Jump to content

SL8700

Honorary Members
  • Posts

    34
  • Joined

  • Last visited

Everything posted by SL8700

  1. Yes please, sorry, I've just been extremely busy. Will do a fresh one for you tonight.
  2. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 Run by Sam at 20:04:32 on 2013-02-06 . ============== Running Processes ================ . D:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Program Files (x86)\Online Armor\OAcat.exe C:\Program Files (x86)\Online Armor\oasrv.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe D:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe C:\Program Files (x86)\Online Armor\oaui.exe C:\Program Files (x86)\WordWeb\wweb32.exe C:\Users\Sam\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe D:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe C:\Users\Sam\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files (x86)\Online Armor\OAhlp.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Program Files (x86)\Everything\Everything.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Nero\Update\NASvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.co.uk/ BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Microsoft Web Test Recorder 10.0 Helper: {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - D:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL EB: Web Test Recorder 10.0: {3142c289-f319-47f5-a594-a827028714c9} - uRun: [WordWeb] "C:\Program Files (x86)\WordWeb\wweb32.exe" -startup uRun: [spotify Web Helper] "C:\Users\Sam\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" uRun: [Advanced SystemCare 6] "D:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY mRun: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" dRun: [Advanced SystemCare 6] "D:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: {E34F52FE-7769-46CE-8F8B-5E8ABAD2E9FC} - hxxps://webmail-eu.towerswatson.com/CACHE/sdesktop/install/binaries/instweb.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab TCP: NameServer = 192.168.1.254 192.168.1.254 TCP: Interfaces\{4CB81583-68DC-40B1-ABA5-FD3EA5118C3B} : DHCPNameServer = 192.168.1.254 192.168.1.254 TCP: Interfaces\{4CB81583-68DC-40B1-ABA5-FD3EA5118C3B}\C49667 : DHCPNameServer = 192.168.2.1 Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1403.0\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned> x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe x64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" x64-Run: [intelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp x64-Run: [@OnlineArmor GUI] "C:\Program Files (x86)\Online Armor\oaui.exe" x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll . INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - D:\Stardock\Fences\FencesMenu64.dll x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL Hosts: 127.0.0.1 www.spywareinfo.com . ============= SERVICES / DRIVERS =============== . R? AMPPALP;Intel© Centrino© Wireless Bluetooth© 3.0 + High Speed Protocol R? Bluetooth Device Monitor;Bluetooth Device Monitor R? Bluetooth Media Service;Bluetooth Media Service R? Bluetooth OBEX Service;Bluetooth OBEX Service R? btmaudio;Intel Bluetooth Audio Service R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86 R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64 R? Impcd;Impcd R? intaud_WaveExtensible;Intel WiDi Audio Device R? JMCR;JMCR R? MSSQLServerADHelper100;SQL Active Directory Helper Service R? MyWiFiDHCPDNS;Wireless PAN DHCP Server R? Netaapl;Apple Mobile Device Ethernet Service R? NvStUSB;NVIDIA Stereoscopic 3D USB driver R? RdpVideoMiniport;Remote Desktop Video Miniport Driver R? RoxMediaDB12OEM;RoxMediaDB12OEM R? RoxWatch12;Roxio Hard Drive Watcher 12 R? RsFx0105;RsFx0105 Driver R? SkypeUpdate;Skype Updater R? SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS) R? Te.Service;Te.Service R? TeamViewer7;TeamViewer 7 R? TsUsbFlt;TsUsbFlt R? TsUsbGD;Remote Desktop Generic USB Device R? USBAAPL64;Apple Mobile USB Driver R? WatAdminSvc;Windows Activation Technologies Service R? wlcrasvc;Windows Live Mesh remote connections service S? Acceler;Accelerometer Service S? AdvancedSystemCareService6;Advanced SystemCare Service 6 S? AERTFilters;Andrea RT Filters Service S? AMPPAL;Intel© Centrino© Wireless Bluetooth© 3.0 + High Speed Virtual Adapter S? AMPPALR3;Intel© Centrino© Wireless Bluetooth© 3.0 + High Speed Service S? AVer7231_x64;AVerMedia 7231 capture service S? AVGIDSAgent;AVGIDSAgent S? AVGIDSDriver;AVGIDSDriver S? AVGIDSHA;AVGIDSHA S? Avgldx64;AVG AVI Loader Driver S? Avgloga;AVG Logging Driver S? Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield S? Avgrkx64;AVG Anti-Rootkit Driver S? Avgtdia;AVG TDI Driver S? avgwd;AVG WatchDog S? BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service S? btmaux;Intel Bluetooth Auxiliary Service S? btmhsf;btmhsf S? CtClsFlt;Creative Camera Class Upper Filter Driver S? ctxusbm;Citrix USB Monitor Driver S? cvhsvc;Client Virtualization Handler S? iBtFltCoex;iBtFltCoex S? IntcDAud;Intel® Display Audio S? iwdbus;IWD Bus Enumerator S? NAUpdate;Nero Update S? NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2 S? NOBU;Dell DataSafe Online S? nusb3hub;Renesas Electronics USB 3.0 Hub Driver S? nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver S? nvkflt;nvkflt S? nvpciflt;nvpciflt S? OAcat;Online Armor Helper Service S? OADevice;OADriver S? oahlpXX;Online Armor helper driver S? OAmon;OAmon S? OAnet;OnlineArmor Service S? PxHlpa64;PxHlpa64 S? qicflt;upper Device Filter Driver S? RTL8167;Realtek 8167 NT Driver S? Sftfs;Sftfs S? sftlist;Application Virtualization Client S? Sftplay;Sftplay S? Sftredir;Sftredir S? SftService;SoftThinks Agent Service S? Sftvol;Sftvol S? sftvsa;Application Virtualization Service Agent S? stdcfltn;Disk Class Filter Driver for Accelerometer S? Stereo Service;NVIDIA Stereoscopic 3D Driver Service S? SvcOnlineArmor;Online Armor S? TurboB;Turbo Boost UI Monitor driver S? TurboBoost;Intel® Turbo Boost Technology Monitor 2.0 S? UNS;Intel® Management and Security Application User Notification Service S? wdkmd;Intel WiDi KMD . =============== Created Last 30 ================ . 2013-02-06 03:14:45 -------- d-----w- C:\Users\Sam\AppData\Roaming\OnlineArmor 2013-02-06 03:14:45 -------- d-----w- C:\ProgramData\OnlineArmor 2013-02-06 03:13:17 62016 ----a-w- C:\Windows\SysWow64\drivers\oahlp64.sys 2013-02-06 03:13:17 61632 ----a-w- C:\Windows\SysWow64\drivers\OADriver.sys 2013-02-06 03:13:17 40520 ----a-w- C:\Windows\SysWow64\drivers\OAmon.sys 2013-02-06 03:13:17 35376 ----a-w- C:\Windows\System32\drivers\OAnet.sys 2013-02-06 03:13:14 -------- d-----w- C:\Program Files (x86)\Online Armor 2013-02-06 02:30:58 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-02-06 02:30:58 -------- d-----w- C:\Program Files\iTunes 2013-02-06 02:30:58 -------- d-----w- C:\Program Files\iPod 2013-02-06 02:30:58 -------- d-----w- C:\Program Files (x86)\iTunes 2013-02-06 02:27:14 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2013-02-06 02:27:14 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2013-02-06 02:27:14 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2013-02-06 02:27:14 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2013-02-06 02:27:14 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2013-02-06 02:27:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2013-02-06 02:27:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2013-02-06 02:24:26 -------- d-----w- C:\Program Files (x86)\CodeBlocks 2013-02-05 00:38:18 -------- d-----w- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} 2013-01-30 18:39:43 -------- d-----w- C:\Program Files (x86)\ESET 2013-01-28 23:55:47 -------- d-sh--w- C:\$RECYCLE.BIN 2013-01-28 01:17:26 -------- d-----w- C:\Users\Sam\AppData\Roaming\Safer Networking 2013-01-28 01:16:23 -------- d-----w- C:\Program Files (x86)\Safer Networking 2013-01-27 23:57:52 -------- d-----w- C:\Users\Sam\Two Worlds II - GotY Bonus 2013-01-27 21:22:47 -------- d-----w- C:\Program Files (x86)\THQ 2013-01-27 15:06:52 -------- d-----w- C:\Users\Sam\AppData\Local\BigHugeEngine 2013-01-27 03:38:42 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll 2013-01-26 20:33:06 -------- d-----w- C:\Program Files (x86)\AMD 2013-01-26 20:29:58 -------- d-----w- C:\Windows\SysWow64\xlive 2013-01-26 20:29:51 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE 2013-01-26 04:02:40 -------- d-----w- C:\Users\Sam\AppData\Local\DCS 2013-01-25 02:33:56 12872 ----a-w- C:\Windows\System32\bootdelete.exe 2013-01-22 22:02:56 -------- d-----w- C:\Windows\ERUNT 2013-01-22 22:02:49 -------- d-----w- C:\JRT 2013-01-14 02:30:41 -------- d-----w- C:\MGtools 2013-01-14 01:58:57 -------- d-----w- C:\ProgramData\HitmanPro 2013-01-14 01:06:16 -------- d-----w- C:\Program Files (x86)\VS Revo Group 2013-01-14 00:59:13 73064 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll 2013-01-14 00:59:13 109416 ----a-w- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll 2013-01-14 00:59:12 105832 ----a-w- C:\Windows\System32\SQSRVRES.DLL 2013-01-14 00:54:11 340992 ----a-w- C:\Windows\System32\schannel.dll 2013-01-14 00:54:11 247808 ----a-w- C:\Windows\SysWow64\schannel.dll 2013-01-14 00:54:10 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2013-01-14 00:54:10 458712 ----a-w- C:\Windows\System32\drivers\cng.sys 2013-01-14 00:54:10 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2013-01-14 00:54:10 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2013-01-14 00:54:10 1448448 ----a-w- C:\Windows\System32\lsasrv.dll 2013-01-12 16:16:51 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2013-01-12 16:16:51 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2013-01-12 16:04:01 -------- d-----w- C:\Users\Sam\AppData\Roaming\Greenshot 2013-01-12 16:03:52 -------- d-----w- C:\Users\Sam\AppData\Local\Greenshot 2013-01-12 15:24:35 -------- d-----w- C:\Program Files (x86)\NoteTab Light 2013-01-12 15:23:11 -------- d-----w- C:\Users\Sam\AppData\Roaming\IrfanView 2013-01-12 15:23:11 -------- d-----w- C:\Program Files (x86)\IrfanView 2013-01-12 14:57:15 -------- d-----w- C:\Program Files\Greenshot 2013-01-12 14:56:19 -------- d-----w- C:\Program Files\Paint.NET 2013-01-12 14:56:07 -------- d-----w- C:\Users\Sam\AppData\Local\Paint.NET 2013-01-12 14:54:48 31 ----a-w- C:\Windows\SysWow64\TempWmicBatchFile.bat 2013-01-12 14:48:14 -------- d-----w- C:\Program Files (x86)\Everything 2013-01-12 14:44:18 -------- d-----w- C:\Program Files (x86)\WinDirStat 2013-01-11 01:50:31 -------- d-----w- C:\Users\Sam\AppData\Roaming\AVG2013 2013-01-11 01:29:58 -------- d-----w- C:\Users\Sam\AppData\Roaming\TuneUp Software 2013-01-11 01:29:10 -------- d--h--w- C:\$AVG 2013-01-11 01:29:09 -------- d-----w- C:\ProgramData\AVG2013 2013-01-11 01:28:17 -------- d-----w- C:\Program Files (x86)\AVG 2013-01-11 01:26:35 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2013-01-11 01:26:33 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{52D74735-1440-4D79-91D6-3313E0B1BFBE}\mpengine.dll 2013-01-11 01:25:20 -------- d--h--w- C:\ProgramData\Common Files 2013-01-11 01:25:20 -------- d-----w- C:\Users\Sam\AppData\Local\MFAData 2013-01-11 01:25:20 -------- d-----w- C:\Users\Sam\AppData\Local\Avg2013 2013-01-11 01:25:20 -------- d-----w- C:\ProgramData\MFAData 2013-01-09 01:09:30 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2013-01-09 01:08:54 68608 ----a-w- C:\Windows\System32\taskhost.exe 2013-01-09 01:08:53 3149824 ----a-w- C:\Windows\System32\win32k.sys . ==================== Find3M ==================== . 2013-01-13 23:23:09 859552 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2013-01-13 23:23:09 780192 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-01-08 23:51:31 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-01-08 23:51:30 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-14 22:02:47 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2012-12-14 22:02:47 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2012-12-14 22:02:17 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2012-12-14 16:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll 2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll 2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll 2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll 2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs 2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs 2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs 2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs 2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs 2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs 2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs 2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs 2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs 2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs 2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs 2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs 2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs 2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs 2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll 2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll 2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-11-15 23:33:24 111968 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys 2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-11-09 05:45:32 750592 ----a-w- C:\Windows\System32\win32spl.dll 2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll 2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll . ============= FINISH: 20:05:40.56 ===============
