adams2k5

Msconfig didn't work I'm afraid. However, I ran the AVPT tool again, as I was browsing some other forums so thought id give it a shot. It seems to have removed the problem completely as the window is no longer launching when explorer starts. Thanks for the help though

I ran Starter but no luck there, fsquirt still pops up whenever explorer starts. I have also run Farbar. Here are the logs: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-04-2013 02 Ran by Ben (administrator) on 22-04-2013 20:22:24 Running from C:\Users\Ben\Desktop Windows 7 Ultimate Service Pack 1 (X86) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (NVIDIA Corporation) [1000] C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) [1024] C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) [1160] C:\Program Files\Microsoft Security Client\MsMpEng.exe (NVIDIA Corporation) [1644] C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) [1676] C:\Windows\system32\nvvsvc.exe (AVAST Software) [1976] C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Apple Inc.) [2232] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Realtek) [2300] C:\Program Files\ASUS\PCE-N15 WLAN Card Utilities\RtlService.exe (LogMeIn Inc.) [2356] C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (Microsoft Corporation) [2468] c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe () [2724] C:\Windows\system32\PnkBstrA.exe (Microsoft Corporation) [2856] c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corp.) [2988] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (O&O Software GmbH) [3132] C:\Program Files\OO Software\CleverCache\ooccag.exe (Microsoft Corp.) [3252] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) [1900] C:\Program Files\Microsoft Security Client\NisSrv.exe (Intel Corporation) [1012] C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe (Realtek Semiconductor) [560] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (http://tortoisesvn.net) [1348] C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (Splashtop Inc.) [2780] C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Intel Corporation) [1452] C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Microsoft Corporation) [3032] C:\Program Files\Microsoft Security Client\msseces.exe (AVAST Software) [756] C:\Program Files\AVAST Software\Avast\AvastUI.exe (LogMeIn Inc.) [1512] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (O&O Software GmbH) [2968] C:\Program Files\OO Software\CleverCache\ooccctrl.exe (Apple Inc.) [3616] C:\Program Files\iTunes\iTunesHelper.exe (Sun Microsystems, Inc.) [1076] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) [3964] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) [4092] C:\Windows\system32\wbem\unsecapp.exe (NVIDIA Corporation) [1988] C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Realtime Soft Ltd) [2760] C:\Program Files\UltraMon\UltraMon.exe (Dropbox, Inc.) [3700] C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe (Realtime Soft Ltd) [4120] C:\Program Files\UltraMon\UltraMonTaskbar.exe (ASUSTeK Computer Inc.) [4212] C:\Program Files\ASUS\PCE-N15 WLAN Card Utilities\RtWlan.exe (AddGadgets) [4536] C:\Users\Ben\Downloads\PCMeter\PCMeter\PCMeterV0.3.exe (Realtime Soft Ltd) [5256] C:\Program Files\UltraMon\UltraMonUiAcc.exe (Apple Inc.) [5336] C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) [4752] C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems, Inc.) [5788] C:\Users\Ben\Desktop\flashplayer_11_sa_32bit.exe (Microsoft Corporation) [5080] C:\Program Files\Internet Explorer\iexplore.exe (Farbar) [6880] C:\Users\Ben\Desktop\FRST.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.) HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [10959464 2012-01-16] (Realtek Semiconductor) HKLM\...\Run: [iMSS] "C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [133400 2011-12-16] (Intel Corporation) HKLM\...\Run: [uSB3MON] "C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-01-27] (Intel Corporation) HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947152 2013-01-27] (Microsoft Corporation) HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4282728 2012-08-21] (AVAST Software) HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.) HKLM\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2254768 2012-12-10] (LogMeIn Inc.) HKLM\...\Run: [OOCCCTRL.EXE] "C:\Program Files\OO Software\CleverCache\ooccctrl.exe" /tasktray [2901320 2010-12-08] (O&O Software GmbH) HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.) HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM\...\Winlogon: [system] HKCU\...\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1174016 2010-11-20] (Microsoft Corporation) HKU\UpdatusUser\...\Run: [Google Update] "C:\Users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe" /c [x] Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) BootExecute: PDBoot.exeautocheck autochk * ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKCU - {CF285E56-5626-419b-8BB2-B620F6B551BB} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) PDF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab PDF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab PDF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab PDF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab PDF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab PDF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab PDF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab PDF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab PDF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab PDF: {D27CDB6E-AE6D-11CF-96B8-444553560000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab PDF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab PDF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [4222864 2010-01-21] (Microsoft Corporation) Winsock: Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.) Winsock: Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.) Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\cuoebtwm.default FF SearchEngine: Google FF Homepage: hxxp://www.google.com FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @comrade.gamespy.com/comrade - C:\Program Files\GameSpy\Comrade\npcomrade.dll (IGN Entertainment) FF Plugin: @esn.me/esnsonar,version=0.70.0 - C:\Program Files\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Extension: No Name - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\cuoebtwm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi Chrome: ======= CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (BYOND stub plugin for Mozilla) - C:\Program Files\Mozilla Firefox\plugins\npbyond.dll (BYOND) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Winamp Application Detector) - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Comrade Plugin) - C:\Program Files\GameSpy\Comrade\npcomrade.dll (IGN Entertainment) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Java Platform SE 7 U17) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (Uplay PC) - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Unity Player) - C:\Users\Ben\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) CHR Extension: (Google Docs) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Skype Click to Call) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0 CHR Extension: (Gmail) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 ========================== Services (Whitelisted) ================= S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () S4 ASGT; C:\Windows\System32\ASGT.exe [55296 2012-01-17] () R2 AsusSE; C:\Program Files\ASUS\PCE-N15 WLAN Card Utilities\RtlService.exe [36864 2011-06-23] (Realtek) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-08-21] (AVAST Software) S3 BEService; C:\Program Files\Common Files\BattlEye\BEService.exe [49152 2013-02-16] () S3 Desura Install Service; C:\Program Files\Common Files\Desura\desura_service.exe [131912 2012-01-30] (Desura Pty Ltd) R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1435568 2012-12-10] (LogMeIn Inc.) S3 ICCS; C:\Program Files\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) S4 LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [105248 2007-02-06] (Logitech Inc.) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation) R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [43028328 2011-09-22] (Microsoft Corporation) S4 MSSQLServerADHelper100; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [47128 2008-07-11] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation) S4 npggsvc; C:\Windows\system32\GameMon.des [4005936 2011-06-06] (INCA Internet Co., Ltd.) R2 OOCleverCache; C:\Program Files\OO Software\CleverCache\ooccag.exe [705864 2010-12-08] (O&O Software GmbH) S4 PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [1244936 2011-09-07] (Raxco Software, Inc.) S4 PDEngine; C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe [2117384 2011-09-07] (Raxco Software, Inc.) R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2013-01-30] () S4 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-08-13] (Skype Technologies S.A.) S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [370024 2011-09-22] (Microsoft Corporation) S4 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [539248 2011-03-25] (VMware, Inc.) S4 SCBackService; C:\Program Files\Splashtop\Splashtop Connect\BackService.exe [x] S4 SSUService; C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe [x] S2 SupportSoft RemoteAssist; C:\Program Files\Common Files\supportsoft\bin\ssrc.exe [x] ==================== Drivers (Whitelisted) ==================== R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [19056 2011-11-02] () R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [21256 2012-08-21] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [58680 2012-08-21] (AVAST Software) R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [729752 2012-08-21] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [355632 2012-08-21] (AVAST Software) S3 bDMusicb; C:\Users\Ben\AppData\Local\Temp\bDMusicb.sys [29696 2013-11-24] () R3 CamDrL; C:\Windows\System32\DRIVERS\Camdrl.sys [1075360 2007-02-03] (Logitech Inc.) R2 cpuz135; C:\Windows\system32\drivers\cpuz135_x32.sys [21992 2011-09-21] (CPUID) R2 DefragFS; C:\Windows\System32\Drivers\DefragFS.sys [138768 2011-08-04] (Raxco Software, Inc.) S3 gdrv; C:\Windows\gdrv.sys [17488 2012-10-11] (Windows ® 2000 DDK provider) R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [32368 2011-03-25] (VMware, Inc.) S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [85760 2011-03-24] (Huawei Technologies Co., Ltd.) S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [26496 2011-03-24] (Huawei Technologies Co., Ltd.) