPowerSpeed
[2011/10/09 06:54:01 | 000,000,000 | ---D | M] -- C:\Users\tina\AppData\Roaming\PlotSoft LLC
[2011/08/04 12:44:12 | 000,000,000 | ---D | M] -- C:\Users\tina\AppData\Roaming\PwrMgr
[2012/02/16 01:18:45 | 000,000,000 | ---D | M] -- C:\Users\tina\AppData\Roaming\QcWizard
[2012/09/18 22:12:07 | 000,000,000 | ---D | M] -- C:\Users\tina\AppData\Roaming\WhiteSmoke
[2011/10/10 12:04:19 | 000,000,000 | ---D | M] -- C:\Users\tina\AppData\Roaming\Winff
[2013/02/15 11:48:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\0T1F0D1F2W1G1I1F1T1Q
[2013/02/20 08:13:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Avanquest
[2013/06/01 04:34:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVPro
[2013/01/26 05:05:11 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Canon
[2013/06/17 14:28:45 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Clip Art Collection
[2012/10/07 03:43:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\com.w3i.intune
[2013/06/06 03:48:04 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DealPly
[2012/08/20 00:01:42 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DefaultTab
[2012/12/04 15:37:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DownloadManagerPackages
[2012/08/14 03:07:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DriverCure
[2013/05/30 19:25:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DSite
[2013/06/01 05:08:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\EarthLink
[2013/02/24 11:33:47 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Fighters
[2013/03/22 11:42:35 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FixBee
[2013/06/01 05:08:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Foresight Software
[2013/06/03 05:15:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Foxit Software
[2013/06/01 11:59:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Hotspot Shield
[2013/06/06 03:48:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Image Editor Packages
[2012/08/30 22:40:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ioRevolution, Inc
[2011/08/05 02:31:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Leadertech
[2013/06/03 01:15:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Lenovo
[2013/05/30 20:00:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Media Finder
[2013/03/12 22:57:48 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\MusicNet
[2013/05/29 06:46:36 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Nico Mak Computing
[2013/02/17 12:21:01 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Nuance
[2013/02/22 06:22:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PandoraRecovery
[2013/01/01 07:35:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PC Cleaners
[2012/09/18 01:16:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PCCUStubInstaller
[2013/02/24 10:02:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PCDr
[2013/03/15 00:38:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PCFixSpeed
[2013/02/10 02:38:21 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PCPro
[2011/08/04 12:25:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PwrMgr
[2013/06/01 04:23:45 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Safer Networking
[2013/01/09 01:06:47 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\searchqutoolbar
[2013/05/30 16:43:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SoftGrid Client
[2013/06/01 05:08:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SparkTrust
[2013/02/22 17:32:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Strongvault
[2012/12/12 04:05:21 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Systweak
[2013/03/21 15:29:13 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ulead Systems
[2013/05/28 13:54:28 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Uniblue
[2013/06/02 08:09:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WebCake
[2013/06/06 03:04:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Wondershare
[2013/02/17 12:12:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Zeon
[2013/05/30 19:26:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Zip Opener Packages