  3. Hi Jeff, Well the malware is back, this time with Chrome. It keeps forcing me to use globasearch... I guess we are back to square one. Here is an up to date dds: . ==== Installed Programs ====================== . Tools for .Net 3.5 A Game of Thrones - Genesis AccelerometerP11 Adobe AIR Adobe Digital Editions 2.0 Adobe Download Assistant Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Help Manager Adobe Reader X (10.1.5) Advanced Audio FX Engine Advanced SystemCare 6 Aeria Ignite Age of Empires Online Alliance of Valiant Arms Amazon Kindle America's Army 3 Apple Application Support Apple Mobile Device Support Apple Software Update ARMA 2 ARMA 2: Operation Arrowhead ARMA 2: Operation Arrowhead Beta µTorrent AVerMedia H339 Hybrid TV Tuner 2.2.64.64 AVG 2013 Batman: Arkham City™ GOTY Battlefield 3™ Battlelog Web Plugins BlackBerry Desktop Software 6.1 Blend for Visual Studio 2012 Blend for Visual Studio 2012 ENU resources Blio Bonjour Borderlands 2 Call of Duty: Modern Warfare 2 Call of Duty: Modern Warfare 2 - Multiplayer Camfrog Video Chat 6.1 CCleaner Chivalry: Medieval Warfare Cities XL 2012 Citrix Authentication Manager Citrix Receiver Citrix Receiver (HDX Flash Redirection) Citrix Receiver Inside Citrix Receiver(Aero) Citrix Receiver(DV) Citrix Receiver(USB) CodeBlocks Company of Heroes Company of Heroes: Opposing Fronts Company of Heroes: Tales of Valor Crimecraft: BLEEDOUT Crysis® 2 CutePDF Writer 2.8 D3DX10 Darksiders DarksidersInstaller DCS World DeadLine Equation Solver DealBook 360 Dear Esther Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Defraggler Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell DataSafe Online Dell Edoc Viewer Dell Getting Started Guide Dell MusicStage Dell PhotoStage Dell Stage Dell Stage Remote Dell Support Center Dell VideoStage Dell Webcam Central Diablo III DirectX 9 Runtime Dotfuscator and Analytics Community Edition Dragon Age II Dropbox Dual-Core Optimizer Dungeons: The Dark Lord Demo eBay Entity Framework Designer for Visual Studio 2012 - enu ESET Online Scanner v3 Evernote v. 4.6 Everything 1.2.1.371 Fable III Facebook Video Calling 1.2.0.287 Fences FIFA MANAGER 12 FileZilla Client 3.5.3 FireArc Arcade Frontline Tactics Full Tilt Poker Galactic Civilizations I: Ultimate Edition Galactic Civilizations II: Ultimate Edition Game of Thrones version 1.1.0.0 GeoGebra GIMP 2.8.2 Glary Utilities 2.52.0.1698 Google Chrome Google Talk Plugin Google Update Helper Gotham City Impostors: Free To Play GoToAssist Corporate GPU Temp version 1.0 Grand Theft Auto: San Andreas Grand Theft Auto: Vice City Graph 4.3 Graphing Calculator 3D 3.2 Greenshot 1.0.6.2228 High-Definition Video Playback Hitman: Blood Money Hitman: Codename 47 Homefront Hotfix for Microsoft Visual C# 2010 Express - ENU (KB2635973) HP Deskjet 3070 B611 series Basic Device Software HP Deskjet 3070 B611 series Help HP Deskjet 3070 B611 series Product Improvement Study HP Photo Creations HP Update iCloud IDroo 1.0.0.154 IIS 8.0 Express IIS Express Application Compatibility Database for x64 IIS Express Application Compatibility Database for x86 Intel PROSet Wireless Intel® Control Center Intel® Management Engine Components Intel® Processor Graphics Intel® PROSet/Wireless Software for Bluetooth® Technology Intel® PROSet/Wireless WiFi Software Intel® Turbo Boost Technology Monitor 2.0 Intel® WiDi Intel® Wireless Display IrfanView (remove only) iTunes Jagged Alliance - Back in Action Junk Mail filter update Just Cause 2 Kingdoms of Amalur: Reckoning L.A. Noire Left 4 Dead Left 4 Dead 2 LocalESPC LocalESPCui for en-us Lure of the Temptress Malwarebytes Anti-Malware version 1.70.0.1100 Mass Effect 2 Demo MATLAB R2012a Men of War Men of War: Assault Squad Men of War: Assault Squad - Game of the year (Remove Only) Men of War: Condemned Heroes Men of War: Vietnam Mesh Runtime MetaTrader - Alpari UK Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft .NET Framework 4.5 Microsoft .NET Framework 4.5 Multi-Targeting Pack Microsoft .NET Framework 4.5 SDK Microsoft Application Error Reporting Microsoft ASP.NET MVC 3 Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools Microsoft ASP.NET MVC 4 Runtime Microsoft ASP.NET Web Pages Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools Microsoft ASP.NET Web Pages 2 Runtime Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Help Viewer 1.1 Microsoft Help Viewer 2.0 Microsoft LightSwitch for Visual Studio 2012 Core Microsoft LightSwitch for Visual Studio 2012 CoreRes - ENU Microsoft NuGet - Visual Studio 2012 Microsoft Office 2010 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Portable Library Multi-Targeting Pack Microsoft Portable Library Multi-Targeting Pack Language Pack - enu Microsoft Report Viewer 2012 Runtime - Beta Microsoft Report Viewer Add-On for Visual Studio 2012 Microsoft Silverlight Microsoft Silverlight 4 SDK Microsoft Silverlight 5 SDK Microsoft Small Basic v1.0 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server 2008 (64-bit) Microsoft SQL Server 2008 Browser Microsoft SQL Server 2008 Common Files Microsoft SQL Server 2008 Database Engine Services Microsoft SQL Server 2008 Database Engine Shared Microsoft SQL Server 2008 Native Client Microsoft SQL Server 2008 R2 Management Objects Microsoft SQL Server 2008 RsFx Driver Microsoft SQL Server 2008 Setup Support Files Microsoft SQL Server 2012 Command Line Utilities Microsoft SQL Server 2012 Data-Tier App Framework Microsoft SQL Server 2012 Express LocalDB Microsoft SQL Server 2012 Management Objects Microsoft SQL Server 2012 Management Objects (x64) Microsoft SQL Server 2012 Native Client Microsoft SQL Server 2012 RC0 (64-bit) Microsoft SQL Server 2012 RC0 Setup (English) Microsoft SQL Server 2012 T-SQL Language Service Microsoft SQL Server 2012 Transact-SQL Compiler Service Microsoft SQL Server 2012 Transact-SQL ScriptDom Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft SQL Server Compact 3.5 SP2 x64 ENU Microsoft SQL Server Compact 4.0 SP1 x64 ENU Microsoft SQL Server Data Tools - enu (11.1.20627.00) Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) Microsoft SQL Server System CLR Types Microsoft SQL Server System CLR Types (x64) Microsoft SQL Server VSS Writer Microsoft System CLR Types for SQL Server 2012 Microsoft System CLR Types for SQL Server 2012 (x64) Microsoft Visual C# 2010 Express - ENU Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 Microsoft Visual C++ 2012 x64 Designtime - 11.0.50727 Microsoft Visual C++ 2012 Compilers Microsoft Visual C++ 2012 Compilers - ENU Resources Microsoft Visual C++ 2012 Core Libraries Microsoft Visual C++ 2012 Extended Libraries Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU Microsoft Visual Studio 2010 Office Developer Tools (x64) Microsoft Visual Studio 2010 Service Pack 1 Microsoft Visual Studio 2010 Shell (Isolated) - ENU Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Visual Studio 2012 Devenv Microsoft Visual Studio 2012 Devenv Resources Microsoft Visual Studio 2012 IntelliTrace Core amd64 Microsoft Visual Studio 2012 IntelliTrace Core x86 Microsoft Visual Studio 2012 IntelliTrace Front End x86 Microsoft Visual Studio 2012 Performance Collection Tools Microsoft Visual Studio 2012 Performance Collection Tools - ENU Microsoft Visual Studio 2012 Preparation Microsoft Visual Studio 2012 SharePoint Developer Tools Microsoft Visual Studio 2012 SharePoint Developer Tools ENU Language Pack Microsoft Visual Studio 2012 Shell (Minimum) Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies Microsoft Visual Studio 2012 Shell (Minimum) Resources Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU Microsoft Visual Studio Premium 2012 Microsoft Visual Studio Premium 2012 - ENU Microsoft Visual Studio Professional 2012 Microsoft Visual Studio Professional 2012 - ENU Microsoft Visual Studio Team Foundation Server 2012 Object Model Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU Microsoft Visual Studio Team Foundation Server 2012 Storyboarding Microsoft Visual Studio Team Foundation Server 2012 Storyboarding Language Pack - ENU Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU Microsoft Visual Studio Ultimate 2012 Microsoft Visual Studio Ultimate 2012 - ENU Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources Microsoft Web Deploy 3.0 Microsoft Web Deploy dbSqlPackage Provider - enu Microsoft Web Developer Tools - Visual Studio 2012 Microsoft Web Platform Installer 4.0 Microsoft_VC80_CRT_x86 Microsoft_VC90_CRT_x86 Might and Magic Heroes VI Demo Mount & Blade: Warband Mount & Blade: With Fire and Sword MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero 10 Movie ThemePack Basic Nero Control Center 10 Nero ControlCenter 10 Help (CHM) Nero Core Components 10 Nero Update Nexuiz Nitro Reader 2 Notepad++ NoteTab Light 7 (Remove only) NVIDIA 3D Vision Driver 306.97 NVIDIA Control Panel 306.97 NVIDIA Graphics Driver 306.97 NVIDIA HD Audio Driver 1.3.18.0 NVIDIA Install Application NVIDIA Optimus 1.10.8 NVIDIA PhysX NVIDIA PhysX System Software 9.12.0604 NVIDIA Stereoscopic 3D Driver NVIDIA Update 1.10.8 NVIDIA Update Components Online Armor 6.0 Online Plug-in Origin Paint.NET v3.5.10 Pamela Basic 4.8 PhotoShowExpress PlayReady PC Runtime x86 PreEmptive Analytics Visual Studio Components Prerequisites for SSDT PrimoPDF -- brought to you by Nitro PDF Software PunkBuster Services Python 3.2.3 (64-bit) Quickset64 QuickTime R for Windows 2.14.0 Rainmeter Ravaged RBVirtualFolder64Inst Reader for PC Realtek High Definition Audio Driver RegAlyzer Revo Uninstaller 1.94 Rock of Ages Roxio Activation Module Roxio BackOnTrack Roxio Burn Roxio Creator Starter Roxio Express Labeler 3 Roxio File Backup Safari Saints Row: The Third Security Update for Microsoft .NET Framework 4.5 (KB2729460) Security Update for Microsoft .NET Framework 4.5 (KB2737083) Security Update for Microsoft .NET Framework 4.5 (KB2742613) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition Self-service Plug-in Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit) Shaiya Shared C Run-time for x64 Sid Meier's Civilization V Skitch Skype™ 6.0 Sonic CinePlayer Decoder Pack SopCast 3.4.7 Spec Ops: The Line SpeedFan (remove only) Spotify Spybot - Search & Destroy SQL Server 2012 RC0 Common Files SQL Server 2012 RC0 Management Studio Sql Server Customer Experience Improvement Program Steam Supreme Commander Supreme Commander: Forged Alliance Synaptics Pointing Device Driver SyncUP Team Fortress 2 TeamSpeak 3 Client TeamViewer 7 The Elder Scrolls V: Skyrim Total Annihilation - Commander Pack Total War: SHOGUN 2 Transformers: War for Cybertron TweetDeck Two Worlds II Unity Web Player Update for Microsoft .NET Framework 4.5 (KB2750147) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition Update for Microsoft Visual Studio 2012 (KB2781514) Vanguard: Saga of Heroes F2P Viking: Battle for Asgard Visual Studio 2010 Prerequisites - English Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU Visual Studio 2010 x64 Redistributables Visual Studio 2012 Prerequisites Visual Studio 2012 Prerequisites - ENU Language Pack Visual Studio Extensions for Windows Library for JavaScript VitalSource Bookshelf VLC media player 2.0.4 VNC Free Edition 4.1.3 WCF Data Services 5.0 (for OData v3) Primary Components WCF Data Services Tools for Microsoft Visual Studio 2012 WCF RIA Services V1.0 SP2 WinDirStat 1.1.2 Windows 7 USB/DVD Download Tool Windows App Certification Kit Native Components Windows App Certification Kit x64 Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Runtime Intellisense Content - en-us Windows Software Development Kit Windows Software Development Kit DirectX x64 Remote Windows Software Development Kit DirectX x86 Remote Windows Software Development Kit for Windows Store Apps Windows Software Development Kit for Windows Store Apps DirectX x64 Remote Windows Software Development Kit for Windows Store Apps DirectX x86 Remote WinRAR 4.10 beta 5 (64-bit) WordWeb World in Conflict World of Tanks World of Warcraft XWidget Ver1.73 Zinio Reader 4 Zombie Driver HD Demo . ==== End Of File ===========================
  4. So far so good thanks Jeff. Booting quickly again, although like I said, worrying some of the Firefox stuff is back when the program has been completely removed. Do I need to run any other tests to double check the system is clean? Thanks again for all your help with this!
  5. Managed to sort it - just forced a restart! Annoyingly the Firefox bits are back when I was positive they were removed. No babylon.xml as yet! Please see attached for new OTL report. OTL5.Txt
  6. Done as requested, but on reboot it is not happy at all! Its been trying to load for the last 10 minutes (usually up within 10-20 seconds). Start button shows zero programs, my "fences" have been deleted, it won't connect to wi fi and its "stuck".
  7. C:\MGtools\Process.exe Win32/PrcView application C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application C:\Users\Sam\Downloads\cbsidlm-tr1_10a-Everything-ORG-10890746.exe Win32/DownloadAdmin.G application C:\Users\Sam\Downloads\cbsidlm-tr1_10a-NoteTab_Light-ORG-10008280.exe Win32/DownloadAdmin.G application C:\Users\Sam\Downloads\cbsidlm-tr1_10a-Prey_AntiTheft-ORG-75812037.exe Win32/DownloadAdmin.G application C:\Users\Sam\Downloads\FreeYouTubeDownloaderInstaller.exe a variant of Win32/Somoto.A application D:\Downloads\Move - Oct 2012\asc-setup.exe a variant of Win32/ELEX application D:\Downloads\Move - Oct 2012\cnet2_installspeedfan445_exe.exe a variant of Win32/InstallCore.D application D:\Downloads\Move - Oct 2012\cnet2_Relaxing_Nature_Animated_Wallpaper_exe.exe a variant of Win32/InstallCore.D application D:\Downloads\Move - Oct 2012\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask application D:\Downloads\Move - Oct 2012\InternationalPrimoPDF.exe Win32/OpenCandy application D:\Downloads\Move - Oct 2012\PamelaSetup_Basic.exe a variant of Win32/Bundled.Toolbar.Ask application D:\Downloads\Move - Oct 2012\SopCast.zip a variant of Win32/Bundled.Toolbar.Ask application D:\Downloads\cbsidlm-tr1_7-DeadLine-ORG2-10489854.exe Win32/DownloadAdmin.D application D:\Downloads\cbsidlm-tr1_7-Graph-ORG2-10063417.exe Win32/DownloadAdmin.D application D:\Downloads\cbsidlm-tr1_7-Graphing_Calculator_3D-ORG2-10725117.exe Win32/DownloadAdmin.D application D:\Downloads\cbsidlm-tr1_7-Kindle_for_PC-ORG2-75185974.exe Win32/DownloadAdmin.D application D:\Downloads\cbsidlm-tr1_7-Programming_C-ORG2-10174971.exe Win32/DownloadAdmin.D application D:\Downloads\cbsidlm-tr1_7-Programming_in_C_in_7_days-ORG2-10063731.exe Win32/DownloadAdmin.D application D:\Downloads\cbsidlm-tr1_7-Web_Design_in_Seven_Days-ORG2-10054352.exe Win32/DownloadAdmin.D application D:\Downloads\xwidget_setup173.exe Win32/InstallMonetizer.AF application You should note that almost all of those downloads was from CNET (www.downloads.com) which is the very same place where the babylon malware came from!
  8. Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.24.11 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Sam :: SAM-LAPPY [administrator] 30/01/2013 17:53:00 mbam-log-2013-01-30 (17-53-00).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 241386 Time elapsed: 5 minute(s), 25 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  9. Ok... on deleting and totally removing all Firefox components, it looks like babylon.xml has gone. The only place it remains is in various quarantines... what is the best way to clean these up too? It appears that I am just going to have to avoid Firefox...
  10. Done, but whatever we are doing isn't working. Babylon.xml is back in the Firefox folder. I am going to uninstall Firefox. Please can you continue to assist? It appears to be Firefox related now. Very time the computer restarts, it reappears!