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [168448 2011-03-24] (Huawei Technologies Co., Ltd.) S3 IOMap; C:\Windows\system32\drivers\IOMap.sys [33280 2010-03-05] (ASUSTeK Computer Inc.) R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [13592 2012-01-27] (Intel Corporation) R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [348440 2012-01-27] (Intel Corporation) R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [791832 2012-01-27] (Intel Corporation) S3 LVcKap; C:\Windows\System32\DRIVERS\LVcKap.sys [1691808 2007-02-06] () R3 LVMVDrv; C:\Windows\System32\DRIVERS\LVMVDrv.sys [1964064 2007-02-06] (Logitech Inc.) S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25632 2007-02-06] () R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41504 2007-02-03] (Logitech Inc.) R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-17] (Intel Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation) R1 MpKsl2e885be7; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FFF0A0A4-0D63-45C6-B8B6-347A90CA1065}\MpKsl2e885be7.sys [29904 2013-04-22] (Microsoft Corporation) R2 PDFSFilter; C:\Windows\System32\DRIVERS\PDFsFilter.sys [66832 2011-09-07] (Raxco Software, Inc.) S3 pgfilter; C:\Program Files\PeerGuardian2\pgfilter.sys [8192 2007-06-02] () S4 RsFx0105; C:\Windows\System32\DRIVERS\RsFx0105.sys [238696 2011-09-22] (Microsoft Corporation) R3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtl8192Ce.sys [1037416 2011-06-29] (Realtek Semiconductor Corporation ) R2 SBKUPNT; C:\Windows\system32\Drivers\SBKUPNT.SYS [14976 2001-07-13] () R2 UltraMonUtility; C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [17184 2008-11-14] (Realtime Soft Ltd) S3 vmusb; C:\Windows\System32\Drivers\vmusb.sys [31280 2010-11-11] (VMware, Inc.) R2 vstor2-ws60; C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys [22448 2010-08-19] (VMware, Inc.) R3 xusb21; C:\Windows\System32\DRIVERS\xusb21.sys [66152 2009-08-21] (Microsoft Corporation) S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] () R3 WinRing0_1_2_0; \??\C:\Users\Ben\AppData\Local\Temp\tmp16DB.tmp [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-04-22 20:20 - 2013-04-22 20:20 - 00000000 ____D C:\Program Files\CodeStuff 2013-04-22 20:19 - 2013-04-22 20:19 - 01147723 ____A (Farbar) C:\Users\Ben\Desktop\FRST.exe 2013-04-20 01:38 - 2013-04-20 02:17 - 00000000 ____D C:\Users\Ben\Documents\TmForever 2013-04-20 01:32 - 2013-04-20 01:33 - 00000000 ____D C:\Program Files\TmNationsForever 2013-04-19 22:28 - 2013-04-19 22:28 - 00000000 ___HD C:\Windows\PIF 2013-04-18 01:02 - 2013-04-18 01:02 - 00000000 ____D C:\Users\Ben\AppData\Roaming\NCH Software 2013-04-18 01:02 - 2013-04-18 01:02 - 00000000 ____D C:\Program Files\NCH Software 2013-04-16 18:02 - 2013-04-16 18:04 - 00000000 ____D C:\Program Files\SpywareBlaster 2013-04-16 18:02 - 2009-03-24 12:52 - 00129872 ____A (Microsoft Corporation) C:\Windows\System32\MSSTDFMT.DLL 2013-04-15 02:12 - 2013-04-15 02:12 - 00000065 ____A C:\Users\Ben\Desktop\corruption of champions.txt 2013-04-14 18:14 - 2013-04-14 18:14 - 00000000 ____D C:\Users\Ben\AppData\Local\SWTORPerf 2013-04-14 18:08 - 2013-04-14 18:08 - 00000000 ____D C:\Program Files\Electronic Arts 2013-04-14 14:26 - 2013-04-14 14:29 - 261846936 ____A (GOG.com ) C:\Users\Ben\Downloads\setup_magic_carpet2_2.1.0.7.exe 2013-04-10 22:26 - 2012-08-23 15:48 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll 2013-04-10 22:26 - 2012-08-23 15:44 - 00014848 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys 2013-04-10 22:26 - 2012-08-23 15:40 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys 2013-04-10 22:26 - 2012-08-23 15:10 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll 2013-04-10 22:26 - 2012-08-23 15:10 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe 2013-04-10 22:26 - 2012-08-23 14:52 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll 2013-04-10 22:26 - 2012-08-23 14:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll 2013-04-10 22:26 - 2012-08-23 14:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll 2013-04-10 22:26 - 2012-08-23 14:32 - 00032768 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll 2013-04-10 22:26 - 2012-08-23 14:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll 2013-04-10 22:26 - 2012-08-23 12:40 - 00056320 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe 2013-04-10 22:26 - 2012-08-23 12:32 - 00317440 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe 2013-04-10 22:26 - 2012-08-23 12:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll 2013-04-10 22:26 - 2012-08-23 12:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll 2013-04-10 22:26 - 2012-08-23 11:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe 2013-04-10 22:26 - 2012-08-23 11:08 - 02739712 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll 2013-04-10 22:25 - 2012-08-23 09:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll 2013-04-10 22:24 - 2013-02-21 11:30 - 01766912 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-04-10 22:24 - 2013-02-21 11:30 - 01129984 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-04-10 22:24 - 2013-02-21 11:30 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-04-10 22:24 - 2013-02-21 11:29 - 14323200 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-04-10 22:24 - 2013-02-21 11:29 - 13761024 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-04-10 22:24 - 2013-02-21 11:29 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-04-10 22:24 - 2013-02-21 11:29 - 02046464 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-04-10 22:24 - 2013-02-21 11:29 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-04-10 22:24 - 2013-02-21 11:29 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-04-10 22:24 - 2013-02-21 11:29 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-04-10 22:24 - 2013-02-21 11:29 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-04-10 22:24 - 2013-02-21 11:29 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-04-10 22:24 - 2013-02-21 11:29 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-04-10 22:24 - 2013-02-21 11:29 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-04-10 22:24 - 2013-02-19 13:01 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-04-10 22:24 - 2013-02-19 12:10 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-04-10 21:30 - 2013-03-19 06:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe 2013-04-10 21:30 - 2013-03-19 06:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-04-10 21:30 - 2013-03-19 05:48 - 00038912 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll 2013-04-10 21:30 - 2013-03-19 03:49 - 00069632 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe 2013-04-10 21:30 - 2013-03-01 04:09 - 02347008 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-04-10 21:30 - 2013-01-24 05:47 - 00196328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys 2013-04-10 21:29 - 2013-03-02 06:07 - 01212264 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2013-04-10 01:41 - 2013-04-22 01:02 - 00000025 ____A C:\Users\Ben\AppData\Roaming\Network Meter_Usage.ini 2013-04-09 15:00 - 2013-04-22 20:18 - 00005462 ____A C:\Users\Ben\Network_Meter_Data.js 2013-04-08 20:17 - 2013-04-08 20:17 - 00000000 ____D C:\Windows\ERUNT 2013-04-08 20:17 - 2013-04-08 20:17 - 00000000 ____D C:\JRT 2013-04-03 20:01 - 2013-04-03 20:01 - 00000000 ____D C:\Users\Ben\Doctor Web 2013-03-30 15:56 - 2012-08-24 18:05 - 00136560 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2013-03-30 15:56 - 2012-08-24 18:02 - 00369856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2013-03-30 15:56 - 2012-08-24 17:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2013-03-30 15:56 - 2012-08-24 17:56 - 01039360 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll 2013-03-30 14:25 - 2013-03-30 15:11 - 00000000 ____D C:\ComboFix 2013-03-29 17:06 - 2013-04-14 18:09 - 00013644 ____A C:\Users\Ben\Documents\Install STAR WARS The Old Republic.log 2013-03-29 17:06 - 2013-03-29 17:06 - 00000000 ____D C:\users\hedev 2013-03-28 09:20 - 2013-03-28 09:20 - 00000000 ____D C:\FRST 2013-03-28 03:06 - 2011-06-26 07:45 - 00256000 ____A C:\Windows\PEV.exe 2013-03-28 03:06 - 2010-11-07 18:20 - 00208896 ____A C:\Windows\MBR.exe 2013-03-28 03:06 - 2009-04-20 05:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2013-03-28 03:06 - 2000-08-31 01:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2013-03-28 03:06 - 2000-08-31 01:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2013-03-28 03:06 - 2000-08-31 01:00 - 00098816 ____A C:\Windows\sed.exe 2013-03-28 03:06 - 2000-08-31 01:00 - 00080412 ____A C:\Windows\grep.exe 2013-03-28 03:06 - 2000-08-31 01:00 - 00068096 ____A C:\Windows\zip.exe 2013-03-28 03:03 - 2013-03-30 15:11 - 00000000 ___AD C:\Qoobox 2013-03-28 03:03 - 2013-03-28 19:06 - 00000000 ____D C:\Windows\erdnt 2013-03-24 23:45 - 2013-03-24 23:45 - 00000000 ____D C:\Users\Ben\Desktop\TheStrain 2013-03-24 23:45 - 2013-03-24 23:45 - 00000000 ____D C:\Users\Ben\Desktop\Phantom Zombie Pack 2013-03-24 15:07 - 2013-03-24 15:07 - 09998094 ____A C:\Users\Ben\Desktop\wing_commander_reference_cards.zip 2013-03-24 15:07 - 2013-03-24 15:07 - 02735435 ____A C:\Users\Ben\Desktop\wing_commander_manual.zip ==================== One Month Modified Files and Folders ======== 2013-04-22 20:20 - 2013-04-22 20:20 - 00000000 ____D C:\Program Files\CodeStuff 2013-04-22 20:19 - 2013-04-22 20:19 - 01147723 ____A (Farbar) C:\Users\Ben\Desktop\FRST.exe 2013-04-22 20:18 - 2013-04-09 15:00 - 00005462 ____A C:\Users\Ben\Network_Meter_Data.js 2013-04-22 20:18 - 2012-02-14 03:42 - 00000000 ____D C:\Users\Ben\AppData\Local\LogMeIn Hamachi 2013-04-22 20:18 - 2011-10-26 02:07 - 00000000 ___RD C:\Users\Ben\Dropbox 2013-04-22 20:18 - 2011-10-26 02:04 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Dropbox 2013-04-22 20:17 - 2012-02-29 10:10 - 00000876 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-04-22 20:17 - 2011-03-17 08:36 - 00000308 ____A C:\Windows\Tasks\GlaryInitialize.job 2013-04-22 20:04 - 2012-04-08 10:10 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-04-22 19:57 - 2012-02-29 10:10 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-04-22 18:56 - 2011-03-16 23:57 - 01900185 ____A C:\Windows\WindowsUpdate.log 2013-04-22 18:41 - 2009-07-14 05:34 - 00014336 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-04-22 18:41 - 2009-07-14 05:34 - 00014336 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-04-22 18:32 - 2009-07-14 05:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-04-22 18:32 - 2009-07-14 05:39 - 00005036 ____A C:\Windows\setupact.log 2013-04-22 01:02 - 2013-04-10 01:41 - 00000025 ____A C:\Users\Ben\AppData\Roaming\Network Meter_Usage.ini 2013-04-21 19:51 - 2011-05-10 03:03 - 00000000 ____D C:\Program Files\Steam 2013-04-21 19:27 - 2012-11-30 02:26 - 00000000 ____D C:\GOG Games 2013-04-21 19:27 - 2011-04-01 00:04 - 00000000 ____D C:\Program Files\GOG.com 2013-04-21 01:17 - 2011-04-12 03:33 - 00000000 ____D C:\Users\Ben\AppData\Roaming\vlc 2013-04-20 14:20 - 2011-07-07 22:30 - 00000000 ____D C:\Users\Ben\AppData\Roaming\TS3Client 2013-04-20 02:22 - 2011-03-17 00:57 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Skype 2013-04-20 02:17 - 2013-04-20 01:38 - 00000000 ____D