========== Purity Check ==========



========== Custom Scans ==========

< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >
[2009/07/13 22:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/13 22:08:49 | 000,032,620 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/08/05 02:28:56 | 000,000,466 | ---- | C] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
[2011/08/05 02:28:57 | 000,000,528 | ---- | C] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/08/12 15:51:58 | 000,000,904 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2420808707-731644685-444550422-1111UA.job
[2011/10/08 18:48:20 | 000,000,408 | ---- | C] () -- C:\Windows\Tasks\PC Optimizer Pro64 startups.job
[2012/04/04 07:07:40 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012/06/13 19:06:50 | 000,000,384 | ---- | C] () -- C:\Windows\Tasks\Regwork.job
[2012/07/18 02:12:35 | 000,000,852 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2420808707-731644685-444550422-1111Core1cd64c578811c8f.job
[2012/08/14 16:24:10 | 000,000,852 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2677796953-2230782834-2214540773-1000Core.job
[2012/08/14 16:24:10 | 000,000,904 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2677796953-2230782834-2214540773-1000UA.job
[2012/08/22 16:53:42 | 000,000,336 | ---- | C] () -- C:\Windows\Tasks\HP Photo Creations Communicator.job
[2012/09/05 19:39:55 | 000,000,382 | ---- | C] () -- C:\Windows\Tasks\SLOW-PCfighter64-Tina-Notification.job
[2012/09/17 01:18:20 | 000,000,418 | ---- | C] () -- C:\Windows\Tasks\SpeedyPC Pro.job
[2012/09/27 11:39:44 | 000,000,316 | ---- | C] () -- C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
[2012/12/19 16:42:18 | 000,000,442 | ---- | C] () -- C:\Windows\Tasks\SLOW-PCfighter64-Tina-Scheduled.job
[2012/12/24 15:10:26 | 000,000,416 | ---- | C] () -- C:\Windows\Tasks\DriverUpdate Startup.job
[2013/01/01 15:13:28 | 000,000,304 | ---- | C] () -- C:\Windows\Tasks\PCCleaners-Daily-06-35-02.job
[2013/01/17 23:00:43 | 000,000,324 | ---- | C] () -- C:\Windows\Tasks\FB-Clean.job
[2013/05/30 18:07:49 | 000,000,290 | ---- | C] () -- C:\Windows\Tasks\Registry Optimizer.job
[2013/05/30 20:00:37 | 000,000,352 | ---- | C] () -- C:\Windows\Tasks\AmiUpdXp.job
[2013/06/01 03:57:35 | 000,000,478 | ---- | C] () -- C:\Windows\Tasks\DGChrome8764 Watcher.job
[2013/06/01 04:42:42 | 000,000,478 | ---- | C] () -- C:\Windows\Tasks\Driver Restore-RTMRules.job
[2013/06/01 04:42:42 | 000,000,488 | ---- | C] () -- C:\Windows\Tasks\Driver Restore-RTMUpdater.job
[2013/06/01 04:42:42 | 000,000,490 | ---- | C] () -- C:\Windows\Tasks\Driver Restore-RTMScan.job
[2013/06/01 11:59:14 | 000,000,280 | ---- | C] () -- C:\Windows\Tasks\EPUpdater.job
[2013/06/01 11:59:49 | 000,000,478 | ---- | C] () -- C:\Windows\Tasks\DGChrome4943 Watcher.job
[2013/06/06 03:48:00 | 000,000,410 | ---- | C] () -- C:\Windows\Tasks\Lyrics Finder Update.job
[2013/06/07 06:09:20 | 000,000,350 | ---- | C] () -- C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

< MD5 for: AFD.SYS >
[2011/12/27 20:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\SysNative\drivers\afd.sys
[2011/12/27 20:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
[2011/12/27 21:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
[2010/11/20 20:24:08 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011/04/24 19:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011/04/24 20:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: EXPLORER.EXE >
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 20:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 20:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: NETBT.SYS >
[2010/11/20 20:23:51 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\SysNative\drivers\netbt.sys
[2010/11/20 20:23:51 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys

< MD5 for: SERVICES.EXE >
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TDX.SYS >
[2010/11/20 20:24:32 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\SysNative\drivers\tdx.sys
[2010/11/20 20:24:32 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys

< MD5 for: VOLSNAP.SYS >
[2010/11/20 20:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\drivers\volsnap.sys
[2010/11/20 20:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
[2010/11/20 20:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys

< MD5 for: WININIT.EXE >
[2009/07/13 18:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/13 18:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/13 18:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/13 18:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 20:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 20:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\tina\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/06 23:43:41 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\tina\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/06 23:43:41 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\tina\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/06 23:43:41 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\tina\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/08/06 23:43:41 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.MRACUZ2KDIZVDGZ3GAUH2WK2YQ\InstallInfo\\ShowIconsCommand: "C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2013/04/09 01:57:09 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.MRACUZ2KDIZVDGZ3GAUH2WK2YQ\InstallInfo\\HideIconsCommand: "C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2013/04/09 01:57:09 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.MRACUZ2KDIZVDGZ3GAUH2WK2YQ\InstallInfo\\ReinstallCommand: "C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/04/09 01:57:09 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.MRACUZ2KDIZVDGZ3GAUH2WK2YQ\shell\open\command\\: "C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe" [2013/04/09 01:57:09 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/05/20 14:41:31 | 000,775,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2013/05/20 14:41:31 | 000,775,232 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\USERS\TINA\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/08/06 23:43:41 | 001,229,848 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\USERS\TINA\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/08/06 23:43:41 | 001,229,848 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\USERS\TINA\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/08/06 23:43:41 | 001,229,848 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\USERS\TINA\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/08/06 23:43:41 | 001,229,848 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.MRACUZ2KDIZVDGZ3GAUH2WK2YQ\InstallInfo\\ShowIconsCommand: "C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2013/04/09 01:57:09 | 001,312,720 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.MRACUZ2KDIZVDGZ3GAUH2WK2YQ\InstallInfo\\HideIconsCommand: "C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2013/04/09 01:57:09 | 001,312,720 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.MRACUZ2KDIZVDGZ3GAUH2WK2YQ\InstallInfo\\ReinstallCommand: "C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2013/04/09 01:57:09 | 001,312,720 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.MRACUZ2KDIZVDGZ3GAUH2WK2YQ\shell\open\command\\: "C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2013/04/09 01:57:09 | 001,312,720 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2013/05/20 14:41:31 | 000,051,712 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2013/05/20 14:41:31 | 000,051,712 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2013/05/20 14:41:31 | 000,051,712 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2013/05/20 14:41:31 | 000,775,232 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE [2013/05/20 14:41:31 | 000,775,232 | ---- | M] (Microsoft Corporation)

< HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s >
"" = PSFactoryBuffer
[HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemsvc.dll -- [2009/07/13 18:16:17 | 000,047,616 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\SysWOW64\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\SysWOW64\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

< End of report >

[tgill123]

Hi ST

Here is the second report from the scan you asked me to run - Thank you so much for working with me.

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-06-20 03:07:08
-----------------------------
03:07:08.809 OS Version: Windows x64 6.1.7601 Service Pack 1
03:07:08.809 Number of processors: 4 586 0x2A07
03:07:08.810 ComputerName: LPT2011080401 UserName: Tina
03:07:13.088 Initialize success
03:14:34.704 AVAST engine defs: 13061901
03:16:20.530 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
03:16:20.532 Disk 0 Vendor: HITACHI_ EC2Z Size: 305245MB BusType: 3
03:16:20.761 Disk 0 MBR read successfully
03:16:20.763 Disk 0 MBR scan
03:16:20.854 Disk 0 unknown MBR code
03:16:20.885 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048
03:16:20.904 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 304043 MB offset 2459648
03:16:21.088 Disk 0 scanning C:\Windows\system32\drivers
03:16:46.791 Service scanning
03:46:23.203 Modules scanning
03:46:23.212 Disk 0 trace - called modules:
03:46:23.218
03:46:27.049 AVAST engine scan C:\Windows
03:46:32.841 AVAST engine scan C:\Windows\system32
03:53:47.770 AVAST engine scan C:\Windows\system32\drivers
03:54:24.050 AVAST engine scan C:\Users\user
04:20:03.089 AVAST engine scan C:\ProgramData
04:24:21.059 Scan finished successfully
06:19:12.750 Disk 0 MBR has been saved successfully to "C:\Users\user\Computer Jargen\Geeks To Go\New folder\MBR.dat"
06:19:12.756 The log file has been saved successfully to "C:\Users\

[SweetTech]

Hi tgill123!

Not a problem at all. I'm glad to be of assistance.

Well lets take a look and see what we have to work with here.

Can you please let me know what Anti-Virus program you are using?

You seem to have quite a lot going on in your logs. We need to download and run a more powerful tool.

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt for further review.

[SweetTech]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.