  11. ComboFix 13-01-28.02 - Sam 28/01/2013 22:33:38.3.8 - x64 Running from: c:\users\Sam\Desktop\ComboFix.exe Command switches used :: c:\users\Sam\Desktop\CFScript.txt . FILE :: "c:\program files (x86)\Mozilla Firefox\searchplugins\babylon.xml" "c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar.zip" "c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar1.zip" "c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip" "c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar3.zip" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Mozilla Firefox\searchplugins\babylon.xml c:\programdata\PCDr\6032\AddOnDownloaded\18d25bc5-acbb-424f-a6c6-d04a97765094.dll c:\programdata\PCDr\6032\AddOnDownloaded\2141cd58-3a24-481f-8ca2-8b466c9b797f.dll c:\programdata\PCDr\6032\AddOnDownloaded\2d2ff7e2-f0f8-4f32-a28e-e44234dd3300.dll c:\programdata\PCDr\6032\AddOnDownloaded\3e137363-345c-454a-a474-2da300d9297a.dll c:\programdata\PCDr\6032\AddOnDownloaded\4011a5cd-1208-467b-b149-4c0534295875.dll c:\programdata\PCDr\6032\AddOnDownloaded\489a0734-0bcc-462a-8a9c-29a40f0007b9.dll c:\programdata\PCDr\6032\AddOnDownloaded\59abf7b9-a4a7-4d76-9ad6-13c7bb2f4d0b.dll c:\programdata\PCDr\6032\AddOnDownloaded\5f996ddf-fafd-4f93-b623-a362758305b9.dll c:\programdata\PCDr\6032\AddOnDownloaded\65a823a3-a5fc-440a-b276-153555251042.dll c:\programdata\PCDr\6032\AddOnDownloaded\918ee45c-eb0a-4e61-97ad-c1849c2623ee.dll c:\programdata\PCDr\6032\AddOnDownloaded\b0654984-096d-4244-a127-3364577b6279.dll c:\programdata\PCDr\6032\AddOnDownloaded\b967e9c4-897a-42c8-96d2-4ceb543f8cdb.dll c:\programdata\PCDr\6032\AddOnDownloaded\e3146f6d-11b3-4a00-a026-1ba8b4bb00ff.dll c:\programdata\PCDr\6032\AddOnDownloaded\ea058b56-dc30-479c-af0f-bcf27aed08df.dll c:\programdata\PCDr\6032\AddOnDownloaded\f4d48f15-9f33-4b3f-a84f-bc8b2800e772.dll c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar.zip c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar1.zip c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar3.zip . . ((((((((((((((((((((((((( Files Created from 2012-12-28 to 2013-01-28 ))))))))))))))))))))))))))))))) . . 2013-01-28 22:39 . 2013-01-28 22:39 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-01-28 22:39 . 2013-01-28 22:39 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-28 01:17 . 2013-01-28 01:17 -------- d-----w- c:\users\Sam\AppData\Roaming\Safer Networking 2013-01-28 01:16 . 2013-01-28 01:16 -------- d-----w- c:\program files (x86)\Safer Networking 2013-01-27 23:57 . 2013-01-28 00:00 -------- d-----w- c:\users\Sam\Two Worlds II - GotY Bonus 2013-01-27 21:22 . 2013-01-27 21:22 -------- d-----w- c:\program files (x86)\THQ 2013-01-27 15:06 . 2013-01-27 15:06 -------- d-----w- c:\users\Sam\AppData\Local\BigHugeEngine 2013-01-27 03:38 . 2008-07-12 08:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll 2013-01-26 20:33 . 2013-01-26 20:33 -------- d-----w- c:\program files (x86)\AMD 2013-01-26 20:29 . 2013-01-26 20:29 -------- d-----w- c:\windows\SysWow64\xlive 2013-01-26 20:29 . 2013-01-26 20:29 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE 2013-01-26 04:02 . 2013-01-26 04:02 -------- d-----w- c:\users\Sam\AppData\Local\DCS 2013-01-25 02:33 . 2013-01-25 02:33 12872 ----a-w- c:\windows\system32\bootdelete.exe 2013-01-25 00:34 . 2013-01-25 00:34 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2013-01-22 22:02 . 2013-01-22 22:02 -------- d-----w- c:\windows\ERUNT 2013-01-22 22:02 . 2013-01-22 22:02 -------- d-----w- C:\JRT 2013-01-19 23:50 . 2013-01-19 23:50 -------- d-----w- C:\_OTL 2013-01-14 02:30 . 2013-01-14 02:35 -------- d-----w- C:\MGtools 2013-01-14 01:58 . 2013-01-25 02:33 -------- d-----w- c:\programdata\HitmanPro 2013-01-14 01:06 . 2013-01-14 01:06 -------- d-----w- c:\program files (x86)\VS Revo Group 2013-01-14 00:59 . 2011-09-22 21:06 109416 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll 2013-01-14 00:59 . 2011-09-22 17:18 73064 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll 2013-01-14 00:59 . 2011-09-22 21:07 105832 ----a-w- c:\windows\system32\SQSRVRES.DLL 2013-01-14 00:58 . 2013-01-14 00:58 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0 2013-01-14 00:54 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll 2013-01-14 00:54 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll 2013-01-14 00:54 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2013-01-14 00:54 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys 2013-01-14 00:54 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll 2013-01-14 00:54 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2013-01-14 00:54 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2013-01-13 23:23 . 2013-01-13 23:23 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-01-13 23:23 . 2013-01-13 23:23 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-01-13 22:15 . 2013-01-25 00:35 -------- d-----w- c:\program files (x86)\Google 2013-01-12 16:16 . 2013-01-28 01:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2013-01-12 16:16 . 2013-01-12 16:17 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2013-01-12 16:04 . 2013-01-12 16:04 -------- d-----w- c:\users\Sam\AppData\Roaming\Greenshot 2013-01-12 16:03 . 2013-01-12 16:03 -------- d-----w- c:\users\Sam\AppData\Local\Greenshot 2013-01-12 15:24 . 2013-01-12 15:24 -------- d-----w- c:\program files (x86)\NoteTab Light 2013-01-12 15:23 . 2013-01-12 15:23 -------- d-----w- c:\users\Sam\AppData\Roaming\IrfanView 2013-01-12 15:23 . 2013-01-12 15:23 -------- d-----w- c:\program files (x86)\IrfanView 2013-01-12 14:57 . 2013-01-12 14:57 -------- d-----w- c:\program files\Greenshot 2013-01-12 14:56 . 2013-01-12 14:56 -------- d-----w- c:\program files\Paint.NET 2013-01-12 14:56 . 2013-01-12 17:53 -------- d-----w- c:\users\Sam\AppData\Local\Paint.NET 2013-01-12 14:54 . 2013-01-28 22:29 31 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat 2013-01-12 14:54 . 2013-01-12 14:54 -------- d-----w- C:\Prey 2013-01-12 14:48 . 2013-01-28 01:20 -------- d-----w- c:\program files (x86)\Everything 2013-01-12 14:44 . 2013-01-12 14:44 -------- d-----w- c:\program files (x86)\WinDirStat 2013-01-11 01:50 . 2013-01-11 01:50 -------- d-----w- c:\users\Sam\AppData\Roaming\AVG2013 2013-01-11 01:29 . 2013-01-11 01:29 -------- d-----w- c:\users\Sam\AppData\Roaming\TuneUp Software 2013-01-11 01:29 . 2013-01-11 01:29 -------- d-----w- C:\$AVG 2013-01-11 01:29 . 2013-01-11 01:30 -------- d-----w- c:\programdata\AVG2013 2013-01-11 01:28 . 2013-01-11 01:28 -------- d-----w- c:\program files (x86)\AVG 2013-01-11 01:26 . 2012-11-19 01:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{52D74735-1440-4D79-91D6-3313E0B1BFBE}\mpengine.dll 2013-01-11 01:25 . 2013-01-27 17:58 -------- d-----w- c:\programdata\MFAData 2013-01-11 01:25 . 2013-01-12 14:47 -------- d-----w- c:\users\Sam\AppData\Local\Avg2013 2013-01-11 01:25 . 2013-01-11 01:25 -------- d--h--w- c:\programdata\Common Files 2013-01-11 01:25 . 2013-01-11 01:25 -------- d-----w- c:\users\Sam\AppData\Local\MFAData 2013-01-09 01:09 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll 2013-01-09 01:08 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe 2013-01-09 01:08 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-14 02:35 . 2013-01-14 02:30 380010 ----a-w- C:\MGlogs.zip 2013-01-13 23:23 . 2012-10-10 09:30 859552 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2013-01-13 23:23 . 2011-10-06 15:26 780192 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-01-09 03:03 . 2011-10-11 06:21 67599240 ----a-w- c:\windows\system32\MRT.exe 2013-01-08 23:51 . 2012-04-30 03:18 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-01-08 23:51 . 2011-10-06 15:18 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-16 17:11 . 2012-12-22 03:00 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:45 . 2012-12-22 03:00 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2012-12-22 03:00 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:13 . 2012-12-22 03:00 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-14 22:02 . 2011-12-17 02:04 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-12-14 22:02 . 2011-10-10 16:55 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-12-14 22:02 . 2011-10-10 16:55 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-12-14 16:49 . 2012-02-06 00:11 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-13 03:11 . 2012-11-29 01:04 2549120 ----a-w- c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll 2012-11-30 04:45 . 2013-01-09 01:09 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-11-29 19:06 . 2012-11-29 19:06 119808 ----a-r- c:\users\Sam\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe 2012-11-29 01:02 . 2012-09-27 19:56 90976 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll 2012-11-15 23:33 . 2012-11-15 23:33 111968 ----a-w- c:\windows\system32\drivers\avgmfx64.sys 2012-11-14 07:06 . 2012-12-13 03:02 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-11-14 06:32 . 2012-12-13 03:02 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-14 06:11 . 2012-12-13 03:02 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 06:04 . 2012-12-13 03:02 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-11-14 06:04 . 2012-12-13 03:02 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 06:02 . 2012-12-13 03:02 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 06:02 . 2012-12-13 03:02 237056 ----a-w- c:\windows\system32\url.dll 2012-11-14 05:59 . 2012-12-13 03:02 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-11-14 05:58 . 2012-12-13 03:02 816640 ----a-w- c:\windows\system32\jscript.dll 2012-11-14 05:57 . 2012-12-13 03:02 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 05:57 . 2012-12-13 03:02 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 05:55 . 2012-12-13 03:02 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-11-14 05:55 . 2012-12-13 03:02 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-11-14 05:53 . 2012-12-13 03:02 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-11-14 05:52 . 2012-12-13 03:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-14 05:46 . 2012-12-13 03:02 248320 ----a-w- c:\windows\system32\ieui.dll 2012-11-14 02:09 . 2012-12-13 03:02 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-11-14 01:58 . 2012-12-13 03:02 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57 . 2012-12-13 03:02 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-11-14 01:49 . 2012-12-13 03:02 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48 . 2012-12-13 03:02 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-11-14 01:44 . 2012-12-13 03:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-11-09 05:45 . 2012-12-12 21:58 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-09 04:42 . 2012-12-12 21:58 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-11-02 05:59 . 2012-12-12 21:56 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-11-02 05:11 . 2012-12-12 21:56 376832 ----a-w- c:\windows\SysWow64\dpnet.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WordWeb"="c:\program files (x86)\WordWeb\wweb32.exe" [2009-11-08 65216] "Spotify Web Helper"="c:\users\Sam\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-30 1199576] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "Reader Application Helper"="c:\program files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe" [2012-01-31 892928] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942] "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384] "Everything"="c:\program files (x86)\Everything\Everything.exe" [2009-03-13 602624] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Advanced SystemCare 6"="d:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-24 490880] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" "HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" "Dell DataSafe Online"=c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe "Aeria Ignite"="c:\program files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent . R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944] R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-10-19 195072] R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [x] R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976] R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200] R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-11-11 172632] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-01 340240] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-02 22528] R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [2011-01-31 121960] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-07-25 126976] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-11 1255736] R4 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272] R4 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064] R4 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976] R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-22 311144] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 431464] R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328] S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120] S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-15 111968] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-10-02 30056] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856] S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2011-06-29 91864] S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2012-10-02 284008] S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;d:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-10-31 464256] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208] S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664] S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440] S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-02-15 19968] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-09-23 641832] S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-02-08 343032] S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-07-08 1692480] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760] S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-10-19 195072] S3 AVer7231_x64;AVerMedia 7231 capture service;c:\windows\system32\DRIVERS\AVer7231_x64.sys [2010-06-11 1799808] S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-08-29 53760] S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-15 327168] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096] S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-09 60416] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-16 317440] S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-05-17 25496] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760] S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [2010-07-13 29288] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504] S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2011-05-17 42392] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-01-25 00:36 1630672 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1386.0\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-01-28 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 23:51] . 2013-01-28 c:\windows\Tasks\GlaryInitialize.job - c:\program files (x86)\Glary Utilities\initialize.exe [2012-02-11 00:26] . 2013-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-25 00:35] . 2013-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-25 00:35] . 2013-01-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-371144906-3944880737-2443039130-1002Core.job - c:\users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-10 11:45] . 2013-01-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-371144906-3944880737-2443039130-1002UA.job - c:\users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-10 11:45] . 2013-01-28 c:\windows\Tasks\HP Photo Creations Messager.job - c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11] . 2013-01-28 c:\windows\Tasks\MATLAB R2012a Startup Accelerator.job - d:\program files\MATLAB\R2012a\bin\win64\MATLABStartupAccelerator.exe [2012-07-31 02:29] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-12 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-12 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-12 418840] "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] "IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-11-01 1935120] "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-10-18 10357008] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "d:\stardock\Fences\FencesMenu64.dll" [2010-06-22 253288] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.co.uk/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.254 192.168.1.254 DPF: {E34F52FE-7769-46CE-8F8B-5E8ABAD2E9FC} - hxxps://webmail-eu.towerswatson.com/CACHE/sdesktop/install/binaries/instweb.cab FF - ProfilePath - c:\users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\wcjolaku.default-1359079694328\ . - - - - ORPHANS REMOVED - - - - . AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{27B4851A-3207-45A2-B947-BE8AFE6163AB}"=hex:51,66,7a,6c,4c,1d,38,12,74,86,a7, 23,35,7c,cc,00,c6,51,fd,ca,fb,3f,27,bf "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96, 76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57 "{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1, 79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93, aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83 "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0, b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47, 2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:cf,6a,0e,6b,af,67,cd,01 . [HKEY_USERS\S-1-5-21-371144906-3944880737-2443039130-1002\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-01-28 22:41:37 ComboFix-quarantined-files.txt 2013-01-28 22:41 ComboFix2.txt 2013-01-17 02:40 ComboFix3.txt 2013-01-14 01:27 . Pre-Run: 32,870,944,768 bytes free Post-Run: 32,775,274,496 bytes free . - - End Of File - - BDC796F8ACCD270445D3E759F232B873
  12. <p> </p> <div>SystemLook 30.07.11 by jpshortstuff</div> <div>Log created at 01:21 on 28/01/2013 by Sam</div> <div>Administrator - Elevation successful</div> <div> </div> <div>========== filefind ==========</div> <div> </div> <div>Searching for "*babylon*"</div> <div>C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 626 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[00:47 28/01/2013]<span class="Apple-tab-span" style="white-space:pre"> </span>[01:07 28/01/2013] 43BF6841BDB625ED76293F6523B2A53C</div> <div>C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\art\ArtCivBabylonian.bar<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 67208628 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[18:35 07/09/2012]<span class="Apple-tab-span" style="white-space:pre"> </span>[18:52 04/11/2012] 88A4B9EC1561C3BBFD9A313140DCAEBA</div> <div>C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\sound\SoundCivBabylonian.bar<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 89637288 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[18:35 07/09/2012]<span class="Apple-tab-span" style="white-space:pre"> </span>[18:33 23/10/2012] 4AA0457BE93EA60D7AEDBC2CB21527B8</div> <div>C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\sound\SoundLocBabylonian-de-DE.bar<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 22915364 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[18:35 07/09/2012]<span class="Apple-tab-span" style="white-space:pre"> </span>[18:56 07/09/2012] 6F9B1D51B0424B448FE68A2AC11F8055</div> <div>C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\sound\SoundLocBabylonian-en-US.bar<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 21848532 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[18:35 07/09/2012]<span class="Apple-tab-span" style="white-space:pre"> </span>[18:36 23/10/2012] ACBFFB190BB092BCFCD7A19ED89D0866</div> <div>C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\sound\SoundLocBabylonian-es-ES.bar<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 23133748 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[18:35 07/09/2012]<span class="Apple-tab-span" style="white-space:pre"> </span>[18:56 07/09/2012] 18548FABCCDB335BC65840CB9B5A0DAC</div> <div>C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\sound\SoundLocBabylonian-fr-FR.bar<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 21645988 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[18:35 07/09/2012]<span class="Apple-tab-span" style="white-space:pre"> </span>[18:56 07/09/2012] 32E57F051C14ABFAEEECC136427853AB</div> <div>C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\sound\SoundLocBabylonian-it-IT.bar<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 22535728 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[18:35 07/09/2012]<span class="Apple-tab-span" style="white-space:pre"> </span>[18:56 07/09/2012] 499E031E15F4E7F17DC665A5E64669DD</div> <div>C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\sound\SoundLocBabylonian-zh-CHT.bar<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 22884972 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[18:35 07/09/2012]<span class="Apple-tab-span" style="white-space:pre"> </span>[18:56 07/09/2012] BBB28AA0B586F7981EB68E214C4C6A10</div> <div>C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\sound\music\Babylonians\Capital\Babylon_CapCity_1.mp3<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 2520610 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[18:35 07/09/2012]<span class="Apple-tab-span" style="white-space:pre"> </span>[18:54 07/09/2012] B3A8ED7F65F1272E6ACF3C3EDDA889CC</div> <div>C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\sound\music\Babylonians\Capital\Babylon_CapCity_2.mp3<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 2520610 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[18:35 07/09/2012]<span class="Apple-tab-span" style="white-space:pre"> </span>[18:54 07/09/2012] B3A8ED7F65F1272E6ACF3C3EDDA889CC</div> <div>C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\sound\music\Babylonians\Quest\Babylon_BeginQuest_1.mp3<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 1076143 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[18:35 07/09/2012]<span class="Apple-tab-span" style="white-space:pre"> </span>[18:48 07/09/2012] BB063792F11D1D291D77BEA9AD1DD122</div> <div>C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\sound\music\Babylonians\Quest\Babylon_BeginQuest_2.mp3<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 742612 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[18:35 07/09/2012]<span class="Apple-tab-span" style="white-space:pre"> </span>[18:48 07/09/2012] 52E5B1BE6FF0B41B7C74BE879903D0E3</div> <div>C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\sound\music\Babylonians\Quest\Babylon_BeginQuest_3.mp3<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 