C:\Users\Ben\Documents\TmForever 2013-04-20 01:38 - 2011-03-17 10:35 - 00401734 ____A C:\Windows\Directx.log 2013-04-20 01:33 - 2013-04-20 01:32 - 00000000 ____D C:\Program Files\TmNationsForever 2013-04-19 22:36 - 2011-05-24 05:13 - 00000000 ____D C:\Program Files\DOSBox-0.74 2013-04-19 22:28 - 2013-04-19 22:28 - 00000000 ___HD C:\Windows\PIF 2013-04-18 01:02 - 2013-04-18 01:02 - 00000000 ____D C:\Users\Ben\AppData\Roaming\NCH Software 2013-04-18 01:02 - 2013-04-18 01:02 - 00000000 ____D C:\Program Files\NCH Software 2013-04-16 18:58 - 2012-04-08 10:10 - 00691592 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2013-04-16 18:58 - 2011-05-30 02:09 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2013-04-16 18:58 - 2011-03-27 17:00 - 00000000 ____D C:\Temp 5 2013-04-16 18:04 - 2013-04-16 18:02 - 00000000 ____D C:\Program Files\SpywareBlaster 2013-04-16 17:49 - 2011-03-17 00:56 - 00000000 ____D C:\Users\Ben\AppData\Local\TSVNCache 2013-04-16 17:39 - 2011-03-17 08:38 - 00184162 ____A C:\Windows\PFRO.log 2013-04-15 14:39 - 2011-02-01 00:39 - 00000000 ____D C:\Users\Ben\Documents\StarCraft II 2013-04-15 14:05 - 2011-02-09 00:05 - 00000000 ____D C:\Program Files\StarCraft II 2013-04-15 14:02 - 2011-02-09 00:05 - 00000000 ____D C:\Program Files\Common Files\Blizzard Entertainment 2013-04-15 02:12 - 2013-04-15 02:12 - 00000065 ____A C:\Users\Ben\Desktop\corruption of champions.txt 2013-04-14 20:00 - 2012-12-02 14:41 - 00000000 ____D C:\Users\Ben\AppData\Local\Take On Helicopters 2013-04-14 18:24 - 2011-03-21 00:52 - 00107888 ____A (Sony DADC Austria AG.) C:\Windows\System32\CmdLineExt.dll 2013-04-14 18:14 - 2013-04-14 18:14 - 00000000 ____D C:\Users\Ben\AppData\Local\SWTORPerf 2013-04-14 18:09 - 2013-03-29 17:06 - 00013644 ____A C:\Users\Ben\Documents\Install STAR WARS The Old Republic.log 2013-04-14 18:08 - 2013-04-14 18:08 - 00000000 ____D C:\Program Files\Electronic Arts 2013-04-14 18:08 - 2011-02-04 07:35 - 00000000 ____D C:\Program Files\Common Files\BioWare 2013-04-14 14:29 - 2013-04-14 14:26 - 261846936 ____A (GOG.com ) C:\Users\Ben\Downloads\setup_magic_carpet2_2.1.0.7.exe 2013-04-13 19:44 - 2011-03-17 00:46 - 00000000 ____D C:\Users\Ben\AppData\Local\Google 2013-04-13 14:44 - 2012-10-08 23:51 - 00000000 __SHD C:\Program Files\a4d 2013-04-13 14:35 - 2011-02-04 00:42 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-04-13 14:32 - 2011-03-04 04:19 - 00000000 ____D C:\Program Files\Foxit Software 2013-04-13 14:32 - 2011-02-03 21:38 - 00000000 ____D C:\Program Files\Common Files\Adobe 2013-04-12 23:32 - 2011-07-07 22:18 - 00000000 ____D C:\Users\Ben\AppData\Local\TeamSpeak 3 Client 2013-04-11 20:41 - 2012-09-17 22:35 - 00000000 ____D C:\Users\Ben\AppData\Local\ArmA 2 OA 2013-04-11 19:25 - 2011-02-03 22:51 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2013-04-11 18:51 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache 2013-04-11 17:51 - 2009-07-14 05:33 - 00409120 ____A C:\Windows\System32\FNTCACHE.DAT 2013-04-11 00:17 - 2011-03-17 21:10 - 00000000 ____D C:\Windows\System32\Drivers\ja-JP 2013-04-11 00:17 - 2011-03-17 20:47 - 00000000 ____D C:\Windows\System32\Drivers\nl-NL 2013-04-11 00:17 - 2011-03-17 20:31 - 00000000 ____D C:\Windows\System32\Drivers\it-IT 2013-04-11 00:17 - 2011-03-17 19:41 - 00000000 ____D C:\Windows\System32\Drivers\de-DE 2013-04-11 00:17 - 2011-03-17 07:34 - 00000000 ____D C:\Windows\System32\Drivers\fr-FR 2013-04-11 00:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\zh-TW 2013-04-11 00:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\zh-HK 2013-04-11 00:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\zh-CN 2013-04-11 00:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\th-TH 2013-04-11 00:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\sv-SE 2013-04-11 00:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\sl-SI 2013-04-11 00:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\sk-SK 2013-04-11 00:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\ru-RU 2013-04-11 00:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\pt-PT 2013-04-11 00:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\pt-BR 2013-04-11 00:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\nl-NL 2013-04-11 00:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\nb-NO 2013-04-11 00:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\lv-LV 2013-04-11 00:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\ja-JP 2013-04-11 00:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\it-IT 2013-04-11 00:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\hu-HU 2013-04-11 00:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\he-IL 2013-04-11 00:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\fr-FR 2013-04-11 00:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\fi-FI 2013-04-11 00:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\et-EE 2013-04-11 00:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\el-GR 2013-04-11 00:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\DriverStore 2013-04-11 00:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\de-DE 2013-04-11 00:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\ar-SA 2013-04-10 22:16 - 2011-03-17 01:21 - 70490256 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-04-09 14:55 - 2012-09-29 15:20 - 00001196 ____A C:\Users\Ben\AppData\Roaming\Network Meter_Settings.ini 2013-04-08 20:18 - 2012-09-08 15:44 - 00000000 ____D C:\Program Files\Splashtop 2013-04-08 20:17 - 2013-04-08 20:17 - 00000000 ____D C:\Windows\ERUNT 2013-04-08 20:17 - 2013-04-08 20:17 - 00000000 ____D C:\JRT 2013-04-07 22:44 - 2012-02-14 20:08 - 00000000 ____D C:\Program Files\Origin 2013-04-07 20:11 - 2011-05-05 03:25 - 00000000 ____D C:\Users\Ben\AppData\Roaming\.minecraft 2013-04-07 02:51 - 2013-02-03 20:39 - 00000000 ____D C:\Program Files\War Thunder 2013-04-07 00:41 - 2012-03-20 19:42 - 00000178 ____A C:\Users\Ben\Desktop\Money owed.txt 2013-04-05 00:29 - 2012-02-29 10:10 - 00000000 ____D C:\Program Files\Google 2013-04-04 14:50 - 2012-10-09 01:33 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-04-04 01:33 - 2011-02-04 00:39 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-04-03 20:01 - 2013-04-03 20:01 - 00000000 ____D C:\Users\Ben\Doctor Web 2013-04-02 11:33 - 2011-03-17 01:22 - 00237088 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe 2013-04-01 17:57 - 2011-03-17 21:28 - 00460878 ____A C:\Windows\System32\prfh0804.dat 2013-04-01 17:57 - 2011-03-17 21:28 - 00156308 ____A C:\Windows\System32\prfc0804.dat 2013-04-01 17:57 - 2011-03-17 21:11 - 00494688 ____A C:\Windows\System32\perfh011.dat 2013-04-01 17:57 - 2011-03-17 21:11 - 00158448 ____A C:\Windows\System32\perfc011.dat 2013-04-01 17:57 - 2011-03-17 20:48 - 00825712 ____A C:\Windows\System32\perfh013.dat 2013-04-01 17:57 - 2011-03-17 20:48 - 00190064 ____A C:\Windows\System32\perfc013.dat 2013-04-01 17:57 - 2011-03-17 20:32 - 00822656 ____A C:\Windows\System32\perfh010.dat 2013-04-01 17:57 - 2011-03-17 20:32 - 00184064 ____A C:\Windows\System32\perfc010.dat 2013-04-01 17:57 - 2011-03-17 20:23 - 00810730 ____A C:\Windows\System32\prfh0816.dat 2013-04-01 17:57 - 2011-03-17 20:23 - 00189946 ____A C:\Windows\System32\prfc0816.dat 2013-04-01 17:57 - 2011-03-17 19:59 - 00806128 ____A C:\Windows\System32\perfh019.dat 2013-04-01 17:57 - 2011-03-17 19:59 - 00187488 ____A C:\Windows\System32\perfc019.dat 2013-04-01 17:57 - 2011-03-17 19:50 - 00795714 ____A C:\Windows\System32\prfh0416.dat 2013-04-01 17:57 - 2011-03-17 19:50 - 00184748 ____A C:\Windows\System32\prfc0416.dat 2013-04-01 17:57 - 2011-03-17 07:58 - 00744606 ____A C:\Windows\System32\perfh01D.dat 2013-04-01 17:57 - 2011-03-17 07:58 - 00179226 ____A C:\Windows\System32\perfc01D.dat 2013-04-01 17:57 - 2011-03-17 07:40 - 00478180 ____A C:\Windows\System32\prfh0404.dat 2013-04-01 17:57 - 2011-03-17 07:40 - 00151394 ____A C:\Windows\System32\prfc0404.dat 2013-04-01 17:57 - 2011-03-17 02:14 - 00575306 ____A C:\Windows\System32\perfh014.dat 2013-04-01 17:57 - 2011-03-17 02:14 - 00131830 ____A C:\Windows\System32\perfc014.dat 2013-04-01 17:57 - 2011-03-17 00:35 - 17580002 ____A C:\Windows\System32\PerfStringBackup.INI 2013-03-30 16:06 - 2011-02-04 00:43 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2013-03-30 15:11 - 2013-03-30 14:25 - 00000000 ____D C:\ComboFix 2013-03-30 15:11 - 2013-03-28 03:03 - 00000000 ___AD C:\Qoobox 2013-03-30 14:59 - 2009-07-14 03:04 - 00000689 ____A C:\Windows\system.ini 2013-03-29 17:06 - 2013-03-29 17:06 - 00000000 ____D C:\users\hedev 2013-03-28 20:56 - 2011-03-17 07:48 - 00000000 ____D C:\Windows\th-TH 2013-03-28 19:09 - 2009-07-14 03:37 - 00000000 __RHD C:\users\Default 2013-03-28 19:09 - 2009-07-14 03:37 - 00000000 ___RD C:\users\Public 2013-03-28 19:06 - 2013-03-28 03:03 - 00000000 ____D C:\Windows\erdnt 2013-03-28 09:20 - 2013-03-28 09:20 - 00000000 ____D C:\FRST 2013-03-27 09:52 - 2011-03-17 21:10 - 00000000 ____D C:\Windows\ja-JP 2013-03-26 21:34 - 2011-02-04 00:42 - 00000000 ____D C:\Program Files\Glary Utilities 2013-03-26 21:34 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\wfp 2013-03-26 21:34 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\registration 2013-03-24 23:45 - 2013-03-24 23:45 - 00000000 ____D C:\Users\Ben\Desktop\TheStrain 2013-03-24 23:45 - 2013-03-24 23:45 - 00000000 ____D C:\Users\Ben\Desktop\Phantom Zombie Pack 2013-03-24 15:07 - 2013-03-24 15:07 - 09998094 ____A C:\Users\Ben\Desktop\wing_commander_reference_cards.zip 2013-03-24 15:07 - 2013-03-24 15:07 - 02735435 ____A C:\Users\Ben\Desktop\wing_commander_manual.zip ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit Last Boot: 2013-04-14 04:50 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-04-2013 02 Ran by Ben at 2013-04-22 20:24:54 Run: Running from C:\Users\Ben\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= @BIOS (Version: 2.24) µTorrent (Version: 3.2.1.28086) A Game of Dwarves A Valley Without Wind A.R.E.S. AC3Filter 1.62b (Version: 1.62b) ACEIP (Version: 1.13) ACEMod (Version: 1.09) Adobe AIR (Version: 3.3.0.3670) Adobe Flash Player 11 ActiveX (Version: 11.7.700.169) Adobe Flash Player 11 Plugin (Version: 11.7.700.169) Adobe Shockwave Player 11.6 (Version: 11.6.5.635) Age of Mythology Age of Mythology - The Titans Expansion AI War: Fleet Command AirBuccaneers AirMech Alien Swarm Alien Swarm - SDK Aliens vs. Predator Altitude Anno 2070 Apple Application Support (Version: 2.3.3) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (Version: 2.1.3.127) Arcadia Arma 2 Army of The Czech Republic (LITE) Uninstall Arma 2 Army of The Czech Republic Uninstall ARMA 2 Operation Arrowhead Uninstall Arma 2 RFT Uninstall ArmA 2 Uninstall Arma Cold War Assault Uninstall ArmA II Launcher (Version: 1.4.1.0) ArmA Queen's Gambit Uninstall ArmA Uninstall ASUS GPU Tweak (Version: 2.1.0.1) ASUS PCE-N15 WLAN Card Utilities & Driver (Version: 1.0.0.7) Audacity 2.0 AutoGreen B12.0206.1 (Version: 1.00.0000) avast! Free Antivirus (Version: 7.0.1466.0) BattlEye for Iron Front Uninstall BattlEye for