1326083 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[18:35 07/09/2012]<span class="Apple-tab-span" style="white-space:pre"> </span>[18:49 07/09/2012] A9772C8277EC4D8980BAB5F942B3D3F2</div> <div>C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\sound\music\Babylonians\Quest\Babylon_BeginQuest_4.mp3<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 2067542 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[18:35 07/09/2012]<span class="Apple-tab-span" style="white-space:pre"> </span>[18:48 07/09/2012] 92202F987A913869472761A51B9D204B</div> <div>C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\sound\music\Babylonians\Quest\Babylon_Quest_1.mp3<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 3186101 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[18:35 07/09/2012]<span class="Apple-tab-span" style="white-space:pre"> </span>[18:54 07/09/2012] 7D81F47D9DD4A900CAC5FD564E76E862</div> <div>C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\sound\music\Babylonians\Quest\Babylon_Quest_2.mp3<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 3163532 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[18:35 07/09/2012]<span class="Apple-tab-span" style="white-space:pre"> </span>[18:54 07/09/2012] B008776C2F04E2EE1FE2F1ADE37EBE19</div> <div>C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\sound\music\Babylonians\Quest\Babylon_Quest_3.mp3<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 2224377 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[18:35 07/09/2012]<span class="Apple-tab-span" style="white-space:pre"> </span>[18:50 07/09/2012] FF54B7D4520AA19BC1F46E0DCAE5FA29</div> <div>C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\sound\music\Babylonians\Quest\Babylon_Quest_4.mp3<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 1693569 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[18:35 07/09/2012]<span class="Apple-tab-span" style="white-space:pre"> </span>[18:48 07/09/2012] BB553037025C1C53DFFD7EC56FD18B39</div> <div>C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\sound\music\Babylonians\Quest\Babylon_Quest_5.mp3<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 2734706 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[18:35 07/09/2012]<span class="Apple-tab-span" style="white-space:pre"> </span>[18:48 07/09/2012] C55A4DB1D81EA3853828DE4EC69FE18F</div> <div>C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\sound\music\Babylonians\Quest\Babylon_Quest_Lose.mp3<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 1281779 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[18:35 07/09/2012]<span class="Apple-tab-span" style="white-space:pre"> </span>[18:48 07/09/2012] 95FD222EBEC6007ECA5908D1985545DD</div> <div>C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\sound\music\Babylonians\Quest\Babylon_Quest_Win.mp3<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 1281779 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[18:35 07/09/2012]<span class="Apple-tab-span" style="white-space:pre"> </span>[18:50 07/09/2012] F34EEF47A1EC29EBE5F8CC5444497D0F</div> <div>C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\sound\SoundSets\Bldg_Babylon.xml<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 9651 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[18:53 07/09/2012]<span class="Apple-tab-span" style="white-space:pre"> </span>[18:53 07/09/2012] ADAA6199222E286D1C777B80D15EC118</div> <div>C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\sound\SoundSets\Civ_Babylon.xml<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 16629 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[18:56 07/09/2012]<span class="Apple-tab-span" style="white-space:pre"> </span>[18:56 07/09/2012] 77C24A13830707571E25335D97803EBF</div> <div>C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\sound\SoundSets\Vox_Babylon.xml<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 124459 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[18:55 07/09/2012]<span class="Apple-tab-span" style="white-space:pre"> </span>[18:55 07/09/2012] A6D41239F5AA2A1D025D417F85BC73F3</div> <div>C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar.zip<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 789 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[17:11 12/01/2013]<span class="Apple-tab-span" style="white-space:pre"> </span>[17:11 12/01/2013] BFFC6CD0F0D451EC4B8D3F5D05EC2201</div> <div>C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar1.zip<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 790 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[16:44 13/01/2013]<span class="Apple-tab-span" style="white-space:pre"> </span>[16:44 13/01/2013] 4B4C8B67DE44BEFD87934B126F9D129A</div> <div>C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 789 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[01:12 14/01/2013]<span class="Apple-tab-span" style="white-space:pre"> </span>[01:12 14/01/2013] CC6FDAC5A379F91FEC475B3586429040</div> <div>C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar3.zip<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 790 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[19:03 14/01/2013]<span class="Apple-tab-span" style="white-space:pre"> </span>[19:03 14/01/2013] 597DA18D0D7F370162345ED8921D8191</div> <div>C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar.zip<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 789 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[17:11 12/01/2013]<span class="Apple-tab-span" style="white-space:pre"> </span>[17:11 12/01/2013] BFFC6CD0F0D451EC4B8D3F5D05EC2201</div> <div>C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar1.zip<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 790 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[16:44 13/01/2013]<span class="Apple-tab-span" style="white-space:pre"> </span>[16:44 13/01/2013] 4B4C8B67DE44BEFD87934B126F9D129A</div> <div>C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 789 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[01:12 14/01/2013]<span class="Apple-tab-span" style="white-space:pre"> </span>[01:12 14/01/2013] CC6FDAC5A379F91FEC475B3586429040</div> <div>C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar3.zip<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 790 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[19:03 14/01/2013]<span class="Apple-tab-span" style="white-space:pre"> </span>[19:03 14/01/2013] 597DA18D0D7F370162345ED8921D8191</div> <div>C:\_OTL\MovedFiles\01192013_235033\C_Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 626 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[01:31 16/01/2013]<span class="Apple-tab-span" style="white-space:pre"> </span>[03:14 17/01/2013] 43BF6841BDB625ED76293F6523B2A53C</div> <div>C:\_OTL\MovedFiles\01282013_000739\C_Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 626 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[00:04 28/01/2013]<span class="Apple-tab-span" style="white-space:pre"> </span>[00:04 28/01/2013] 43BF6841BDB625ED76293F6523B2A53C</div> <div> </div> <div>========== regfind ==========</div> <div> </div> <div>Searching for "babylon"</div> <div>No data found.</div> <div> </div> <div>========== folderfind ==========</div> <div> </div> <div>Searching for "*babylon"</div> <div>No folders found.</div> <div> </div> <div>-= EOF =-</div>
  13. On restart it appears to just kept coming back!!! [2013/01/28 00:11:21 | 000,000,626 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
  14. <p> </p> <div>OTL logfile created on: 28/01/2013 00:19:37 - Run 5</div> <div>OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sam\Desktop</div> <div>64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation</div> <div>Internet Explorer (Version = 9.0.8112.16421)</div> <div>Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy</div> <div> </div> <div>5.90 Gb Total Physical Memory | 3.34 Gb Available Physical Memory | 56.60% Memory free</div> <div>11.79 Gb Paging File | 8.88 Gb Available in Paging File | 75.31% Paging File free</div> <div>Paging file location(s): ?:\pagefile.sys [binary data]</div> <div> </div> <div>%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)</div> <div>Drive C: | 446.13 Gb Total Space | 31.95 Gb Free Space | 7.16% Space Free | Partition Type: NTFS</div> <div>Drive D: | 465.76 Gb Total Space | 168.56 Gb Free Space | 36.19% Space Free | Partition Type: NTFS</div> <div> </div> <div>Computer Name: SAM-LAPPY | User Name: Sam | Logged in as Administrator.</div> <div>Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans</div> <div>Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days</div> <div> </div> <div>========== Processes (SafeList) ==========</div> <div> </div> <div>PRC - C:\Users\Sam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)</div> <div>PRC - C:\Users\Sam\Desktop\OTL.exe (OldTimer Tools)</div> <div>PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)</div> <div>PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)</div> <div>PRC - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)</div> <div>PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)</div> <div>PRC - D:\Program Files (x86)\IObit\Advanced SystemCare 6\ASC.exe (IObit)</div> <div>PRC - D:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe (IObit)</div> <div>PRC - C:\Users\Sam\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)</div> <div>PRC - D:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe (IObit)</div> <div>PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)</div> <div>PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)</div> <div>PRC - D:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)</div> <div>PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()</div> <div>PRC - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)</div> <div>PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)</div> <div>PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)</div> <div>PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)</div> <div>PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()</div> <div>PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)</div> <div>PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)</div> <div>PRC - C:\Prey\platform\windows\cronsvc.exe (Fork Ltd.)</div> <div>PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)</div> <div>PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)</div> <div>PRC - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()</div> <div>PRC - C:\Windows\SysWOW64\runonce.exe (Microsoft Corporation)</div> <div>PRC - C:\Program Files (x86)\WordWeb\wweb32.exe (WordWeb Software)</div> <div> </div> <div> </div> <div>========== Modules (No Company Name) ==========</div> <div> </div> <div>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll ()</div> <div>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()</div> <div>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c9298c7ab70c4db2848fc747b7ea5c3\PresentationFramework.ni.dll ()</div> <div>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll ()</div> <div>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()</div> <div>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()</div> <div>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()</div> <div>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll ()</div> <div>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()</div> <div>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()</div> <div>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()</div> <div>MOD - D:\Program Files (x86)\IObit\Advanced SystemCare 6\madexcept_.bpl ()</div> <div>MOD - D:\Program Files (x86)\IObit\Advanced SystemCare 6\maddisAsm_.bpl ()</div> <div>MOD - D:\Program Files (x86)\IObit\Advanced SystemCare 6\madbasic_.bpl ()</div> <div>MOD - D:\Program Files (x86)\IObit\Advanced SystemCare 6\Scan.dll ()</div> <div>MOD - C:\Program Files (x86)\Evernote\Evernote\libxml2.dll ()</div> <div>MOD - C:\Program Files (x86)\Evernote\Evernote\libtidy.dll ()</div> <div>MOD - D:\Program Files (x86)\IObit\Advanced SystemCare 6\webres.dll ()</div> <div>MOD - D:\Program Files (x86)\IObit\Advanced SystemCare 6\sqlite3.dll ()</div> <div>MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll ()</div> <div>MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll ()</div> <div>MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll ()</div> <div>MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll ()</div> <div>MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll ()</div> <div>MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll ()</div> <div>MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll ()</div> <div>MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll ()</div> <div>MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll ()</div> <div>MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll ()</div> <div>MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll ()</div> <div>MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll ()</div> <div>MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll ()</div> <div>MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll ()</div> <div>MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll ()</div> <div>MOD - C:\Windows\wweb32.dll ()</div> <div>MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()</div> <div>MOD - C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll ()</div> <div>MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()</div> <div>MOD - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()</div> <div>MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()</div> <div> </div> <div> </div> <div>========== Services (SafeList) ==========</div> <div> </div> <div>SRV:64bit: - (NitroReaderDriverReadSpool2) -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (Nitro PDF Software)</div> <div>SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)</div> <div>SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()</div> <div>SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)</div> <div>SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel® Corporation)</div> <div>SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)</div> <div>SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel® Corporation)</div> <div>SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)</div> <div>SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)</div> <div>SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)</div> <div>SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)</div> <div>SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)</div> <div>SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)</div> <div>SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)</div> <div>SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)</div> <div>SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)</div> <div>SRV - (AdvancedSystemCareService6) -- D:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe (IObit)</div> <div>SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)</div> <div>SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)</div> <div>SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)</div> <div>SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()</div> <div>SRV - (Te.Service) -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe (Microsoft Corporation)</div> <div>SRV - (fussvc) -- C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe (Microsoft Corporation)</div> <div>SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)</div> <div>SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)</div> <div>SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)</div> <div>SRV - (Sony SCSI Helper Service) -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation)</div> <div>SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)</div> <div>SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)</div> <div>SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)</div> <div>SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)</div> <div>SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)</div> <div>SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)</div> <div>SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)</div> <div>SRV - (CronService) -- C:\Prey\platform\windows\cronsvc.exe (Fork Ltd.)</div> <div>SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)</div> <div>SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)</div> <div>SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)</div> <div>SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)</div> <div>SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)</div> <div>SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)</div> <div>SRV - (WinVNC4) -- C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.)</div> <div> </div> <div> </div> <div>========== Driver Services (SafeList) ==========</div> <div> </div> <div>DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)</div> <div>DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )</div> <div>DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )</div> <div>DRV:64bit: - (nvkflt) -- C:\Windows\SysNative\drivers\nvkflt.sys (NVIDIA Corporation)</div> <div>DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)</div> <div>DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)</div> <div>DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)</div> <div>DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)</div> <div>DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)</div> <div>DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)</div> <div>DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)</div> <div>DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)</div> <div>DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)</div> <div>DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)</div> <div>DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)</div> <div>DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)</div> <div>DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)</div> <div>DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)</div> <div>DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)</div> <div>DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows ® Win 7 DDK provider)</div> <div>DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows ® Win 7 DDK provider)</div> <div>DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)</div> <div>DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)</div> <div>DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)</div> <div>DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)</div> <div>DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)</div> <div>DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)</div> <div>DRV:64bit: - (RsFx0105) -- C:\Windows\SysNative\drivers\RsFx0105.sys (Microsoft Corporation)</div> <div>DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)</div> <div>DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)</div> <div>DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.)</div> <div>DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )</div> <div>DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation)</div> <div>DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)</div> <div>DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)</div> <div>DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)</div> <div>DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)</div> <div>DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)</div> <div>DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)</div> <div>DRV:64bit: - (NvStUSB) -- C:\Windows\SysNative\drivers\nvstusb.sys ()</div> <div>DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)</div> <div>DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)</div> <div>DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Accelern.sys (ST Microelectronics)</div> <div>DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel® Corporation)</div> <div>DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)</div> <div>DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)</div> <div>DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)</div> <div>DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)</div> <div>DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)</div> <div>DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)</div> <div>DRV:64bit: - (stdcfltn) -- C:\Windows\SysNative\drivers\stdcfltn.sys (ST Microelectronics)</div> <div>DRV:64bit: - (qicflt) -- C:\Windows\SysNative\drivers\qicflt.sys (Quanta Computer)</div> <div>DRV:64bit: - (AVer7231_x64) -- C:\Windows\SysNative\drivers\AVer7231_x64.sys (AVerMedia TECHNOLOGIES, Inc.)</div> <div>DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)</div> <div>DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)</div> <div>DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)</div> <div>DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)</div> <div>DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)</div> <div>DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)</div> <div>DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)</div> <div>DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)</div> <div>DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)</div> <div>DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)</div> <div>DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)</div> <div>DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)</div> <div>DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)</div> <div>DRV - (VSPerfDrv110) -- D:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys (Microsoft Corporation)</div> <div>DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)</div> <div> </div> <div> </div> <div>========== Standard Registry (SafeList) ==========</div> <div> </div> <div> </div> <div>========== Internet Explorer ==========</div> <div> </div> <div>IE:64bit: - HKLM\..\SearchScopes,DefaultScope = </div> <div>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm</div> <div>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/</div> <div>IE - HKLM\..\SearchScopes,DefaultScope = </div> <div> </div> <div>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/</div> <div>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp</div> <div>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB</div> <div>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = </div> <div>IE - HKCU\..\SearchScopes,DefaultScope = {4F5CDA54-9914-4166-A3E1-AD46355AAE49}</div> <div>IE - HKCU\..\SearchScopes\{4F5CDA54-9914-4166-A3E1-AD46355AAE49}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}</div> <div>IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div> <div> </div> <div>========== FireFox ==========</div> <div> </div> <div>FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1</div> <div>FF - user.js - File not found</div> <div> </div> <div>FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found</div> <div>FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found</div> <div>FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)</div> <div>FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)</div> <div>FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()</div> <div>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found</div> <div>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()</div> <div>FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)</div> <div>FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)</div> <div>FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found</div> <div>FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found</div> <div>FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found</div> <div>FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll (ESN Social Software AB)</div> <div>FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)</div> <div>FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)</div> <div>FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)</div> <div>FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found</div> <div>FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)</div> <div>FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)</div> <div>FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)</div> <div>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</div> <div>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</div> <div>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</div> <div>FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )</div> <div>FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)</div> <div>FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)</div> <div>FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()</div> <div>FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)</div> <div>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)</div> <div>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)</div> <div>FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)</div> <div>FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</div> <div>FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Sam\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found</div> <div>FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Sam\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)</div> <div>FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Sam\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()</div> <div>FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sam\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)</div> <div>FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sam\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)</div> <div>FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Sam\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)</div> <div> </div> <div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/25 00:34:26 | 000,000,000 | ---D | M]</div> <div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins</div> <div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK</div> <div> </div> <div>[2013/01/25 00:36:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sam\AppData\Roaming\Mozilla\Extensions</div> <div>[2013/01/25 00:34:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions</div> <div>[2013/01/16 20:11:06 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll</div> <div>[2013/01/28 00:11:21 | 000,000,626 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml</div> <div>[2013/01/16 20:10:30 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml</div> <div>[2013/01/28 00:11:21 | 000,000,579 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\image.xml</div> <div>[2013/01/16 20:10:30 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml</div> <div> </div> <div>========== Chrome ==========</div> <div> </div> <div>CHR - default_search_provider: Google (Enabled)</div> <div>CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}</div> <div>CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}</div> <div>CHR - homepage: http://www.google.co.uk/</div> <div>CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1386.0\PepperFlash\pepflashplayer.dll</div> <div>CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer</div> <div>CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1386.0\ppGoogleNaClPluginChrome.dll</div> <div>CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1386.0\pdf.dll</div> <div>CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll</div> <div>CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll</div> <div>CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll</div> <div>CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll</div> <div>CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll</div> <div>CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll</div> <div>CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll</div> <div>CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll</div> <div>CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Sam\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll</div> <div>CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Sam\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll</div> <div>CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL</div> <div>CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL</div> <div>CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll</div> <div>CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll</div> <div>CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll</div> <div>CHR - plugin: Citrix ICA Client (Enabled) = C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll</div> <div>CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll</div> <div>CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll</div> <div>CHR - plugin: Java Platform SE 7 U11 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll</div> <div>CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll</div> <div>CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll</div> <div>CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll</div> <div>CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll</div> <div>CHR - plugin: Reader Application Detector (Enabled) = C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll</div> <div>CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll</div> <div>CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll</div> <div>CHR - plugin: Unity Player (Enabled) = C:\Users\Sam\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll</div> <div>CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll</div> <div>CHR - plugin: Java Deployment Toolkit 7.0.110.21 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll</div> <div>CHR - plugin: VLC Web Plugin (Enabled) = D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll</div> <div>CHR - Extension: Google Docs = C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.4_0\</div> <div>CHR - Extension: Google Drive = C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\</div> <div>CHR - Extension: YouTube = C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\</div> <div>CHR - Extension: Google Search = C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\</div> <div>CHR - Extension: Gmail = C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\</div> <div> </div> <div>O1 HOSTS File: ([2013/01/19 23:51:03 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts</div> <div>O1 - Hosts: 127.0.0.1 localhost</div> <div>O1 - Hosts: ::1 localhost</div> <div>O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.</div> <div>O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)</div> <div>O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - D:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)</div> <div>O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)</div> <div>O4:64bit: - HKLM..\Run: [bTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)</div> <div>O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()</div> <div>O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)</div> <div>O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)</div> <div>O4:64bit: - HKLM..\Run: [intelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)</div> <div>O4:64bit: - HKLM..\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found</div> <div>O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)</div> <div>O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)</div> <div>O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)</div> <div>O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)</div> <div>O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)</div> <div>O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)</div> <div>O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)</div> <div>O4 - HKLM..\Run: [Everything] C:\Program Files (x86)\Everything\Everything.exe ()</div> <div>O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)</div> <div>O4 - HKCU..\Run: [spotify Web Helper] C:\Users\Sam\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)</div> <div>O4 - HKCU..\Run: [WordWeb] C:\Program Files (x86)\WordWeb\wweb32.exe (WordWeb Software)</div> <div>O4 - Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Sam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)</div> <div>O4 - Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)</div> <div>O4 - Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk = File not found</div> <div>O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present</div> <div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0</div> <div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5</div> <div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3</div> <div>O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div> <div>O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0</div> <div>O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)</div> <div>O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)</div> <div>O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)</div> <div>O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)</div> <div>O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)</div> <div>O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)</div> <div>O13 - gopher Prefix: missing</div> <div>O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)</div> <div>O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)</div> <div>O16 - DPF: {E34F52FE-7769-46CE-8F8B-5E8ABAD2E9FC} https://webmail-eu.towerswatson.com/CACHE/sdesktop/install/binaries/instweb.cab (CSD ActiveX Installer)</div> <div>O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)</div> <div>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254</div> <div>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4CB81583-68DC-40B1-ABA5-FD3EA5118C3B}: DhcpNameServer = 192.168.1.254 192.168.1.254</div> <div>O18:64bit: - Protocol\Handler\livecall - No CLSID value found</div> <div>O18:64bit: - Protocol\Handler\ms-help - No CLSID value found</div> <div>O18:64bit: - Protocol\Handler\msnim - No CLSID value found</div> <div>O18:64bit: - Protocol\Handler\skype4com - No CLSID value found</div> <div>O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found</div> <div>O18:64bit: - Protocol\Handler\wlpg - No CLSID value found</div> <div>O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)</div> <div>O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found</div> <div>O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found</div> <div>O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found</div> <div>O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found</div> <div>O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found</div> <div>O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found</div> <div>O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found</div> <div>O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found</div> <div>O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found</div> <div>O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found</div> <div>O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found</div> <div>O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found</div> <div>O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found</div> <div>O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found</div> <div>O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found</div> <div>O18:64bit: - Protocol\Filter\ica - No CLSID value found</div> <div>O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</div> <div>O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</div> <div>O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</div> <div>O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</div> <div>O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</div> <div>O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</div> <div>O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</div> <div>O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</div> <div>O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</div> <div>O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</div> <div>O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</div> <div>O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</div> <div>O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</div> <div>O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</div> <div>O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</div> <div>O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</div> <div>O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)</div> <div>O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)</div> <div>O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)</div> <div>O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)</div> <div>O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)</div> <div>O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)</div> <div>O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)</div> <div>O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)</div> <div>O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.</div> <div>O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.</div> <div>O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - D:\Stardock\Fences\FencesMenu64.dll (Stardock)</div> <div>O32 - HKLM CDRom: AutoRun - 1</div> <div>O34 - HKLM BootExecute: (autocheck autochk *)</div> <div>O35:64bit: - HKLM\..comfile [open] -- "%1" %*</div> <div>O35:64bit: - HKLM\..exefile [open] -- "%1" %*</div> <div>O35 - HKLM\..comfile [open] -- "%1" %*</div> <div>O35 - HKLM\..exefile [open] -- "%1" %*</div> <div>O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*</div> <div>O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*</div> <div>O37 - HKLM\...com [@ = ComFile] -- "%1" %*</div> <div>O37 - HKLM\...exe [@ = exefile] -- "%1" %*</div> <div>O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)</div> <div>O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)</div> <div>O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)</div> <div> </div> <div>========== Files/Folders - Created Within 30 Days ==========</div> <div> </div> <div>[2013/01/27 23:57:52 | 000,000,000 | ---D | C] -- C:\Users\Sam\Two Worlds II - GotY Bonus</div> <div>[2013/01/27 23:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reality Pump</div> <div>[2013/01/27 21:44:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cyanide</div> <div>[2013/01/27 21:43:42 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\Qawra Palace in Qawra, Malta On the Beach_files</div> <div>[2013/01/27 21:22:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ</div> <div>[2013/01/27 21:22:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\THQ</div> <div>[2013/01/27 15:06:52 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\BigHugeEngine</div> <div>[2013/01/27 08:20:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingdoms of Amalur Reckoning</div> <div>[2013/01/27 03:37:44 | 000,000,000 | ---D | C] -- C:\Users\Sam\Documents\FIFA MANAGER 12</div> <div>[2013/01/26 20:46:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WB Games</div> <div>[2013/01/26 20:33:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD</div> <div>[2013/01/26 20:29:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive</div> <div>[2013/01/26 20:29:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace</div> <div>[2013/01/26 20:29:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE</div> <div>[2013/01/26 20:26:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1C Company</div> <div>[2013/01/26 04:02:40 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\DCS</div> <div>[2013/01/26 04:01:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eagle Dynamics</div> <div>[2013/01/25 02:33:56 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe</div> <div>[2013/01/25 00:36:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome</div> <div>[2013/01/25 00:34:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service</div> <div>[2013/01/25 00:34:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox</div> <div>[2013/01/22 22:02:56 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT</div> <div>[2013/01/22 22:02:49 | 000,000,000 | ---D | C] -- C:\JRT</div> <div>[2013/01/19 23:50:33 | 000,000,000 | ---D | C] -- C:\_OTL</div> <div>[2013/01/19 14:06:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe</div> <div>[2013/01/17 02:45:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN</div> <div>[2013/01/17 02:40:37 | 000,000,000 | ---D | C] -- C:\Windows\temp</div> <div>[2013/01/14 02:30:41 | 000,000,000 | ---D | C] -- C:\MGtools</div> <div>[2013/01/14 01:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro</div> <div>[2013/01/14 01:06:17 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller</div> <div>[2013/01/14 01:06:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group</div> <div>[2013/01/14 00:58:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0</div> <div>[2013/01/13 23:35:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe</div> <div>[2013/01/13 23:35:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe</div> <div>[2013/01/13 23:35:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe</div> <div>[2013/01/13 23:35:48 | 000,000,000 | ---D | C] -- C:\Qoobox</div> <div>[2013/01/13 23:35:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt</div> <div>[2013/01/13 23:23:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java</div> <div>[2013/01/13 22:42:00 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\Fixing</div> <div>[2013/01/13 22:15:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google</div> <div>[2013/01/12 16:16:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy</div> <div>[2013/01/12 16:16:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy</div> <div>[2013/01/12 16:16:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy</div> <div>[2013/01/12 16:07:31 | 000,000,000 | ---D | C] -- C:\Users\Sam\Documents\CC Reg Backups</div> <div>[2013/01/12 16:04:01 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Greenshot</div> <div>[2013/01/12 16:03:52 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\Greenshot</div> <div>[2013/01/12 15:24:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NoteTab Light</div> <div>[2013/01/12 15:24:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NoteTab Light</div> <div>[2013/01/12 15:23:12 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView</div> <div>[2013/01/12 15:23:11 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\IrfanView</div> <div>[2013/01/12 15:23:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView</div> <div>[2013/01/12 14:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenshot</div> <div>[2013/01/12 14:57:15 | 000,000,000 | ---D | C] -- C:\Program Files\Greenshot</div> <div>[2013/01/12 14:56:19 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET</div> <div>[2013/01/12 14:56:07 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\Paint.NET</div> <div>[2013/01/12 14:54:03 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prey</div> <div>[2013/01/12 14:54:02 | 000,000,000 | ---D | C] -- C:\Prey</div> <div>[2013/01/12 14:48:15 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything</div> <div>[2013/01/12 14:48:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Everything</div> <div>[2013/01/12 14:44:18 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat</div> <div>[2013/01/12 14:44:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat</div> <div>[2013/01/12 14:44:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinDirStat</div> <div>[2013/01/11 01:50:31 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\AVG2013</div> <div>[2013/01/11 01:29:58 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\TuneUp Software</div> <div>[2013/01/11 01:29:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG</div> <div>[2013/01/11 01:29:10 | 000,000,000 | ---D | C] -- C:\$AVG</div> <div>[2013/01/11 01:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013</div> <div>[2013/01/11 01:28:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG</div> <div>[2013/01/11 01:25:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files</div> <div>[2013/01/11 01:25:20 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\MFAData</div> <div>[2013/01/11 01:25:20 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData</div> <div>[2013/01/11 01:25:20 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\Avg2013</div> <div>[2013/01/05 18:55:36 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\ElevatedDiagnostics</div> <div> </div> <div>========== Files - Modified Within 30 Days ==========</div> <div> </div> <div>[2013/01/28 00:18:38 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</div> <div>[2013/01/28 00:18:38 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</div> <div>[2013/01/28 00:11:17 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job</div> <div>[2013/01/28 00:11:13 | 000,000,542 | ---- | M] () -- C:\Windows\tasks\MATLAB R2012a Startup Accelerator.job</div> <div>[2013/01/28 00:11:09 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job</div> <div>[2013/01/28 00:10:49 | 000,000,031 | ---- | M] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat</div> <div>[2013/01/28 