OA Uninstall Battlezone 1.5 version 0.60 (Version: 0.60) Battlezone 1998 Battlezone Configuration Utilities Battlezone II Bear Force II 0.3 (Version: 0.3) Beat Hazard Big Fish Games: Game Manager (Version: 3.0.1.60) BIT.TRIP BEAT BIT.TRIP CORE BIT.TRIP RUNNER BIT.TRIP VOID Blazing Angels Squadrons of WWII (Version: 1.02.0000) Blitzkrieg Mod (Version: 4.6.4.1) Blood II: The Chosen BoneCraft (Version: 1.0.4) Bonjour (Version: 3.0.0.10) Borderlands 2 Braid BufferChm (Version: 90.0.146.000) Build Your Own Net Dream (remove only) BulletStorm (Version: 1.0.0001.130) Call of Duty® - World at War 1.2 Patch Call of Duty® - World at War 1.4 Patch Call of Duty® - World at War 1.5 Patch Call of Duty® - World at War 1.6 Patch Call of Duty® - World at War 1.7 Patch Call of Duty® 4 - Modern Warfare 1.7 Patch CamStudio OSS Desktop Recorder (Version: 2.6 Beta r294) Cargo Commander Choplifter HD Cisco EAP-FAST Module (Version: 2.2.14) Cisco LEAP Module (Version: 1.0.19) Cisco PEAP Module (Version: 1.1.6) Codename Gordon CodeStuff Starter (Version: 5.6.2.9) Company of Heroes - FAKEMSI (Version: 2.0.0.0) Company of Heroes (Version: 2.602.0) Conquest Frontier Wars (Version: 2.0.0.6) Contribtastic 2.1.1 (Version: 2.1.1) Core Temp version 0.99.7 (Version: 0.99.7) Cortex Command Counter-Strike: Global Offensive Counter-Strike: Source CPUID CPU-Z 1.60 Crusader No Regret (Version: 2.0.0.8) Crusader No Remorse (Version: 2.0.0.15) Crysis Wars CustomerResearchQFolder (Version: 1.00.0000) D.I.P.R.I.P. Warm Up D1400 (Version: 90.0.235.000) D1400_Help (Version: 90.0.235.000) D3DX10 (Version: 15.4.2368.0902) Dangerous Waters Dark Reign - The Future of War + The Rise of the Shadowhand Dark Reign 2 Dawn of War - Dark Crusade (Version: 1.00.0000) Dawn of War - Soulstorm (Version: 1.00.0000) Dawn of War - Tyranid Mod v0.45DC (Version: "0.45DC") Dawn of War - Tyranid Mod v0.45SS (Version: "0.45SS") Dawn Of War - Winter Assault (Version: 1.4) DawnOfWar (Version: 1.00.00000) Day of Defeat: Source DCS Black Shark 2 (Version: 1.1.1.1) DCS World (Version: 1.2.2.7570) Death Rally for Windows Debut Video Capture Software Defense Grid: The Awakening Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Descent 3 and Mercenary Expansion Descent and Descent 2 (Version: 2.0.0.7) Desura (Version: 100.53) Desura: 8-Bit Commando (Version: Demo) Desura: Battle Group (Version: Full) Desura: Dwarf Fortress (Version: Full) Desura: Hack, Slash, Loot (Version: Demo) Desura: OpenTTD (Version: Full) Desura: Soldat (Version: Free) DeviceDiscovery (Version: 90.0.205.000) DeviceManagementQFolder (Version: 1.00.0000) D-Fend Reloaded 1.2.1 (deinstall) (Version: 1.3.0) Dino D-Day dj_sf_ProductContext (Version: 90.0.235.000) dj_sf_software (Version: 90.0.235.000) dj_sf_software_req (Version: 90.0.235.000) Dropbox (Version: 1.6.18) Dungeon Siege Legends of Aranna Dungeons of Dredmor Dystopia Easy Tune 6 B12.0402.1 (Version: 1.00.0000) EasyBCD 2.1.2 (Version: 2.1.2) Eets ESET Online Scanner v3 eSupportQFolder (Version: 1.00.0000) Euro Truck Simulator 2 EVE Online (remove only) EVEMon (Version: 1.8.1.4016) Fallout Mod Manager 0.13.21 FileZilla Client 3.6.0.2 (Version: 3.6.0.2) Forged Alliance Forever (Version: 240.8.4) Foxit Reader (Version: 5.4.5.124) Freespace 2 Freespace with Silent Threat Expansion Frozen Synapse FTL: Faster Than Light GameRanger GameShadow V3.1 (Version: 3.00.000) GameSpy Comrade (Version: 3.2.17.236) Garry's Mod Glary Utilities 2.51.0.1666 (Version: 2.51.0.1666) GOG.com Downloader (Version: 0.9.30) Google Chrome (Version: 26.0.1410.64) Google Update Helper (Version: 1.3.21.135) Gratuitous Space Battles Gratuitous Tank Battles Half-Life 2 Half-Life 2: Deathmatch Half-Life 2: Episode One Half-Life 2: Episode Two Half-Life 2: Lost Coast Half-Life Deathmatch: Source Hard Reset Hawken HazeronPatch Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000) HiJackThis (Version: 1.0.0) HOARD Homeworld2 Hotline Miami HP Customer Participation Program 9.0 (Version: 9.0) HP Deskjet Printer Driver Software 9.0 (Version: 9.0) HP Imaging Device Functions 9.0 (Version: 9.0) HP Photosmart Essential 2.01 (Version: 2.01) HP Photosmart Essential2.01 (Version: 1.01.0000) HP Product Detection (Version: 11.14.0001) HP Solution Center 9.0 (Version: 9.0) HP Update (Version: 5.003.001.001) HPProductAssistant (Version: 90.0.146.000) HPSSupply (Version: 2.2.0.0000) I Am Alive iCloud (Version: 2.1.2.8) Impulse® (Version: 3.29) Indeo® Software Intel® Management Engine Components (Version: 8.0.0.1351) Intel® USB 3.0 eXtensible Host Controller Driver (Version: 1.0.3.214) Iron Grip: Warlord iTunes (Version: 11.0.2.26) Java 7 Update 17 (Version: 7.0.170) Java Auto Updater (Version: 2.1.9.0) Junk Mail filter update (Version: 15.4.3502.0922) KerbalModManager (Version: 1.4.61) Killing Floor Killing Floor SDK KKND2 Krossfire (Version: 2.0.0.7) Krush, Kill and Destroy Xtreme Krush, Kill 'n' Destroy Xtreme LAME v3.99.3 (for Windows) Left 4 Dead Left 4 Dead 2 Left 4 Dead 2 Add-on Support Left 4 Dead 2 Authoring Tools Left 4 Dead 2 Dedicated Server Left 4 Dead Authoring Tools Left 4 Dead Dedicated Server LIMBO Livestream Procaster (Version: 20.3.0) Lockon Flaming Cliffs 1.2.1 patch Logitech QuickCam (Version: 10.51.2029) LogMeIn Hamachi (Version: 2.1.0.294) Lone Survivor LoveChess Age Of Egypt (Version: 2.29.0000) LoveChess Salvage (Version: 1.02) LoveChess The Greek Era (Free) (Version: 1.50.000) Machinarium Magic Carpet (Version: 2.0.0.18) Magic Carpet 2 (Version: 2.1.0.7) MagicDisc 2.7.106 Magicka Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300) MarketResearch (Version: 90.0.146.000) Mass Effect (Version: 1.00) Mass Effect 2 (Version: 1.02) Mass Effect™ 3 (Version: 1.05.0.0) MechWarrior Online (Version: 1.2.0.0) Mesh Runtime (Version: 15.4.5722.2) Messenger Companion (Version: 15.4.3502.0922) Microsoft .NET Framework 1.1 (Version: 1.1.4322) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6012.5000) Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0) Microsoft Games for Windows Marketplace (Version: 3.5.50.0) Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000) Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000) Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000) Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000) Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000) Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000) Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000) Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000) Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000) Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000) Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000) Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000) Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000) Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000) Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000) Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000) Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000) Microsoft Security Client (Version: 4.2.0223.1) Microsoft Security Essentials (Version: 4.2.223.1) Microsoft Silverlight (Version: 5.1.20125.0) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft SQL Server 2008 Microsoft SQL Server 2008 Browser (Version: 10.3.5500.0) Microsoft SQL Server 2008 Common Files (Version: 10.3.5500.0) Microsoft SQL Server 2008 Database Engine Services (Version: 10.3.5500.0) Microsoft SQL Server 2008 Database Engine Shared (Version: 10.3.5500.0) Microsoft SQL Server 2008 Management Objects (Version: 10.0.1600.22) Microsoft SQL Server 2008 Native Client (Version: 10.3.5500.0) Microsoft SQL Server 2008 RsFx Driver (Version: 10.3.5500.0) Microsoft SQL Server 2008 Setup Support Files (Version: 10.3.5500.0) Microsoft SQL Server VSS Writer (Version: 10.3.5500.0) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Express Edition with SP1 - ENU Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual J# .NET Redistributable Package 1.1 (Version: 1.1.4322) Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (Version: 6.1.5288.17011) Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu (Version: 3.5.30729) Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 (Version: 6.1.5295.17011) Microsoft Xbox 360 Accessories 1.2 (Version: 1.20.146.0) Microsoft XML Parser (Version: 8.70.1104.04) Microsoft XNA Framework Redistributable 1.0 Refresh (Version: 1.1.10405.0) Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0) Microsoft XNA Framework Redistributable 4.0 Refresh (Version: 4.0.30901.0) Mount & Blade Mount & Blade: Warband Mount & Blade: With Fire and Sword Mozilla Firefox 12.0 (x86 en-GB) (Version: 12.0) Mozilla Maintenance Service (Version: 12.0) MrRobot 1.21 MSVCRT (Version: 15.4.2862.0708) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0) MSXML4 Parser (Version: 1.0.0) Myth II: Soulblighter version 1.7.1 (Version: 1.7.1) Natural Selection 2 Naval War: Arctic Circle Nexus: The Jupiter Incident North and South version 0.4 (Version: 0.4) Notepad++ (Version: 5.9) Nuclear Dawn NVIDIA 3D Vision Driver 311.06 (Version: 311.06) NVIDIA Control Panel 311.06 (Version: 311.06) NVIDIA Graphics Driver 311.06 (Version: 311.06) NVIDIA HD Audio Driver 1.3.18.0 (Version: 1.3.18.0) NVIDIA Install Application (Version: 2.1002.108.688) NVIDIA PhysX (Version: 9.12.1031) NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031) NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106) NVIDIA Update 1.11.3 (Version: 1.11.3) NVIDIA Update Components (Version: 1.11.3) O&O CleverCache (Version: 7.1.2787) On the Rain-Slick Precipice of Darkness, Episode One On the Rain-Slick Precipice of Darkness, Episode Two ON_OFF Charge B11.1102.1 (Version: 1.00.0001) One Unit Whole Blood (Version: 2.0.0.21) OpenAL Orcs Must Die! Organ Trail: Director's Cut Origin (Version: 8.5.0.4554) PanoStandAlone (Version: 90.0.146.000) PAYDAY: The Heist PC Wizard 2012.2.0 PeerGuardian 2.0 (Version: 2.1.0.2) Penny Arcade's On the Rain-Slick Precipice of Darkness 3 PerfectDisk 12 Professional (Version: 12.00.290) PlanetSide 2 Poker Night at the Inventory Portal Portal 2 PSSWCORE (Version: 2.01.0000) PunkBuster Services (Version: 0.986) PVSonyDll (Version: 1.00.0001) Python 2.6 (Version: 2.6.150) QuickTime (Version: 7.73.80.64) Real Hide IP (Version: 4.0.9.2) Realtek Ethernet Controller Driver (Version: 7.49.927.2011) Realtek High Definition Audio Driver (Version: 6.0.1.6554) Revo Uninstaller 1.94 (Version: 1.94) Rockstar Games Social Club (Version: 1.1.0.1) Sanctum SequoiaView Service Pack 3 for SQL Server 2008 (KB2546951) (Version: 10.3.5500.0) Shores of Hazeron Silver SimCity 4 Deluxe Sins of a Solar Empire Sins of a Solar Empire - Diplomacy Sins of a Solar Empire - Entrenchment Sins of a Solar Empire: Rebellion Beta Six Updater (Version: 2.09.7024) Skype Click to Call (Version: 6.2.10687) Skype™ 6.1 (Version: 6.1.129) Sniper Elite: Nazi Zombie Army SolutionCenter (Version: 90.0.146.000) Source SDK Spec Ops: The Line Splashtop Connect for Firefox (Version: 