00:09:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat</div> <div>[2013/01/28 00:09:05 | 453,640,191 | -HS- | M] () -- C:\hiberfil.sys</div> <div>[2013/01/28 00:07:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-371144906-3944880737-2443039130-1002UA.job</div> <div>[2013/01/28 00:01:00 | 000,000,252 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job</div> <div>[2013/01/27 23:51:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job</div> <div>[2013/01/27 23:40:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job</div> <div>[2013/01/27 21:44:34 | 000,795,069 | ---- | M] () -- C:\Users\Sam\Desktop\Holiday.png</div> <div>[2013/01/27 21:43:42 | 000,048,806 | ---- | M] () -- C:\Users\Sam\Desktop\Qawra Palace in Qawra, Malta On the Beach.htm</div> <div>[2013/01/27 04:07:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-371144906-3944880737-2443039130-1002Core.job</div> <div>[2013/01/25 02:33:56 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe</div> <div>[2013/01/25 01:41:05 | 000,001,052 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk</div> <div>[2013/01/25 01:13:45 | 000,002,281 | ---- | M] () -- C:\Users\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk</div> <div>[2013/01/25 00:36:12 | 000,002,257 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk</div> <div>[2013/01/25 00:34:48 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk</div> <div>[2013/01/24 23:29:25 | 000,001,216 | ---- | M] () -- C:\Users\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk</div> <div>[2013/01/19 23:51:03 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts</div> <div>[2013/01/19 14:06:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe</div> <div>[2013/01/14 02:35:23 | 000,380,010 | ---- | M] () -- C:\MGlogs.zip</div> <div>[2013/01/14 01:06:17 | 000,001,266 | ---- | M] () -- C:\Users\Sam\Desktop\Revo Uninstaller.lnk</div> <div>[2013/01/14 01:01:38 | 000,859,272 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI</div> <div>[2013/01/14 01:01:38 | 000,719,824 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat</div> <div>[2013/01/14 01:01:38 | 000,147,058 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat</div> <div>[2013/01/14 01:01:32 | 000,859,272 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI</div> <div>[2013/01/13 23:49:49 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130114-005115.backup</div> <div>[2013/01/12 17:54:21 | 000,048,301 | ---- | M] () -- C:\Users\Sam\Desktop\bookmarks_12_01_2013.html</div> <div>[2013/01/12 16:16:56 | 000,001,284 | ---- | M] () -- C:\Users\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk</div> <div>[2013/01/12 16:09:01 | 000,001,092 | ---- | M] () -- C:\Users\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities.lnk</div> <div>[2013/01/12 15:24:36 | 000,001,037 | ---- | M] () -- C:\Users\Sam\Desktop\NoteTab Light.lnk</div> <div>[2013/01/12 14:56:34 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk</div> <div>[2013/01/12 14:44:19 | 000,001,033 | ---- | M] () -- C:\Users\Sam\Desktop\WinDirStat.lnk</div> <div>[2013/01/09 03:30:36 | 005,501,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT</div> <div> </div> <div>========== Files Created - No Company Name ==========</div> <div> </div> <div>[2013/01/27 21:44:34 | 000,795,069 | ---- | C] () -- C:\Users\Sam\Desktop\Holiday.png</div> <div>[2013/01/27 21:43:41 | 000,048,806 | ---- | C] () -- C:\Users\Sam\Desktop\Qawra Palace in Qawra, Malta On the Beach.htm</div> <div>[2013/01/25 00:36:12 | 000,002,281 | ---- | C] () -- C:\Users\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk</div> <div>[2013/01/25 00:36:12 | 000,002,257 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk</div> <div>[2013/01/25 00:35:18 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job</div> <div>[2013/01/25 00:35:17 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job</div> <div>[2013/01/25 00:34:48 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk</div> <div>[2013/01/25 00:34:46 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk</div> <div>[2013/01/14 02:30:43 | 000,380,010 | ---- | C] () -- C:\MGlogs.zip</div> <div>[2013/01/14 01:06:17 | 000,001,266 | ---- | C] () -- C:\Users\Sam\Desktop\Revo Uninstaller.lnk</div> <div>[2013/01/13 23:35:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe</div> <div>[2013/01/13 23:35:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe</div> <div>[2013/01/13 23:35:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe</div> <div>[2013/01/13 23:35:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe</div> <div>[2013/01/13 23:35:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe</div> <div>[2013/01/12 17:54:21 | 000,048,301 | ---- | C] () -- C:\Users\Sam\Desktop\bookmarks_12_01_2013.html</div> <div>[2013/01/12 16:16:56 | 000,001,284 | ---- | C] () -- C:\Users\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk</div> <div>[2013/01/12 15:24:36 | 000,001,037 | ---- | C] () -- C:\Users\Sam\Desktop\NoteTab Light.lnk</div> <div>[2013/01/12 14:56:34 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk</div> <div>[2013/01/12 14:56:34 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk</div> <div>[2013/01/12 14:54:48 | 000,000,031 | ---- | C] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat</div> <div>[2013/01/12 14:44:19 | 000,001,033 | ---- | C] () -- C:\Users\Sam\Desktop\WinDirStat.lnk</div> <div>[2012/11/21 20:00:52 | 000,003,500 | ---- | C] () -- C:\Users\Sam\AppData\Local\recently-used.xbel</div> <div>[2012/09/22 01:49:06 | 003,360,624 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe</div> <div>[2012/04/26 19:25:04 | 000,007,645 | ---- | C] () -- C:\Users\Sam\AppData\Local\Resmon.ResmonCfg</div> <div>[2012/02/27 16:55:47 | 000,000,050 | ---- | C] () -- C:\Users\Sam\ewin30.tcl</div> <div>[2012/02/27 16:55:47 | 000,000,031 | ---- | C] () -- C:\Users\Sam\eoffice30.tcl</div> <div>[2011/12/19 23:33:43 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini</div> <div>[2011/10/10 16:55:39 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe</div> <div>[2011/10/10 16:55:23 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe</div> <div>[2011/10/10 15:17:35 | 002,212,096 | ---- | C] () -- C:\Windows\wweb32.dll</div> <div>[2011/10/06 16:40:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_89001461_aa.bin</div> <div>[2011/10/06 16:40:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_49001461_aa.bin</div> <div>[2011/10/06 16:40:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_33011461_aa.bin</div> <div>[2011/10/06 16:40:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_ca.bin</div> <div>[2011/10/06 16:40:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_ca.bin</div> <div>[2011/10/06 16:40:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_aa.bin</div> <div>[2011/10/06 16:40:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_8a.bin</div> <div>[2011/10/06 16:40:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_ca.bin</div> <div>[2011/10/06 16:40:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_aa.bin</div> <div>[2011/10/06 16:40:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_8a.bin</div> <div>[2011/10/06 16:40:26 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_890F1461_ca.bin</div> <div>[2011/10/06 16:40:26 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_2B0f1461_ca.bin</div> <div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_aa.bin</div> <div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_8a.bin</div> <div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A0F1461_ca.bin</div> <div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_ca.bin</div> <div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_aa.bin</div> <div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_8a.bin</div> <div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_14001461_61.bin</div> <div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_13011461_aa.bin</div> <div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_ca.bin</div> <div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_8a.bin</div> <div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_aa.bin</div> <div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_8a.bin</div> <div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_ca.bin</div> <div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_aa.bin</div> <div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_8a.bin</div> <div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A0F1461_ca.bin</div> <div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_ca.bin</div> <div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_aa.bin</div> <div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_8a.bin</div> <div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A031461_ca.bin</div> <div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A031461_aa.bin</div> <div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A011461_ca.bin</div> <div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A011461_aa.bin</div> <div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_09001461_aa.bin</div> <div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_08071461_aa.bin</div> <div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_060F1461_ca.bin</div> <div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_aa.bin</div> <div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_8a.bin</div> <div>[2011/10/06 16:40:25 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_07031461_aa.bin</div> <div>[2011/10/06 16:40:25 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_ca.bin</div> <div>[2011/10/06 16:40:25 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_aa.bin</div> <div>[2011/10/06 16:40:25 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_8a.bin</div> <div>[2011/10/06 16:40:25 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_29001461_ca.bin</div> <div>[2011/10/06 16:40:25 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_0B0f1461_ca.bin</div> <div>[2011/10/06 16:40:25 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_090F1461_ca.bin</div> <div>[2011/10/06 16:40:25 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_180F1461_ca.bin</div> <div>[2011/10/06 16:40:25 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_18071461_aa.bin</div> <div>[2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_aa.bin</div> <div>[2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_8a.bin</div> <div>[2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_aa.bin</div> <div>[2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_8a.bin</div> <div>[2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_ca.bin</div> <div>[2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_8a.bin</div> <div>[2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_aa.bin</div> <div>[2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_8a.bin</div> <div>[2011/10/06 16:40:24 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03131461_8a.bin</div> <div>[2011/10/06 16:40:24 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03031461_aa.bin</div> <div>[2011/10/06 16:40:24 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_ca.bin</div> <div>[2011/10/06 16:40:24 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_aa.bin</div> <div>[2011/10/06 16:40:24 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_8a.bin</div> <div>[2011/10/06 16:40:24 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_aa.bin</div> <div>[2011/10/06 16:40:24 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_8a.bin</div> <div>[2011/10/06 16:40:24 | 000,000,376 | ---- | C] () -- C:\Windows\11317231_03131461_aa.bin</div> <div>[2011/10/06 16:38:25 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin</div> <div>[2011/10/06 16:38:22 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin</div> <div>[2011/10/06 16:38:20 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin</div> <div>[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat</div> <div>[2011/02/10 16:10:51 | 000,859,272 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI</div> <div>[2011/02/10 04:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini</div> <div> </div> <div>========== ZeroAccess Check ==========</div> <div> </div> <div>[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini</div> <div> </div> <div>[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64</div> <div> </div> <div>[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</div> <div> </div> <div>[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64</div> <div> </div> <div>[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]</div> <div> </div> <div>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64</div> <div>"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)</div> <div>"ThreadingModel" = Apartment</div> <div> </div> <div>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</div> <div>"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)</div> <div>"ThreadingModel" = Apartment</div> <div> </div> <div>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64</div> <div>"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)</div> <div>"ThreadingModel" = Free</div> <div> </div> <div>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]</div> <div>"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)</div> <div>"ThreadingModel" = Free</div> <div> </div> <div>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64</div> <div>"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)</div> <div>"ThreadingModel" = Both</div> <div> </div> <div>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]</div> <div> </div> <div>========== LOP Check ==========</div> <div> </div> <div>[2013/01/11 01:50:31 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\AVG2013</div> <div>[2011/10/10 19:05:40 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Blio</div> <div>[2012/02/08 18:32:33 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Camfrog</div> <div>[2012/03/09 11:17:01 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Cisco</div> <div>[2012/08/23 01:04:45 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant</div> <div>[2013/01/28 00:13:29 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Dropbox</div> <div>[2012/11/10 21:07:36 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\FileZilla</div> <div>[2011/10/10 11:41:49 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Fingertapps</div> <div>[2011/11/25 17:57:58 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\GFT Global Markets UK</div> <div>[2013/01/12 16:08:59 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\GlarySoft</div> <div>[2013/01/12 16:04:14 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Greenshot</div> <div>[2012/12/01 14:32:06 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\ICAClient</div> <div>[2012/11/27 21:39:46 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\IObit</div> <div>[2013/01/12 15:23:11 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\IrfanView</div> <div>[2012/12/12 20:21:07 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Kalypso Media</div> <div>[2011/11/25 17:41:31 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\MetaQuotes</div> <div>[2013/01/14 02:33:47 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Nitro PDF</div> <div>[2012/08/22 23:58:09 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Notepad++</div> <div>[2012/12/09 02:33:13 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Origin</div> <div>[2012/03/04 19:19:23 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Pamela</div> <div>[2011/10/10 13:09:15 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\PCDr</div> <div>[2012/08/25 18:09:01 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\PDAppFlex</div> <div>[2012/05/08 22:35:24 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\PrimoPDF</div> <div>[2012/02/11 15:31:26 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Rainmeter</div> <div>[2011/11/14 22:28:24 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Research In Motion</div> <div>[2012/01/21 10:36:45 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\SoftGrid Client</div> <div>[2011/10/17 03:28:57 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Sports Interactive</div> <div>[2013/01/06 23:15:57 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Spotify</div> <div>[2012/09/04 19:50:16 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1</div> <div>[2012/04/27 00:44:25 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Stardock</div> <div>[2012/04/11 16:34:53 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\TeamViewer</div> <div>[2011/10/22 21:42:29 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\The Creative Assembly</div> <div>[2011/10/14 14:22:07 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\TP</div> <div>[2012/10/30 22:44:37 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\TS3Client</div> <div>[2013/01/11 01:29:58 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\TuneUp Software</div> <div>[2012/07/31 19:55:56 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Unity</div> <div>[2012/11/10 21:07:32 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\uTorrent</div> <div>[2012/02/24 15:13:25 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\ZinioReader4</div> <div> </div> <div>========== Purity Check ==========</div> <div> </div> <div> </div> <div> </div> <div>< End of report ></div> <div> </div>
  15. I would rather just get it removed, tbh. If you can keep helping I would really really appreciate it.
  16. Lastly, I can see that Babylon.xml is back in Program Files (x86)\Mozilla Firefox\searchplugins
  17. OTL logfile created on: 25/01/2013 02:06:44 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sam\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 5.90 Gb Total Physical Memory | 3.42 Gb Available Physical Memory | 58.03% Memory free 11.79 Gb Paging File | 9.11 Gb Available in Paging File | 77.30% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 446.13 Gb Total Space | 38.58 Gb Free Space | 8.65% Space Free | Partition Type: NTFS Drive D: | 465.76 Gb Total Space | 296.30 Gb Free Space | 63.62% Space Free | Partition Type: NTFS Computer Name: SAM-LAPPY | User Name: Sam | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Sam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Users\Sam\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) PRC - D:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe (IObit) PRC - C:\Users\Sam\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) PRC - D:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe (IObit) PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe () PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell) PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS) PRC - C:\Prey\platform\windows\cronsvc.exe (Fork Ltd.) PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe () PRC - C:\Program Files (x86)\WordWeb\wweb32.exe (WordWeb Software) PRC - C:\Program Files (x86)\Everything\Everything.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c9298c7ab70c4db2848fc747b7ea5c3\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Evernote\Evernote\libxml2.dll () MOD - C:\Program Files (x86)\Evernote\Evernote\libtidy.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll () MOD - C:\Windows\wweb32.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe () MOD - C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll () MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () MOD - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe () MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll () MOD - C:\Program Files (x86)\Everything\Everything.exe () ========== Services (SafeList) ========== SRV:64bit: - (NitroReaderDriverReadSpool2) -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (Nitro PDF Software) SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation) SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe () SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation) SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel® Corporation) SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation) SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel® Corporation) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdvancedSystemCareService6) -- D:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe (IObit) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (Te.Service) -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe (Microsoft Corporation) SRV - (fussvc) -- C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.) SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (Sony SCSI Helper Service) -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation) SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS) SRV - (CronService) -- C:\Prey\platform\windows\cronsvc.exe (Fork Ltd.) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions) SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions) SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (WinVNC4) -- C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.) ========== Driver Services (SafeList) ========== DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (nvkflt) -- C:\Windows\SysNative\drivers\nvkflt.sys (NVIDIA Corporation) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation) DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation) DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows ® Win 7 DDK provider) DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows ® Win 7 DDK provider) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (RsFx0105) -- C:\Windows\SysNative\drivers\RsFx0105.sys (Microsoft Corporation) DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation) DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.) DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation) DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation) DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (NvStUSB) -- C:\Windows\SysNative\drivers\nvstusb.sys () DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Accelern.sys (ST Microelectronics) DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel® Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (stdcfltn) -- C:\Windows\SysNative\drivers\stdcfltn.sys (ST Microelectronics) DRV:64bit: - (qicflt) -- C:\Windows\SysNative\drivers\qicflt.sys (Quanta Computer) DRV:64bit: - (AVer7231_x64) -- C:\Windows\SysNative\drivers\AVer7231_x64.sys (AVerMedia TECHNOLOGIES, Inc.) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (VSPerfDrv110) -- D:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-371144906-3944880737-2443039130-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKU\S-1-5-21-371144906-3944880737-2443039130-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp IE - HKU\S-1-5-21-371144906-3944880737-2443039130-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB IE - HKU\S-1-5-21-371144906-3944880737-2443039130-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = IE - HKU\S-1-5-21-371144906-3944880737-2443039130-1002\..\SearchScopes,DefaultScope = {4F5CDA54-9914-4166-A3E1-AD46355AAE49} IE - HKU\S-1-5-21-371144906-3944880737-2443039130-1002\..\SearchScopes\{4F5CDA54-9914-4166-A3E1-AD46355AAE49}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKU\S-1-5-21-371144906-3944880737-2443039130-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( ) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Sam\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Sam\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Sam\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sam\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sam\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Sam\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/25 00:34:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013/01/25 00:36:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sam\AppData\Roaming\Mozilla\Extensions [2013/01/25 00:34:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013/01/16 20:11:06 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013/01/25 01:49:47 | 000,000,626 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2013/01/16 20:10:30 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013/01/25 01:49:47 | 000,000,579 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\image.xml [2013/01/16 20:10:30 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://www.google.co.uk/ CHR - Extension: Docs = C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: Google Drive = C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: YouTube = C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Gmail = C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013/01/19 23:51:03 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - D:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [bTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [intelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation) O4:64bit: - HKLM..\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [Everything] C:\Program Files (x86)\Everything\Everything.exe () O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation) O4 - HKU\.DEFAULT..\Run: [Advanced SystemCare 6] D:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit) O4 - HKU\S-1-5-18..\Run: [Advanced SystemCare 6] D:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit) O4 - HKU\S-1-5-21-371144906-3944880737-2443039130-1002..\Run: [spotify Web Helper] C:\Users\Sam\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKU\S-1-5-21-371144906-3944880737-2443039130-1002..\Run: [WordWeb] C:\Program Files (x86)\WordWeb\wweb32.exe (WordWeb Software) O4 - Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Sam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O4 - Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-371144906-3944880737-2443039130-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-371144906-3944880737-2443039130-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {E34F52FE-7769-46CE-8F8B-5E8ABAD2E9FC} https://webmail-eu.towerswatson.com/CACHE/sdesktop/install/binaries/instweb.cab (CSD ActiveX Installer) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4CB81583-68DC-40B1-ABA5-FD3EA5118C3B}: DhcpNameServer = 192.168.1.254 192.168.1.254 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found O18:64bit: - Protocol\Filter\ica - No CLSID value found O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - D:\Stardock\Fences\FencesMenu64.dll (Stardock) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/01/25 02:08:16 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\Old Firefox Data [2013/01/25 00:36:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013/01/25 00:34:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013/01/25 00:34:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013/01/22 22:02:56 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013/01/22 22:02:49 | 000,000,000 | ---D | C] -- C:\JRT [2013/01/19 23:50:33 | 000,000,000 | ---D | C] -- C:\_OTL [2013/01/19 14:06:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe [2013/01/17 02:45:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/01/17 02:40:37 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/01/14 02:30:41 | 000,000,000 | ---D | C] -- C:\MGtools [2013/01/14 01:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2013/01/14 01:06:17 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [2013/01/14 01:06:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group [2013/01/14 00:58:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0 [2013/01/13 23:35:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/01/13 23:35:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/01/13 23:35:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/01/13 23:35:48 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/01/13 23:35:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/01/13 23:23:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013/01/13 22:42:00 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\Fixing [2013/01/13 22:15:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013/01/12 16:16:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2013/01/12 16:16:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013/01/12 16:16:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2013/01/12 16:07:31 | 000,000,000 | ---D | C] -- C:\Users\Sam\Documents\CC Reg Backups [2013/01/12 16:04:01 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Greenshot [2013/01/12 16:03:52 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\Greenshot [2013/01/12 15:24:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NoteTab Light [2013/01/12 15:24:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NoteTab Light [2013/01/12 15:23:12 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView [2013/01/12 15:23:11 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\IrfanView [2013/01/12 15:23:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView [2013/01/12 14:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenshot [2013/01/12 14:57:15 | 000,000,000 | ---D | C] -- C:\Program Files\Greenshot [2013/01/12 14:56:19 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET [2013/01/12 14:56:07 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\Paint.NET [2013/01/12 14:54:03 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prey [2013/01/12 14:54:02 | 000,000,000 | ---D | C] -- C:\Prey [2013/01/12 14:48:15 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything [2013/01/12 14:48:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Everything [2013/01/12 14:44:18 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat [2013/01/12 14:44:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat [2013/01/12 14:44:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinDirStat [2013/01/11 01:50:31 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\AVG2013 [2013/01/11 01:29:58 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\TuneUp Software [2013/01/11 01:29:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2013/01/11 01:29:10 | 000,000,000 | ---D | C] -- C:\$AVG [2013/01/11 01:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013 [2013/01/11 01:28:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2013/01/11 01:25:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2013/01/11 01:25:20 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\MFAData [2013/01/11 01:25:20 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2013/01/11 01:25:20 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\Avg2013 [2013/01/05 18:55:36 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\ElevatedDiagnostics [2012/12/28 11:52:37 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\Programs ========== Files - Modified Within 30 Days ========== [2013/01/25 02:13:49 | 000,000,031 | ---- | M] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat [2013/01/25 02:10:09 | 000,032,152 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys [2013/01/25 02:07:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-371144906-3944880737-2443039130-1002UA.job [2013/01/25 02:01:00 | 000,000,252 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job [2013/01/25 01:56:56 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/01/25 01:56:56 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/01/25 01:51:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/01/25 01:49:12 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/01/25 01:49:02 | 000,000,542 | ---- | M] () -- C:\Windows\tasks\MATLAB R2012a Startup Accelerator.job [2013/01/25 01:48:53 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2013/01/25 01:48:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/01/25 01:48:06 | 453,640,191 | -HS- | M] () -- C:\hiberfil.sys [2013/01/25 01:41:05 | 000,001,052 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013/01/25 01:40:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/01/25 01:13:45 | 000,002,281 | ---- | M] () -- C:\Users\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/01/25 00:36:12 | 000,002,257 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/01/25 00:34:48 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013/01/24 23:29:25 | 000,001,216 | ---- | M] () -- C:\Users\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2013/01/23 05:49:53 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-371144906-3944880737-2443039130-1002Core.job [2013/01/19 23:51:03 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts [2013/01/19 14:06:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe [2013/01/14 02:35:23 | 000,380,010 | ---- | M] () -- C:\MGlogs.zip [2013/01/14 01:06:17 | 000,001,266 | ---- | M] () -- C:\Users\Sam\Desktop\Revo Uninstaller.lnk [2013/01/14 01:01:38 | 000,859,272 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013/01/14 01:01:38 | 000,719,824 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/01/14 01:01:38 | 000,147,058 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/01/14 01:01:32 | 000,859,272 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/01/13 23:49:49 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130114-005115.backup [2013/01/12 17:54:21 | 000,048,301 | ---- | M] () -- C:\Users\Sam\Desktop\bookmarks_12_01_2013.html [2013/01/12 16:16:56 | 000,001,284 | ---- | M] () -- C:\Users\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2013/01/12 16:09:01 | 000,001,092 | ---- | M] () -- C:\Users\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities.lnk [2013/01/12 15:24:36 | 000,001,037 | ---- | M] () -- C:\Users\Sam\Desktop\NoteTab Light.lnk [2013/01/12 14:56:34 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk [2013/01/12 14:44:19 | 000,001,033 | ---- | M] () -- C:\Users\Sam\Desktop\WinDirStat.lnk [2013/01/09 03:30:36 | 005,501,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013/01/25 02:10:09 | 000,032,152 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys [2013/01/25 00:36:12 | 000,002,281 | ---- | C] () -- C:\Users\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/01/25 00:36:12 | 000,002,257 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/01/25 00:35:18 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/01/25 00:35:17 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/01/25 00:34:48 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013/01/25 00:34:46 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013/01/14 02:30:43 | 000,380,010 | ---- | C] () -- C:\MGlogs.zip [2013/01/14 01:06:17 | 000,001,266 | ---- | C] () -- C:\Users\Sam\Desktop\Revo Uninstaller.lnk [2013/01/13 23:35:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/01/13 23:35:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/01/13 23:35:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/01/13 23:35:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/01/13 23:35:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/01/12 17:54:21 | 000,048,301 | ---- | C] () -- C:\Users\Sam\Desktop\bookmarks_12_01_2013.html [2013/01/12 16:16:56 | 000,001,284 | ---- | C] () -- C:\Users\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2013/01/12 15:24:36 | 000,001,037 | ---- | C] () -- C:\Users\Sam\Desktop\NoteTab Light.lnk [2013/01/12 14:56:34 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk [2013/01/12 14:56:34 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk [2013/01/12 14:54:48 | 000,000,031 | ---- | C] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat [2013/01/12 14:44:19 | 000,001,033 | ---- | C] () -- C:\Users\Sam\Desktop\WinDirStat.lnk [2012/11/21 20:00:52 | 000,003,500 | ---- | C] () -- C:\Users\Sam\AppData\Local\recently-used.xbel [2012/09/22 01:49:06 | 003,360,624 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012/04/26 19:25:04 | 000,007,645 | ---- | C] () -- C:\Users\Sam\AppData\Local\Resmon.ResmonCfg [2012/02/27 16:55:47 | 000,000,050 | ---- | C] () -- C:\Users\Sam\ewin30.tcl [2012/02/27 16:55:47 | 000,000,031 | ---- | C] () -- C:\Users\Sam\eoffice30.tcl [2011/12/19 23:33:43 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2011/10/10 16:55:39 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011/10/10 16:55:23 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011/10/10 15:17:35 | 002,212,096 | ---- | C] () -- C:\Windows\wweb32.dll [2011/10/06 16:40:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_89001461_aa.bin [2011/10/06 16:40:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_49001461_aa.bin [2011/10/06 16:40:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_33011461_aa.bin [2011/10/06 16:40:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_ca.bin [2011/10/06 16:40:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_ca.bin [2011/10/06 16:40:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_aa.bin [2011/10/06 16:40:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_8a.bin [2011/10/06 16:40:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_ca.bin [2011/10/06 16:40:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_aa.bin [2011/10/06 16:40:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_8a.bin [2011/10/06 16:40:26 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_890F1461_ca.bin [2011/10/06 16:40:26 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_2B0f1461_ca.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_aa.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_8a.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A0F1461_ca.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_ca.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_aa.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_8a.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_14001461_61.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_13011461_aa.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_ca.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_8a.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_aa.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_8a.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_ca.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_aa.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_8a.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A0F1461_ca.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_ca.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_aa.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_8a.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A031461_ca.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A031461_aa.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A011461_ca.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A011461_aa.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_09001461_aa.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_08071461_aa.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_060F1461_ca.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_aa.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_8a.bin [2011/10/06 16:40:25 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_07031461_aa.bin [2011/10/06 16:40:25 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_ca.bin [2011/10/06 16:40:25 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_aa.bin [2011/10/06 16:40:25 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_8a.bin [2011/10/06 16:40:25 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_29001461_ca.bin [2011/10/06 16:40:25 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_0B0f1461_ca.bin [2011/10/06 16:40:25 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_090F1461_ca.bin [2011/10/06 16:40:25 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_180F1461_ca.bin [2011/10/06 16:40:25 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_18071461_aa.bin [2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_aa.bin [2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_8a.bin [2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_aa.bin [2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_8a.bin [2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_ca.bin [2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_8a.bin [2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_aa.bin [2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_8a.bin [2011/10/06 16:40:24 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03131461_8a.bin [2011/10/06 16:40:24 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03031461_aa.bin [2011/10/06 16:40:24 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_ca.bin [2011/10/06 16:40:24 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_aa.bin [2011/10/06 16:40:24 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_8a.bin [2011/10/06 16:40:24 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_aa.bin [2011/10/06 16:40:24 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_8a.bin [2011/10/06 16:40:24 | 000,000,376 | ---- | C] () -- C:\Windows\11317231_03131461_aa.bin [2011/10/06 16:38:25 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011/10/06 16:38:22 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011/10/06 16:38:20 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011/02/10 16:10:51 | 000,859,272 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/02/10 04:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini ========== ZeroAccess Check ========== [2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/01/11 01:50:31 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\AVG2013 [2011/10/10 19:05:40 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Blio [2012/02/08 18:32:33 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Camfrog [2012/03/09 11:17:01 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Cisco [2012/08/23 01:04:45 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2013/01/25 01:50:08 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Dropbox [2012/11/10 21:07:36 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\FileZilla [2011/10/10 11:41:49 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Fingertapps [2011/11/25 17:57:58 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\GFT Global Markets UK [2013/01/12 16:08:59 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\GlarySoft [2013/01/12 16:04:14 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Greenshot [2012/12/01 14:32:06 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\ICAClient [2012/11/27 21:39:46 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\IObit [2013/01/12 15:23:11 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\IrfanView [2012/12/12 20:21:07 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Kalypso Media [2011/11/25 17:41:31 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\MetaQuotes [2013/01/14 02:33:47 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Nitro PDF [2012/08/22 23:58:09 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Notepad++ [2012/12/09 02:33:13 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Origin [2012/03/04 19:19:23 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Pamela [2011/10/10 13:09:15 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\PCDr [2012/08/25 18:09:01 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\PDAppFlex [2012/05/08 22:35:24 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\PrimoPDF [2012/02/11 15:31:26 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Rainmeter [2011/11/14 22:28:24 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Research In Motion [2012/01/21 10:36:45 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\SoftGrid Client [2011/10/17 03:28:57 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Sports Interactive [2013/01/06 23:15:57 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Spotify [2012/09/04 19:50:16 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012/04/27 00:44:25 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Stardock [2012/04/11 16:34:53 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\TeamViewer [2011/10/22 21:42:29 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\The Creative Assembly [2011/10/14 14:22:07 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\TP [2012/10/30 22:44:37 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\TS3Client [2013/01/11 01:29:58 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\TuneUp Software [2012/07/31 19:55:56 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Unity [2012/11/10 21:07:32 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\uTorrent [2012/02/24 15:13:25 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\ZinioReader4 ========== Purity Check ========== < End of report >
  18. I really do appreciate the help, massively! It just seems whenever Firefox is reinstalled it pulls old extensions back... no clue how! Out of interest, if I were to copy across pictures, documents, etc, would this malware attach itself to something? I.e. could I back up the stuff I want onto an external HD and completely reformat? Logs below
  19. Scratch that - as soon as it restarted the "custom search" in Firefox was back (Babylon). This is a nightmare!!
  20. I used Revo uninstaller to unistall Chrome and Firefox. I then reinstalled and it appears fine. Do you need any other reports to confirm Globalsearch is gone for good?
  21. The machine is running fine, but I still get the custom search issue with Firefox. It still makes me very nervous that it is doing this after all the programs we have run in order to remove it.