2.0.5.2) Splashtop Connect for IE (Version: 2.0.5.1) SpywareBlaster 5.0 (Version: 5.0.0) Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0) SQL Server System CLR Types (Version: 10.3.5500.0) Star Conflict Star Hammer Tactics Demo Star Wars: The Old Republic (Version: 1.00) StarCraft II (Version: 2.0.7.25293) StarForge Alpha Starscape Music Pack Starscape V2.3 Status (Version: 90.0.146.000) Steam (Version: 1.0.0.0) Strike Commander CD-ROM Edition (Version: 2.0.0.5) Stronghold (Version: 1.20.0000) Stronghold 2 (Version: 1.40.1000) Stronghold Crusader Extreme (Version: 1.20.0000) Stronghold Legends (Version: 1.20.0000) Super Meat Boy Super Meat Boy Editor Supreme Commander (Version: 1.00.0000) SWBFIIv1.2 Sword of the Stars: The Pit Syndicate (Version: 2.0.0.11) Syndicate Wars (Version: 2.0.0.20) System Requirements Lab CYRI (Version: 4.5.1.0) Take On Helicopters Take On Helicopters Rearmed Uninstall Take On Hinds Take On Noisecontrollers Uninstall Team Fortress 2 TeamSpeak 3 Client (Version: 3.0.10.1) TeamViewer 7 (Version: 7.0.12979) TextMaker Viewer The Anglo Zulu war (Version: 1.0.0) The Binding of Isaac The Ur-Quan Masters 0.7.0 (Version: 0.7.0) The Walking Dead Theme Hospital (Version: 2.0.0.5) TmNationsForever Toolbox (Version: 90.0.146.000) Torchlight Editor TortoiseSVN 1.7.6.22632 (32 bit) (Version: 1.7.22632) TrayApp (Version: 90.0.146.000) Trine Tropico 2: Pirate Cove Ubisoft Game Launcher (Version: 1.0.0.0) UltraMon (Version: 3.1.0) Unity (Version: ) Unity Web Player (Version: ) Universe at War Earth Assault (Version: 1.00.0000) UnloadSupport (Version: 9.0.0) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition VDMSound 2.0.4 (Version: 2.0.4.0) VideoPad Video Editor VideoToolkit01 (Version: 90.0.146.000) VLC media player 2.0.5 (Version: 2.0.5) VMware Workstation (Version: 7.1.4.16648) War Thunder Launcher 1.0.1.145 WebM Media Foundation Components (Version: 1.0.0.0) WebReg (Version: 90.0.146.000) Winamp (Version: 5.621 ) Winamp Detector Plug-in (Version: 1.0.0.1) Windows 7 Codec Pack 3.5.0 (Version: 3.5.0) Windows Live Communications Platform (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3538.0513) Windows Live Family Safety (Version: 15.4.3538.0513) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live Installer (Version: 15.4.3502.0922) Windows Live Mail (Version: 15.4.3502.0922) Windows Live Mesh (Version: 15.4.3502.0922) Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2) Windows Live Messenger (Version: 15.4.3538.0513) Windows Live Messenger Companion Core (Version: 15.4.3502.0922) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (Version: 15.4.3502.0922) Windows Live Photo Common (Version: 15.4.3502.0922) Windows Live Photo Gallery (Version: 15.4.3502.0922) Windows Live PIMT Platform (Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (Version: 15.4.3502.0922) Windows Live SOXE Definitions (Version: 15.4.3502.0922) Windows Live UX Platform (Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (Version: 15.4.3508.1109) Windows Live Writer (Version: 15.4.3502.0922) Windows Live Writer Resources (Version: 15.4.3502.0922) Wing Commander 1 and 2 (Version: 2.0.0.18) Wing Commander III - Heart of the Tiger (Version: 2.0.0.5) Wing Commander IV (Version: 2.0.0.17) Wing Commander Privateer (Version: 2.0.0.9) WinRAR 4.00 (32-bit) (Version: 4.00.0) WinSCP 4.3.7 (Version: 4.3.7) World in Conflict: Soviet Assault (Version: 1.0.1.0) World of Warcraft (Version: 5.2.0.16709) XCOM: Enemy Unknown Demo X-COM: Enforcer XviD MPEG-4 Codec Zeno Clash Zeno Clash Models Zip Motion Block Video codec (Remove Only) Zombie Driver HD Zombie Panic Source ==================== Restore Points ========================= 21-04-2013 09:42:12 Scheduled Checkpoint 22-04-2013 17:44:14 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/22/2013 08:22:09 PM) (Source: Application Error) (User: ) Description: Faulting application name: svchost.exe_p2pimsvc, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b60 Exception code: 0xc0000005 Fault offset: 0x0003224d Faulting process id: 0x16d8 Faulting application start time: 0xsvchost.exe_p2pimsvc0 Faulting application path: svchost.exe_p2pimsvc1 Faulting module path: svchost.exe_p2pimsvc2 Report Id: svchost.exe_p2pimsvc3 Error: (04/22/2013 07:21:34 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/22/2013 07:14:18 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/22/2013 07:14:18 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/21/2013 11:24:34 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/21/2013 11:24:34 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/21/2013 10:41:14 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/21/2013 10:35:19 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/21/2013 10:35:19 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/20/2013 01:34:23 AM) (Source: VSS) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {00acb7df-a5f6-4a4c-8e4a-865adcb6c51a} System errors: ============= Error: (04/22/2013 08:22:11 PM) (Source: Service Control Manager) (User: ) Description: The Peer Name Resolution Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. Error: (04/22/2013 08:22:11 PM) (Source: Service Control Manager) (User: ) Description: The Peer Networking Grouping service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. Error: (04/22/2013 08:22:11 PM) (Source: Service Control Manager) (User: ) Description: The Peer Networking Identity Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. Error: (04/22/2013 08:18:40 PM) (Source: Service Control Manager) (User: ) Description: The WinRing0_1_2_0 service failed to start due to the following error: %%2 Error: (04/22/2013 08:17:38 PM) (Source: Service Control Manager) (User: ) Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143. Error: (04/22/2013 08:10:20 PM) (Source: DCOM) (User: ) Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED} Error: (04/22/2013 08:09:52 PM) (Source: Service Control Manager) (User: ) Description: The Windows Modules Installer service terminated with the following error: %%1450 Error: (04/22/2013 06:36:01 PM) (Source: Service Control Manager) (User: ) Description: The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 Error: (04/22/2013 06:36:01 PM) (Source: Service Control Manager) (User: ) Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: %%1330 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (04/22/2013 06:33:06 PM) (Source: Service Control Manager) (User: ) Description: The SupportSoft RemoteAssist service failed to start due to the following error: %%2 Microsoft Office Sessions: ========================= Error: (04/22/2013 08:22:09 PM) (Source: Application Error)(User: ) Description: svchost.exe_p2pimsvc6.1.7600.163854a5bc100ntdll.dll6.1.7601.177254ec49b60c00000050003224d16d801ce3f8e0e5beb60C:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dllec90204f-ab81-11e2-8840-902b341dfe76 Error: (04/22/2013 07:21:34 PM) (Source: SideBySide)(User: ) Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\GIGABYTE\ET6\DLLS\install_flash_player_11_active_x_64bit.exe Error: (04/22/2013 07:14:18 PM) (Source: SideBySide)(User: ) Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Python26\Lib\distutils\command\wininst-9.0-amd64.exe Error: (04/22/2013 07:14:18 PM) (Source: SideBySide)(User: ) Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Python26\Lib\distutils\command\wininst-8_d.exe Error: (04/21/2013 11:24:34 AM) (Source: SideBySide)(User: ) Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Python26\Lib\distutils\command\wininst-9.0-amd64.exe Error: (04/21/2013 11:24:34 AM) (Source: SideBySide)(User: ) Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Python26\Lib\distutils\command\wininst-8_d.exe Error: (04/21/2013 10:41:14 AM) (Source: SideBySide)(User: ) Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\GIGABYTE\ET6\DLLS\install_flash_player_11_active_x_64bit.exe Error: (04/21/2013 10:35:19 AM) (Source: SideBySide)(User: ) Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Python26\Lib\distutils\command\wininst-9.0-amd64.exe Error: (04/21/2013 10:35:19 AM) (Source: SideBySide)(User: ) Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Python26\Lib\distutils\command\wininst-8_d.exe Error: (04/20/2013 01:34:23 AM) (Source: VSS)(User: ) Description: 0x80070005, Access is denied. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {00acb7df-a5f6-4a4c-8e4a-865adcb6c51a} ==================== Memory info =========================== Percentage of memory in use: 44% Total physical RAM: 3563.57 MB Available physical RAM: 1985.75 MB Total Pagefile: 7125.44 MB Available Pagefile: 5281.68 MB Total Virtual: 2499.88 MB Available Virtual: 2366.67 MB ==================== Drives ================================ Drive c: (Main) (Fixed) (Total:931.51 GB) (Free:3.85 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (MAIN7) (Fixed) (Total:39.52 GB) (Free:24.68 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive e: (STORAGE) (Fixed) (Total:193.36 GB) (Free:191.21 GB) NTFS Drive f: (SC2-200-D1) (CDROM) (Total:7.8 GB) (Free:0 GB) UDF Drive j: (Outpost) (CDROM) (Total:0.3 GB) (Free:0 GB) CDFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 931 GB 0 B Disk 1 Online 232 GB 1024 KB Partitions of Disk 0: =============== Disk ID: B489B48A Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 931 GB 31 KB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C Main NTFS Partition 931 GB Healthy System (partition with boot components) ========================================================= Partitions of Disk 1: =============== Disk ID: 18121811 Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 39 GB 31 KB Partition 2 Primary 193 GB 39 GB ================================================================================== Disk: 1 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 D MAIN7 NTFS Partition 39 GB Healthy ========================================================= Disk: 1 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 E STORAGE NTFS Partition 193 GB Healthy ========================================================= ============================== MBR & Partition Table ================== ==================================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: B489B48A) Partition 1: (Active) - (Size=932 GB) - (Type=07) (NTFS) ==================================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 18121811) Partition 1: (Active) - (Size=40 GB) - (Type=07) (NTFS) Partition 2: (Not Active) - (Size=193 GB) - (Type=07) (NTFS)

I found the keys for IE and manually re-entered the homepage settings etc to prevent it from hijacking the page, it didn't work consistently, and then not at all. I seem to recall having to make a new registry key to try and override it. Il find it and try it again. The hijacker was originally redirecting anything to sftwred and anything that was put in the address bar would go there also. The site has since disappeared but something is still continuing to carry out the redirect.