  22. <p>Here you go:</p> <p> </p> <p> </p> <div>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</div> <div>Junkware Removal Tool (JRT) by Thisisu</div> <div>Version: 4.4.8 (01.21.2013:2)</div> <div>OS: Windows 7 Home Premium x64</div> <div>Ran by Sam on 22/01/2013 at 22:03:01.57</div> <div>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</div> <div> </div> <div> </div> <div> </div> <div> </div> <div>~~~ Services</div> <div> </div> <div> </div> <div> </div> <div>~~~ Registry Values</div> <div> </div> <div> </div> <div> </div> <div>~~~ Registry Keys</div> <div> </div> <div> </div> <div> </div> <div>~~~ Files</div> <div> </div> <div>Successfully deleted: [File] "C:\Windows\couponprinter.ocx"</div> <div> </div> <div> </div> <div> </div> <div>~~~ Folders</div> <div> </div> <div>Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"</div> <div>Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"</div> <div> </div> <div> </div> <div> </div> <div>~~~ FireFox</div> <div> </div> <div>Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"</div> <div>Successfully deleted the following from C:\Users\Sam\AppData\Roaming\mozilla\firefox\profiles\ectamm6u.default\prefs.js</div> <div> </div> <div>user_pref("browser.newtab.url", "http://www.globasearch.com/?serie=21&newtab");</div> <div> </div> <div> </div> <div> </div> <div>~~~ Event Viewer Logs were cleared</div> <div> </div> <div> </div> <div> </div> <div> </div> <div> </div> <div>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</div> <div>Scan was completed on 22/01/2013 at 22:10:24.44</div> <div>End of JRT log</div> <div>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</div> <div> </div>
  23. OTL logfile created on: 19/01/2013 23:56:00 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sam\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 5.90 Gb Total Physical Memory | 3.56 Gb Available Physical Memory | 60.31% Memory free 11.79 Gb Paging File | 9.15 Gb Available in Paging File | 77.59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 446.13 Gb Total Space | 37.71 Gb Free Space | 8.45% Space Free | Partition Type: NTFS Drive D: | 465.76 Gb Total Space | 296.38 Gb Free Space | 63.63% Space Free | Partition Type: NTFS Computer Name: SAM-LAPPY | User Name: Sam | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Sam\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Sam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) PRC - D:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe (IObit) PRC - C:\Users\Sam\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) PRC - D:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe (IObit) PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe () PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell) PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS) PRC - C:\Prey\platform\windows\cronsvc.exe (Fork Ltd.) PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe () PRC - C:\Program Files (x86)\WordWeb\wweb32.exe (WordWeb Software) PRC - C:\Program Files (x86)\Everything\Everything.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c9298c7ab70c4db2848fc747b7ea5c3\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Evernote\Evernote\libxml2.dll () MOD - C:\Program Files (x86)\Evernote\Evernote\libtidy.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll () MOD - C:\Windows\wweb32.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe () MOD - C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll () MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () MOD - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe () MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll () MOD - C:\Program Files (x86)\Everything\Everything.exe () ========== Services (SafeList) ========== SRV:64bit: - (NitroReaderDriverReadSpool2) -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (Nitro PDF Software) SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation) SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe () SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation) SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel® Corporation) SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation) SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel® Corporation) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdvancedSystemCareService6) -- D:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe (IObit) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (Te.Service) -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe (Microsoft Corporation) SRV - (fussvc) -- C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.) SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (Sony SCSI Helper Service) -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation) SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS) SRV - (CronService) -- C:\Prey\platform\windows\cronsvc.exe (Fork Ltd.) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions) SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions) SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (WinVNC4) -- C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.) ========== Driver Services (SafeList) ========== DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (nvkflt) -- C:\Windows\SysNative\drivers\nvkflt.sys (NVIDIA Corporation) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation) DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation) DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows ® Win 7 DDK provider) DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows ® Win 7 DDK provider) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (RsFx0105) -- C:\Windows\SysNative\drivers\RsFx0105.sys (Microsoft Corporation) DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation) DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.) DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation) DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation) DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (NvStUSB) -- C:\Windows\SysNative\drivers\nvstusb.sys () DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Accelern.sys (ST Microelectronics) DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel® Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (stdcfltn) -- C:\Windows\SysNative\drivers\stdcfltn.sys (ST Microelectronics) DRV:64bit: - (qicflt) -- C:\Windows\SysNative\drivers\qicflt.sys (Quanta Computer) DRV:64bit: - (AVer7231_x64) -- C:\Windows\SysNative\drivers\AVer7231_x64.sys (AVerMedia TECHNOLOGIES, Inc.) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (VSPerfDrv110) -- D:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-371144906-3944880737-2443039130-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKU\S-1-5-21-371144906-3944880737-2443039130-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp IE - HKU\S-1-5-21-371144906-3944880737-2443039130-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB IE - HKU\S-1-5-21-371144906-3944880737-2443039130-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = IE - HKU\S-1-5-21-371144906-3944880737-2443039130-1002\..\SearchScopes,DefaultScope = {4F5CDA54-9914-4166-A3E1-AD46355AAE49} IE - HKU\S-1-5-21-371144906-3944880737-2443039130-1002\..\SearchScopes\{4F5CDA54-9914-4166-A3E1-AD46355AAE49}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}'>http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKU\S-1-5-21-371144906-3944880737-2443039130-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.co.uk" FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( ) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Sam\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Sam\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Sam\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sam\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sam\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Sam\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/13 22:51:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\wcapturex@deskperience.com: C:\Program Files (x86)\WordWeb\WCaptureMoz [2011/10/10 15:17:35 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/13 22:51:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/03/09 10:28:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sam\AppData\Roaming\Mozilla\Extensions [2011/12/17 01:20:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\extensions [2012/11/26 22:29:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\ectamm6u.default\extensions [2013/01/16 00:36:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\sge3aesf.default-1358118621276\extensions [2012/07/31 18:14:26 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\ectamm6u.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2013/01/13 23:17:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/10/10 09:30:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013/01/13 22:51:32 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013/01/13 22:51:31 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml [2013/01/19 23:53:22 | 000,000,626 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2013/01/13 22:51:31 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013/01/13 22:51:31 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml [2013/01/13 22:51:31 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml [2013/01/19 23:53:22 | 000,000,579 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\image.xml [2013/01/13 22:51:31 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml [2013/01/13 22:51:31 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = http://www.google.com/search?q={searchTerms} CHR - default_search_provider: suggest_url = CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Sam\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Sam\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: Citrix ICA Client (Enabled) = C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java Platform SE 7 U11 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll CHR - plugin: Reader Application Detector (Enabled) = C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Sam\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll CHR - plugin: Java Deployment Toolkit 7.0.110.21 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: VLC Web Plugin (Enabled) = D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll O1 HOSTS File: ([2013/01/19 23:51:03 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - D:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [bTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [intelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation) O4:64bit: - HKLM..\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [Everything] C:\Program Files (x86)\Everything\Everything.exe () O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation) O4 - HKU\.DEFAULT..\Run: [Advanced SystemCare 6] D:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit) O4 - HKU\S-1-5-18..\Run: [Advanced SystemCare 6] D:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit) O4 - HKU\S-1-5-21-371144906-3944880737-2443039130-1002..\Run: [spotify Web Helper] C:\Users\Sam\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKU\S-1-5-21-371144906-3944880737-2443039130-1002..\Run: [WordWeb] C:\Program Files (x86)\WordWeb\wweb32.exe (WordWeb Software) O4 - Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Sam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O4 - Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-371144906-3944880737-2443039130-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-371144906-3944880737-2443039130-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {E34F52FE-7769-46CE-8F8B-5E8ABAD2E9FC} https://webmail-eu.towerswatson.com/CACHE/sdesktop/install/binaries/instweb.cab (CSD ActiveX Installer) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4CB81583-68DC-40B1-ABA5-FD3EA5118C3B}: DhcpNameServer = 192.168.1.254 192.168.1.254 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found O18:64bit: - Protocol\Filter\ica - No CLSID value found O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - D:\Stardock\Fences\FencesMenu64.dll (Stardock) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/01/19 23:50:33 | 000,000,000 | ---D | C] -- C:\_OTL [2013/01/19 14:26:28 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\New folder [2013/01/19 14:06:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe [2013/01/17 02:45:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/01/17 02:40:37 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/01/14 02:38:05 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\MGlogs [2013/01/14 02:30:41 | 000,000,000 | ---D | C] -- C:\MGtools [2013/01/14 01:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2013/01/14 01:06:17 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [2013/01/14 01:06:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group [2013/01/14 00:58:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0 [2013/01/13 23:35:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/01/13 23:35:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/01/13 23:35:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/01/13 23:35:48 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/01/13 23:35:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/01/13 23:23:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013/01/13 22:57:24 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\RK_Quarantine [2013/01/13 22:42:00 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\Fixing [2013/01/13 22:16:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013/01/13 22:15:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013/01/12 16:16:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2013/01/12 16:16:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013/01/12 16:16:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2013/01/12 16:07:31 | 000,000,000 | ---D | C] -- C:\Users\Sam\Documents\CC Reg Backups [2013/01/12 16:04:01 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Greenshot [2013/01/12 16:03:52 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\Greenshot [2013/01/12 15:24:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NoteTab Light [2013/01/12 15:24:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NoteTab Light [2013/01/12 15:23:12 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView [2013/01/12 15:23:11 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\IrfanView [2013/01/12 15:23:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView [2013/01/12 14:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenshot [2013/01/12 14:57:15 | 000,000,000 | ---D | C] -- C:\Program Files\Greenshot [2013/01/12 14:56:19 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET [2013/01/12 14:56:07 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\Paint.NET [2013/01/12 14:54:03 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prey [2013/01/12 14:54:02 | 000,000,000 | ---D | C] -- C:\Prey [2013/01/12 14:48:15 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything [2013/01/12 14:48:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Everything [2013/01/12 14:44:18 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat [2013/01/12 14:44:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat [2013/01/12 14:44:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinDirStat [2013/01/11 01:50:31 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\AVG2013 [2013/01/11 01:29:58 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\TuneUp Software [2013/01/11 01:29:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2013/01/11 01:29:10 | 000,000,000 | ---D | C] -- C:\$AVG [2013/01/11 01:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013 [2013/01/11 01:28:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2013/01/11 01:25:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2013/01/11 01:25:20 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\MFAData [2013/01/11 01:25:20 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2013/01/11 01:25:20 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\Avg2013 [2013/01/05 18:55:36 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\ElevatedDiagnostics [2012/12/28 11:52:37 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\Programs [2012/12/23 12:25:43 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\Tidy up ========== Files - Modified Within 30 Days ========== [2013/01/19 23:53:45 | 000,000,031 | ---- | M] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat [2013/01/19 23:53:21 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/01/19 23:53:19 | 000,000,542 | ---- | M] () -- C:\Windows\tasks\MATLAB R2012a Startup Accelerator.job [2013/01/19 23:53:07 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2013/01/19 23:52:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/01/19 23:52:34 | 453,640,191 | -HS- | M] () -- C:\hiberfil.sys [2013/01/19 23:51:03 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts [2013/01/19 23:51:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/01/19 23:40:48 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-371144906-3944880737-2443039130-1002UA.job [2013/01/19 23:40:48 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/01/19 23:40:43 | 000,000,252 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job [2013/01/19 14:06:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe [2013/01/17 05:38:15 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-371144906-3944880737-2443039130-1002Core.job [2013/01/17 05:30:36 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/01/17 05:30:36 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/01/16 23:03:13 | 000,001,222 | ---- | M] () -- C:\Users\Sam\Desktop\ComboFix - Shortcut.lnk [2013/01/16 01:12:18 | 000,000,512 | ---- | M] () -- C:\Users\Sam\Desktop\MBR.dat [2013/01/14 02:35:23 | 000,380,010 | ---- | M] () -- C:\Users\Sam\Desktop\MGlogs.zip [2013/01/14 02:35:23 | 000,380,010 | ---- | M] () -- C:\MGlogs.zip [2013/01/14 01:06:17 | 000,001,266 | ---- | M] () -- C:\Users\Sam\Desktop\Revo Uninstaller.lnk [2013/01/14 01:01:38 | 000,859,272 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013/01/14 01:01:38 | 000,719,824 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/01/14 01:01:38 | 000,147,058 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/01/14 01:01:32 | 000,859,272 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/01/14 00:16:32 | 000,002,281 | ---- | M] () -- C:\Users\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/01/13 23:49:49 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130114-005115.backup [2013/01/13 22:16:21 | 000,002,257 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/01/12 17:54:21 | 000,048,301 | ---- | M] () -- C:\Users\Sam\Desktop\bookmarks_12_01_2013.html [2013/01/12 16:16:56 | 000,001,284 | ---- | M] () -- C:\Users\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2013/01/12 16:09:01 | 000,001,092 | ---- | M] () -- C:\Users\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities.lnk [2013/01/12 15:24:36 | 000,001,037 | ---- | M] () -- C:\Users\Sam\Desktop\NoteTab Light.lnk [2013/01/12 14:56:34 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk [2013/01/12 14:44:19 | 000,001,033 | ---- | M] () -- C:\Users\Sam\Desktop\WinDirStat.lnk [2013/01/09 03:30:36 | 005,501,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/01/07 00:00:12 | 000,001,052 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ========== Files Created - No Company Name ========== [2013/01/16 23:03:13 | 000,001,222 | ---- | C] () -- C:\Users\Sam\Desktop\ComboFix - Shortcut.lnk [2013/01/16 01:12:18 | 000,000,512 | ---- | C] () -- C:\Users\Sam\Desktop\MBR.dat [2013/01/14 02:35:23 | 000,380,010 | ---- | C] () -- C:\Users\Sam\Desktop\MGlogs.zip [2013/01/14 02:30:43 | 000,380,010 | ---- | C] () -- C:\MGlogs.zip [2013/01/14 01:06:17 | 000,001,266 | ---- | C] () -- C:\Users\Sam\Desktop\Revo Uninstaller.lnk [2013/01/13 23:35:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/01/13 23:35:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/01/13 23:35:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/01/13 23:35:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/01/13 23:35:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/01/13 22:16:21 | 000,002,281 | ---- | C] () -- C:\Users\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/01/13 22:16:21 | 000,002,257 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/01/13 22:15:32 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/01/13 22:15:30 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/01/12 17:54:21 | 000,048,301 | ---- | C] () -- C:\Users\Sam\Desktop\bookmarks_12_01_2013.html [2013/01/12 16:16:56 | 000,001,284 | ---- | C] () -- C:\Users\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2013/01/12 15:24:36 | 000,001,037 | ---- | C] () -- C:\Users\Sam\Desktop\NoteTab Light.lnk [2013/01/12 14:56:34 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk [2013/01/12 14:56:34 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk [2013/01/12 14:54:48 | 000,000,031 | ---- | C] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat [2013/01/12 14:44:19 | 000,001,033 | ---- | C] () -- C:\Users\Sam\Desktop\WinDirStat.lnk [2012/11/21 20:00:52 | 000,003,500 | ---- | C] () -- C:\Users\Sam\AppData\Local\recently-used.xbel [2012/09/22 01:49:06 | 003,360,624 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012/04/26 19:25:04 | 000,007,645 | ---- | C] () -- C:\Users\Sam\AppData\Local\Resmon.ResmonCfg [2012/02/27 16:55:47 | 000,000,050 | ---- | C] () -- C:\Users\Sam\ewin30.tcl [2012/02/27 16:55:47 | 000,000,031 | ---- | C] () -- C:\Users\Sam\eoffice30.tcl [2011/12/19 23:33:43 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2011/10/10 16:55:39 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011/10/10 16:55:23 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011/10/10 15:17:35 | 002,212,096 | ---- | C] () -- C:\Windows\wweb32.dll [2011/10/06 16:40:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_89001461_aa.bin [2011/10/06 16:40:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_49001461_aa.bin [2011/10/06 16:40:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_33011461_aa.bin [2011/10/06 16:40:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_ca.bin [2011/10/06 16:40:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_ca.bin [2011/10/06 16:40:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_aa.bin [2011/10/06 16:40:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_8a.bin [2011/10/06 16:40:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_ca.bin [2011/10/06 16:40:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_aa.bin [2011/10/06 16:40:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_8a.bin [2011/10/06 16:40:26 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_890F1461_ca.bin [2011/10/06 16:40:26 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_2B0f1461_ca.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_aa.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_8a.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A0F1461_ca.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_ca.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_aa.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_8a.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_14001461_61.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_13011461_aa.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_ca.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_8a.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_aa.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_8a.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_ca.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_aa.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_8a.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A0F1461_ca.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_ca.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_aa.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_8a.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A031461_ca.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A031461_aa.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A011461_ca.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A011461_aa.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_09001461_aa.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_08071461_aa.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_060F1461_ca.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_aa.bin [2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_8a.bin [2011/10/06 16:40:25 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_07031461_aa.bin [2011/10/06 16:40:25 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_ca.bin [2011/10/06 16:40:25 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_aa.bin [2011/10/06 16:40:25 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_8a.bin [2011/10/06 16:40:25 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_29001461_ca.bin [2011/10/06 16:40:25 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_0B0f1461_ca.bin [2011/10/06 16:40:25 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_090F1461_ca.bin [2011/10/06 16:40:25 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_180F1461_ca.bin [2011/10/06 16:40:25 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_18071461_aa.bin [2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_aa.bin [2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_8a.bin [2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_aa.bin [2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_8a.bin [2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_ca.bin [2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_8a.bin [2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_aa.bin [2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_8a.bin [2011/10/06 16:40:24 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03131461_8a.bin [2011/10/06 16:40:24 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03031461_aa.bin [2011/10/06 16:40:24 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_ca.bin [2011/10/06 16:40:24 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_aa.bin [2011/10/06 16:40:24 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_8a.bin [2011/10/06 16:40:24 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_aa.bin [2011/10/06 16:40:24 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_8a.bin [2011/10/06 16:40:24 | 000,000,376 | ---- | C] () -- C:\Windows\11317231_03131461_aa.bin [2011/10/06 16:38:25 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011/10/06 16:38:22 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011/10/06 16:38:20 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011/02/10 16:10:51 | 000,859,272 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/02/10 04:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini ========== ZeroAccess Check ========== [2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/01/11 01:50:31 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\AVG2013 [2011/10/10 19:05:40 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Blio [2012/02/08 18:32:33 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Camfrog [2012/03/09 11:17:01 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Cisco [2012/08/23 01:04:45 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2013/01/19 23:55:07 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Dropbox [2012/11/10 21:07:36 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\FileZilla [2011/10/10 11:41:49 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Fingertapps [2011/11/25 17:57:58 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\GFT Global Markets UK [2013/01/12 16:08:59 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\GlarySoft [2013/01/12 16:04:14 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Greenshot [2012/12/01 14:32:06 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\ICAClient [2012/11/27 21:39:46 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\IObit [2013/01/12 15:23:11 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\IrfanView [2012/12/12 20:21:07 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Kalypso Media [2011/11/25 17:41:31 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\MetaQuotes [2013/01/14 02:33:47 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Nitro PDF [2012/08/22 23:58:09 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Notepad++ [2012/12/09 02:33:13 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Origin [2012/03/04 19:19:23 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Pamela [2011/10/10 13:09:15 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\PCDr [2012/08/25 18:09:01 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\PDAppFlex [2012/05/08 22:35:24 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\PrimoPDF [2012/02/11 15:31:26 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Rainmeter [2011/11/14 22:28:24 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Research In Motion [2012/01/21 10:36:45 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\SoftGrid Client [2011/10/17 03:28:57 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Sports Interactive [2013/01/06 23:15:57 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Spotify [2012/09/04 19:50:16 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012/04/27 00:44:25 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Stardock [2012/04/11 16:34:53 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\TeamViewer [2011/10/22 21:42:29 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\The Creative Assembly [2011/10/14 14:22:07 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\TP [2012/10/30 22:44:37 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\TS3Client [2013/01/11 01:29:58 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\TuneUp Software [2012/07/31 19:55:56 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Unity [2012/11/10 21:07:32 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\uTorrent [2012/02/24 15:13:25 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\ZinioReader4 ========== Purity Check ========== < End of report >
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.