I have run SpywareBlaster and set it to block cookies, scripts, restricted sites and active X. However fsquirt.exe is still popping up whenever windows explorer starts. Could it be rooted somewhere in the explorer files or startup programs themselves?

Updated and done. MBAM found a trace it always keeps finding. The file keeps on cropping up after every sweep ive done with it, and removed it countless times. Here is the log: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.04.13.02 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16540 Ben :: BEN-PC [administrator] 13/04/2013 14:36:30 mbam-log-2013-04-13 (14-36-30).txt Scan type: Full scan (C:\|D:\|E:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 1511580 Time elapsed: 1 day(s), 19 hour(s), 37 minute(s), 8 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 1 HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel|HomePage (PUM.Hijack.HomePageControl) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

Had a quick look and there doesn't seem to be any instances of that file anywhere. I ran security check. Here is the log: Results of screen317's Security Check version 0.99.62 Windows 7 Service Pack 1 x86 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Microsoft Security Essentials Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.1.1000 Java 7 Update 17 Adobe Flash Player 11.6.602.180 Adobe Reader 10.1.6 Adobe Reader out of Date! Mozilla Firefox (for.) Google Chrome 26.0.1410.43 Google Chrome 26.0.1410.64 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log``````````````````````

No luck I'm afraid, still pops up on boot. Started around the same time the problem with wscript did, about a couple of months ago. I have no Bluetooth devices connected or available.

Done. Here is the log: Zoek.exe Version 4.0.0.2 Updated 08-April-2013 Tool run by Ben on 09/04/2013 at 14:37:16.41. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected ==== FireFox Fix ====================== Deleted from C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\cuoebtwm.default\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com/firefox"); user_pref("browser.newtab.url", "http://www.google.com/firefox"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "http://www.google.com/search?ie=UTF-8&oe=utf-8&q="); Added to C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\cuoebtwm.default\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); ==== Firefox Extensions ====================== ProfilePath: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\cuoebtwm.default - avast WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files\Mozilla Firefox - Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\cuoebtwm.default 47299371607DC2FB234444EEACB1639E - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll - Shockwave Flash 05C4A7136F3012BB47107333B5D351D3 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U17 D4BD9F86123C87ECA570418B69326F99 - C:\Windows\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.170.2 F00A0EF5835E1B96F783D617F1948704 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector F647D0BEA553C1D0C251CE07DA6A5511 - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll - Adobe Acrobat E0FF893763BA82BAABB869A351F0C455 - C:\Users\Ben\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll - Google Update 1AE38ADC21A906A6E368FB48FE96C1B6 - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll - Uplay PC Hub Plugin 7CC1570DA7C80FF095323F2C0D956C49 - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll - Uplay PC A5C14075B571AF1C9592595BE724D9D2 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll - Silverlight Plug-In 75A1232EAC640B782CDD2132B5271AA8 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll - NVIDIA 3D VISION D7EFF0B98C370E03D7E2593399D9B669 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll - NVIDIA 3D Vision A843FC35574ECFD9E7A41C5505A9921B - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin 11EF47BE3D8A4A943E10A63870C1F2C6 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll - QuickTime Plug-in 7.7.3 BB7F5F4966E76578A3EC0D11C444C545 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.3 16112E74A62381C69456566D35F9E51E - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.3 BB28A86CDFFFBB041C72AD9EFEAA00D0 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.3 7B1737B3D1A4FA6FB8DF43929106B916 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.3 CBC91E9FD4421FCB0F874AAD6D95D1BE - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.3 D92439F245AD2761B240C448194D0834 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll - QuickTime Plug-in 7.7.3 8FE7BA502945BE735D09D5703BD76FDA - C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll - Shockwave for Director / Shockwave for Director EB04F7516DBDA486299260A13624FEDD - C:\Users\Ben\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player F9AE1AD5CC7F73827B64A05A44902B07 - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll - Winamp Application Detector 0A1FF0B674E2F268799442A434A63BB3 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery A4ECCDA55B85DEDE48BB10E461380E6C - C:\Program Files\GameSpy\Comrade\npcomrade.dll - Comrade Plugin 855B79451ECF62602F20EB4D5C71F99B - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director 4C5F06B81921BD513429E354E1E3E981 - C:\Program Files\Mozilla Firefox\plugins\npbyond.dll - BYOND stub plugin for Mozilla 11EF47BE3D8A4A943E10A63870C1F2C6 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.7.3 BB7F5F4966E76578A3EC0D11C444C545 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.3 16112E74A62381C69456566D35F9E51E - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.3 BB28A86CDFFFBB041C72AD9EFEAA00D0 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.3 7B1737B3D1A4FA6FB8DF43929106B916 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.3 CBC91E9FD4421FCB0F874AAD6D95D1BE - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.3 D92439F245AD2761B240C448194D0834 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.3 F647D0BEA553C1D0C251CE07DA6A5511 - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat DB988B4550DB9BCE86F9199D961057FC - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat E0FF893763BA82BAABB869A351F0C455 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll - Google Update 4C5F06B81921BD513429E354E1E3E981 - C:\Program Files\BYOND\bin\npbyond.dll - BYOND stub plugin for Mozilla 2AA3703D87E1327A2290C9D416D89A28 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrlui.dll - Microsoft® Silverlight 15E298B5EC5B89C5994A59863969D9FF - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.co.uk/" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com/" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{4E38E9E7-1452-4fff-B85D-4E75C4456A13}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR" {0990C061-9F14-42AC-B29C-01EEB98DC13F} Bing Url="http://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH" {4E38E9E7-1452-4fff-B85D-4E75C4456A13} Google Url="http://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} @ieframe.dll,-12512 Url="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" {CF285E56-5626-419b-8BB2-B620F6B551BB} Yahoo Url="http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV" ==== Reset Google Chrome ====================== C:\users\Ben\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\users\Ben\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

Ran both programs. Here iss the junkware log: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.8.3 (04.05.2013:1) OS: Windows 7 Ultimate x86 Ran by Ben on 08/04/2013 at 20:17:56.79 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_current_user\software\sweetim ~~~ Files Successfully deleted: [File] C:\eula.1028.txt Successfully deleted: [File] C:\eula.1031.txt Successfully deleted: [File] C:\eula.1033.txt Successfully deleted: [File] C:\eula.1036.txt Successfully deleted: [File] C:\eula.1040.txt Successfully deleted: [File] C:\eula.1041.txt Successfully deleted: [File] C:\eula.1042.txt Successfully deleted: [File] C:\eula.1049.txt Successfully deleted: [File] C:\eula.2052.txt Successfully deleted: [File] C:\install.res.1028.dll Successfully deleted: [File] C:\install.res.1031.dll Successfully deleted: [File] C:\install.res.1033.dll Successfully deleted: [File] C:\install.res.1036.dll Successfully deleted: [File] C:\install.res.1040.dll Successfully deleted: [File] C:\install.res.1041.dll Successfully deleted: [File] C:\install.res.1042.dll Successfully deleted: [File] C:\install.res.1049.dll Successfully deleted: [File] C:\install.res.2052.dll Successfully deleted: [File] C:\install.res.3082.dll ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\splashtop" Successfully deleted: [Folder] "C:\Users\Ben\AppData\Roaming\registry mechanic" Successfully deleted: [Folder] "C:\Users\Ben\AppData\Roaming\splashtop" Successfully deleted: [Folder] "C:\Program Files\registry mechanic" Failed to delete: [Folder] "C:\Program Files\splashtop" Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin" Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{00231083-8B04-49AE-982D-EE05F03835FF} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{02FCFBFD-E366-42F0-B15B-17422C7CF25E} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{08FF7F6D-F8FE-4E1C-B004-A4F0E187585F} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{15E6D560-B449-47A3-ACAA-4916666D5EC2} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{18DA4B29-19EA-4569-B6B1-BDEEB24477FD} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{19CCA94A-E34B-4648-8C5D-F84947D0A6A5} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{1C0E44AD-7A02-4050-801D-9B53F2292F22} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{1C43243C-2BA0-49B2-AF21-724BEF31FF94} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{1E813953-989A-4888-91A7-E9D31A14ED51} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{1F15C6C9-3380-45BB-AEAD-3B44F6E916C6} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{2081F4DB-9C8A-4F7F-804E-BEFC6C64D8F8} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{210CEEF1-B795-43B5-89FD-7A3786B2993D} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{218D105B-DC8A-4593-9DD7-52711B81DCD5} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{255007C0-C457-435C-8860-90AE3AF808E4} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{27D20322-B7C5-4A2B-9878-AB335EE84963} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{28D98152-8A74-448E-900A-A6ACA900FDF3} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{29356733-1956-4DBF-A815-8B91A17171CE} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{29CAC40F-5915-4068-9224-670075434FCF} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{29CAF4AF-100A-4E51-9F12-60833C53A54D} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{2B1F9CD0-1E1A-4EC6-B30B-4DCB811165B7} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{2C60532F-8701-4D96-8CE3-4490E140D1C1} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{31B94184-3DFA-4906-AD73-53222F4062EF} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{31D1F21C-0B3D-416F-9D22-8C14165BA507} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{3241F387-A423-4F0B-819F-25047C7E7DF5} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{346707E3-95C2-4DFD-9BED-A8B0BF28F1A7} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{3640DAE6-DFD3-453F-B7CD-6D5C521AA6E3} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{3DC3D08B-2AB0-4BEC-BD8D-E41B33030090} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{3E6E2C4D-7412-4499-94ED-9F68E911D974} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{3F9201EF-46F9-4662-A6ED-632490C35934} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{43AB9B5D-F177-4206-8B32-0D4658B5A787} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{48A6B970-5078-4EA6-9342-8D7E7309D3E4} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{4AB73D57-10D9-464D-88D5-621ADDBFABAF} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{50859089-011C-4E09-95AB-2FFDC4668667} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{58C34592-8E85-4974-9791-46CCE1A4DC5D} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{5902D625-CBE1-4966-8D54-3F32B3679AE3} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{5AF4AE7B-60AD-46BF-A731-02034465312C} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{5CE06111-DD05-4C7B-AF71-99AB10B0EF75} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{5D10569A-27B9-4798-B1DF-E2C8ABF50606} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{5DD3AD5D-E700-4E65-9B38-1EBDFFB4470C} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{65C2114B-561E-49F3-A0B0-C1040E6C7E83} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{6843A471-6AE0-4184-8489-46610DDC0B63} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{6849F106-2AA5-4900-9354-786787BE3AE9} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{6A3C826D-E65B-4BD2-82DC-728F25892358} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{738305AA-F73C-4BCB-B928-1674DA445F2C} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{761D5C26-CB45-48DF-9CFB-C233C27BDCBD} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{7627718A-9F27-470D-ACAA-ACFB836C27EB} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{78DD88DB-3475-474B-B93A-E4A13581B0C4} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{7F4CD4D7-039C-46A9-8FF6-A4A9416A4389} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{7F5F30CE-E441-4FFD-BF6C-2AFB71B07D8F} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{8878E495-8AAE-4C8B-8FA3-76370780E248} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{88E7FBCA-A854-4933-8E46-44F74BF5CC9E} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{8932C8F0-82D9-4527-AFCE-27CFD7CEB4DD} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{8DC7BBEA-7D25-4744-83CD-9BA814588277} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{8DED0608-01F5-402A-9598-CC94F855E587} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{8F5A5C07-1278-41EF-922E-3F810955E928} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{90E94C9F-D558-4691-8502-215224EC3B3A} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{90F16C90-DBAD-42B3-8C39-6B27BC6E570E} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{91D49FB4-CED2-4DCD-8194-5C3EBDF4F8B6} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{95BF9945-C7F2-4EE8-A2B8-46813B5DFF3C} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{96B76296-73D8-4C3F-89F1-B1EAB3425CFA} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{982AB706-8D1C-49AD-AB9F-5589AC6CD540} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{994B6AE1-E435-4077-83F2-3ACC5CA39CCB} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{9982BF65-F885-4558-9F0A-6B6C0CD34B3B} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{9A337FB7-0E3A-44DD-B0D5-7D731DD9EB53} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{9A4104B2-F5EF-4A59-A0FB-BCD4B99B2A73} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{9B057429-B679-4695-933C-BCE536333D42} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{9F135E2D-D1AC-4ACD-BBD4-60E2A3CE37D9} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{A5240D5D-2777-4F01-8BFF-09D09FF5406E} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{A6C34005-7205-4CAD-AFBE-D204C6293FBA} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{ADF93548-69AA-440C-99FD-91FEEA0E1A5B} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{AFDA4028-02D2-4BC0-9710-190577AFB464} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{AFF15226-D833-4299-B1DF-8EEB5F148356} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{B07F820A-4138-41D1-A43A-CCDC28316A5B} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{B7F0A1A4-BA71-4F11-A26C-F53A139A6533} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{BA0F843E-DA49-41F3-BABE-B6B0C1F14A71} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{BC179B2C-39DC-4387-B3A8-4DA2446D9A60} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{BE57DB55-B053-42F4-B6AE-7EB9F87ED960} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{C01119D7-85D3-4D70-9512-7692F7D6B711} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{C07BD448-A410-4AE6-AE9E-7A673853BBD6} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{CC4373A3-D294-40EC-AC3E-BCF975F549E5} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{CD7B5315-3BD9-4BD7-98AD-F4CC63F1FB00} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{D16119AC-8371-47C8-8921-1C18936909A2} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{D3208576-512A-48FD-B837-620395EC526D} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{D4B873DF-B8E2-48E8-BBA1-3C85A4AB525C} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{D6D597E0-9C63-461C-B895-DCB25E193C2C} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{DA64D1DA-B894-45A5-823A-1BF3BAA60A65} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{DFD888C2-41B9-4099-815B-E44FEA3C8875} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{E2182604-8006-4A90-A692-183C147052FB} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{E38744DC-BEF3-4EE8-8B64-3938F15444EB} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{E512F0AC-4F64-4676-A80C-E1D2EC29E45A} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{E6D0A015-AD1F-4633-8A97-8AF9EBE61997} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{E9A6780D-E2C2-4CDF-917A-4B097CD3E55E} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{EB73650B-1FBA-4328-8CD9-6DE0130C593F} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{ED34105C-92EB-47B2-970B-25BD55D4DBA7} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{EEEE5956-5BC2-4437-ACEE-92EF7FF4DB4E} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{F06B6F82-2A78-4FED-97EB-D6AE622ACF93} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{F575347A-BB94-4023-B163-4E3CD3D01528} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{FB1BF308-1FF1-4DA7-ABBE-940086F9D016} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{FBDC19E0-AB62-4EE3-8EE9-FCAACDB879B4} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{FE0CA585-E8F8-4F59-B1FF-A26A82475F36} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{FE1F671B-B6B2-4AFC-BBD5-5EE27194A437} Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{FFFA11C8-453D-4E24-8122-3A1459E73636} ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 08/04/2013 at 20:20:04.03 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Followed by the Silent Runners log: "Silent Runners.vbs", revision 69, http://www.silentrunners.org/ Operating System: Microsoft Windows 7 Ultimate Service Pack 1 (32-bit) Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} APSDaemon = "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [Apple Inc.] RTHDVCPL = C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [Realtek Semiconductor] ZyngaGamesAgent = "C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [splashtop Inc.] STCAgent = "C:\Program Files\Splashtop\Splashtop Connect IE\STCAgent.exe" [file not found] IMSS = "C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [intel Corporation] USB3MON = "C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [intel Corporation] MSC = "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [MS] avast = "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [AVAST Software] QuickTime Task = "C:\Program Files\QuickTime\QTTask.exe" -atboottime [Apple Inc.] Adobe ARM = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated] LogMeIn Hamachi Ui = "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [LogMeIn Inc.] OOCCCTRL.EXE = "C:\Program Files\OO Software\CleverCache\ooccctrl.exe" /tasktray [O&O Software GmbH] iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe" [Apple Inc.] SunJavaUpdateSched = "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [sun Microsystems, Inc.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = AcroIEHelperStub -> {HKLM…CLSID} = Adobe PDF Link Helper \InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe Systems Incorporated] {72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided) -> {HKLM…CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [MS] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM…CLSID} = Java Plug-In SSV Helper \InProcServer32\(Default) = C:\Program Files\Java\jre7\bin\ssv.dll [Oracle Corporation] {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\(Default) = (no title provided) -> {HKLM…CLSID} = avast! WebRep \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [AVAST Software] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM…CLSID} = Windows Live ID Sign-in Helper \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] {9FDDE16B-836F-4806-AB1F-1455CBEFF289}\(Default) = (no title provided) -> {HKLM…CLSID} = Windows Live Messenger Companion Helper \InProcServer32\(Default) = C:\Program Files\Windows Live\Companion\companioncore.dll [MS] {AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\(Default) = SkypeIEPluginBHO -> {HKLM…CLSID} = Skype Browser Helper \InProcServer32\(Default) = C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [skype Technologies S.A.] {B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO -> {HKLM…CLSID} = Office Document Cache Handler \InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL [MS] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM…CLSID} = Java Plug-In 2 SSV Helper \InProcServer32\(Default) = C:\Program Files\Java\jre7\bin\jp2ssv.dll [Oracle Corporation] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ 00avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24} -> {HKLM…CLSID} = avast \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software] 1TortoiseNormal\(Default) = {C5994560-53D9-4125-87C9-F193FC689CB2} -> {HKLM…CLSID} = TortoiseSVN \InProcServer32\(Default) = C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [http://tortoisesvn.net] 2TortoiseModified\(Default) = {C5994561-53D9-4125-87C9-F193FC689CB2} -> {HKLM…CLSID} = TortoiseSVN \InProcServer32\(Default) = C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [http://tortoisesvn.net] 3TortoiseConflict\(Default) = {C5994562-53D9-4125-87C9-F193FC689CB2} -> {HKLM…CLSID} = TortoiseSVN \InProcServer32\(Default) = C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [http://tortoisesvn.net] 4TortoiseLocked\(Default) = {C5994563-53D9-4125-87C9-F193FC689CB2} -> {HKLM…CLSID} = TortoiseSVN \InProcServer32\(Default) = C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [http://tortoisesvn.net] 5TortoiseReadOnly\(Default) = {C5994564-53D9-4125-87C9-F193FC689CB2} -> {HKLM…CLSID} = TortoiseSVN \InProcServer32\(Default) = C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [http://tortoisesvn.net] 6TortoiseDeleted\(Default) = {C5994565-53D9-4125-87C9-F193FC689CB2} -> {HKLM…CLSID} = TortoiseSVN \InProcServer32\(Default) = C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [http://tortoisesvn.net] 7TortoiseAdded\(Default) = {C5994566-53D9-4125-87C9-F193FC689CB2} -> {HKLM…CLSID} = TortoiseSVN \InProcServer32\(Default) = C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [http://tortoisesvn.net] 8TortoiseIgnored\(Default) = {C5994567-53D9-4125-87C9-F193FC689CB2} -> {HKLM…CLSID} = TortoiseSVN \InProcServer32\(Default) = C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [http://tortoisesvn.net] 9TortoiseUnversioned\(Default) = {C5994568-53D9-4125-87C9-F193FC689CB2} -> {HKLM…CLSID} = TortoiseSVN \InProcServer32\(Default) = C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [http://tortoisesvn.net] DropboxExt1\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU…CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.] DropboxExt2\(Default) = {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU…CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.] DropboxExt3\(Default) = {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU…CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.] DropboxExt4\(Default) = {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU…CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.] Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = {99FD978C-D287-4F50-827F-B2C658EDA8E7} -> {HKLM…CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) \InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} -> {HKLM…CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub) \InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = {920E6DB1-9907-4370-B3A0-BAFC03D81399} -> {HKLM…CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) \InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = {16F3DD56-1AF5-4347-846D-7C10C4192619} -> {HKLM…CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder) \InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} -> {HKLM…CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) \InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [MS] HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU…CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.] {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU…CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.] {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU…CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.] {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU…CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided) -> {HKLM…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim -> {HKLM…CLSID} = Windows Live Photo Gallery Viewer Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim -> {HKLM…CLSID} = Windows Live Photo Gallery Editor Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim -> {HKLM…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {A70C977A-BF00-412C-90B7-034C51DA2439} = NvCpl DesktopContext Class -> {HKLM…CLSID} = DesktopContext Class \InProcServer32\(Default) = C:\Program Files\NVIDIA Corporation\Display\nvui.dll [NVIDIA Corporation] {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} = NVIDIA Play On My TV Context Menu Extension -> {HKLM…CLSID} = NVIDIA CPL Context Menu Extension \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation] {B41DB860-8EE4-11D2-9906-E49FADC173CA} = WinRAR shell extension -> {HKLM…CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] {72923739-5A47-40A3-9895-25AF0DFBB9E4} = Glary Utilities Context Menu Shell Extension -> {HKLM…CLSID} = Glary Utilities Context Menu Shell Extension \InProcServer32\(Default) = C:\PROGRA~1\GLARYU~1\CONTEX~1.DLL [Glarysoft Ltd] {42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler -> {HKLM…CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\msohevi.dll [MS] {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler -> {HKLM…CLSID} = Microsoft Office Metadata Handler \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS] {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler -> {HKLM…CLSID} = Microsoft Office Thumbnail Handler \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS] {3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} = Groove Namespace Extension -> {HKLM…CLSID} = Workspaces \InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [MS] {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search -> {HKLM…CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL [MS] {506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0} -> {HKLM…CLSID} = ImageExtractorShellExt Class \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS] {D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF} -> {HKLM…CLSID} = CInfoTipShellExt Class \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS] {72853161-30C5-4D22-B7F9-0BBC1D38A37E} = Groove GFS Browser Helper -> {HKLM…CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [MS] {6C467336-8281-4E60-8204-430CED96822D} = Groove GFS Context Menu Handler -> {HKLM…CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [MS] {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} = Groove GFS Explorer Bar -> {HKLM…CLSID} = Groove Folder Synchronization \InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [MS] {16F3DD56-1AF5-4347-846D-7C10C4192619} = Groove Explorer Icon Overlay 3 (GFS Folder) -> {HKLM…CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder) \InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [MS] {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook -> {HKLM…CLSID} = Groove GFS Stub Execution Hook \InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [MS] {A449600E-1DC6-4232-B948-9BD794D62056} = Groove GFS Stub Icon Handler -> {HKLM…CLSID} = Groove GFS Stub Icon Handler \InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [MS] {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} = Groove Explorer Icon Overlay 2 (GFS Stub) -> {HKLM…CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub) \InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [MS] {920E6DB1-9907-4370-B3A0-BAFC03D81399} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {HKLM…CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) \InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [MS] {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {HKLM…CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) \InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [MS] {99FD978C-D287-4F50-827F-B2C658EDA8E7} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {HKLM…CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) \InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [MS] {387E725D-DC16-4D76-B310-2C93ED4752A0} = Groove XML Icon Handler -> {HKLM…CLSID} = Groove XML Icon Handler \InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [MS] {00020D75-0000-0000-C000-000000000046} = Microsoft Outlook Desktop Icon Handler -> {HKLM…CLSID} = Microsoft Outlook \InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\MLSHEXT.DLL [MS] {0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler -> {HKLM…CLSID} = Outlook File Icon Extension \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL [MS] {30351348-7B7D-4FCC-81B4-1E394CA267EB} = TortoiseSVN -> {HKLM…CLSID} = TortoiseSVN \InProcServer32\(Default) = C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll [http://tortoisesvn.net] {30351347-7B7D-4FCC-81B4-1E394CA267EB} = TortoiseSVN -> {HKLM…CLSID} = TortoiseSVN \InProcServer32\(Default) = C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll [http://tortoisesvn.net] {3035134A-7B7D-4FCC-81B4-1E394CA267EB} = TortoiseSVN -> {HKLM…CLSID} = TortoiseSVN \InProcServer32\(Default) = C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll [http://tortoisesvn.net] {3035134C-7B7D-4FCC-81B4-1E394CA267EB} = TortoiseSVN -> {HKLM…CLSID} = TortoiseSVN \InProcServer32\(Default) = C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll [http://tortoisesvn.net] {30351346-7B7D-4FCC-81B4-1E394CA267EB} = TortoiseSVN -> {HKLM…CLSID} = TortoiseSVN \InProcServer32\(Default) = C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll [http://tortoisesvn.net] {30351349-7B7D-4FCC-81B4-1E394CA267EB} = TortoiseSVN -> {HKLM…CLSID} = TortoiseSVN \InProcServer32\(Default) = C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll [http://tortoisesvn.net] {3035134B-7B7D-4FCC-81B4-1E394CA267EB} = TortoiseSVN -> {HKLM…CLSID} = TortoiseSVN \InProcServer32\(Default) = C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll [http://tortoisesvn.net] {3035134D-7B7D-4FCC-81B4-1E394CA267EB} = TortoiseSVN -> {HKLM…CLSID} = TortoiseSVN \InProcServer32\(Default) = C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll [http://tortoisesvn.net] {3035134E-7B7D-4FCC-81B4-1E394CA267EB} = TortoiseSVN -> {HKLM…CLSID} = TortoiseSVN \InProcServer32\(Default) = C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll [http://tortoisesvn.net] {3035134F-7B7D-4FCC-81B4-1E394CA267EB} = TortoiseSVN -> {HKLM…CLSID} = TortoiseSVN \InProcServer32\(Default) = C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll [http://tortoisesvn.net] {30351350-7B7D-4FCC-81B4-1E394CA267EB} = TortoiseSVN -> {HKLM…CLSID} = TortoiseSVN \InProcServer32\(Default) = C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll [http://tortoisesvn.net] {C5994560-53D9-4125-87C9-F193FC689CB2} = TortoiseOverlays -> {HKLM…CLSID} = TortoiseSVN \InProcServer32\(Default) = C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [http://tortoisesvn.net] {C5994561-53D9-4125-87C9-F193FC689CB2} = TortoiseOverlays -> {HKLM…CLSID} = TortoiseSVN \InProcServer32\(Default) = C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [http://tortoisesvn.net] {C5994562-53D9-4125-87C9-F193FC689CB2} = TortoiseOverlays -> {HKLM…CLSID} = TortoiseSVN \InProcServer32\(Default) = C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [http://tortoisesvn.net] {C5994563-53D9-4125-87C9-F193FC689CB2} = TortoiseOverlays -> {HKLM…CLSID} = TortoiseSVN \InProcServer32\(Default) = C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [http://tortoisesvn.net] {C5994564-53D9-4125-87C9-F193FC689CB2} = TortoiseOverlays -> {HKLM…CLSID} = TortoiseSVN \InProcServer32\(Default) = C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [http://tortoisesvn.net] {C5994565-53D9-4125-87C9-F193FC689CB2} = TortoiseOverlays -> {HKLM…CLSID} = TortoiseSVN \InProcServer32\(Default) = C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [http://tortoisesvn.net] {C5994566-53D9-4125-87C9-F193FC689CB2} = TortoiseOverlays -> {HKLM…CLSID} = TortoiseSVN \InProcServer32\(Default) = C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [http://tortoisesvn.net] {C5994567-53D9-4125-87C9-F193FC689CB2} = TortoiseOverlays -> {HKLM…CLSID} = TortoiseSVN \InProcServer32\(Default) = C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [http://tortoisesvn.net] {C5994568-53D9-4125-87C9-F193FC689CB2} = TortoiseOverlays -> {HKLM…CLSID} = TortoiseSVN \InProcServer32\(Default) = C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [http://tortoisesvn.net] {09A47860-11B0-4DA5-AFA5-26D86198A780} = EPP -> {HKLM…CLSID} = (no title provided) \InProcServer32\(Default) = C:\PROGRA~1\MI8079~1\shellext.dll [MS] {472083B0-C522-11CF-8763-00608CC02F24} = avast -> {HKLM…CLSID} = avast \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software] {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes -> {HKLM…CLSID} = iTunes \InProcServer32\(Default) = C:\Program Files\iTunes\iTunesMiniPlayer.dll [Apple Inc.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook -> {HKLM…CLSID} = Groove GFS Stub Execution Hook \InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [MS] HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\ <<!>> BootExecute = PDBoot.exe [Raxco Software, Inc.]|autocheck autochk * HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = {807573E5-5146-11D5-A672-00B0D022E945} -> {HKLM…CLSID} = Microsoft Office InfoPath XML Mime Filter \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ <<!>> livecall\CLSID = {828030A1-22C1-4009-854F-8E305202313F} -> {HKLM…CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Windows Live\Messenger\msgrapp.dll [MS] <<!>> ms-help\CLSID = {314111c7-a502-11d2-bbca-00c04f8ec294} -> {HKLM…CLSID} = HxProtocol Class \InProcServer32\(Default) = c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [MS] <<!>> msnim\CLSID = {828030A1-22C1-4009-854F-8E305202313F} -> {HKLM…CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Windows Live\Messenger\msgrapp.dll [MS] <<!>> skype-ie-addon-data\CLSID = {91774881-D725-4E58-B298-07617B9B86A8} -> {HKLM…CLSID} = Skype IE add-on Pluggable Protocol \InProcServer32\(Default) = C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [skype Technologies S.A.] <<!>> skype4com\CLSID = {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -> {HKLM…CLSID} = IEProtocolHandler Class \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL [skype Technologies] <<!>> wlmailhtml\CLSID = {03C514A3-1EFB-4856-9F99-10D7BE1653C0} -> {HKLM…CLSID} = Windows Live Mail HTML Asynchronous Pluggable Protocol Handler \InProcServer32\(Default) = C:\Program Files\Windows Live\Mail\mailcomm.dll [MS] <<!>> wlpg\CLSID = {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -> {HKLM…CLSID} = Album Download IE Asynchronous Pluggable Protocol Interface \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll [MS] HKCU\Software\Classes\*\shellex\ContextMenuHandlers\ DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU…CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24} -> {HKLM…CLSID} = avast \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software] EPP\(Default) = {09A47860-11B0-4DA5-AFA5-26D86198A780} -> {HKLM…CLSID} = (no title provided) \InProcServer32\(Default) = C:\PROGRA~1\MI8079~1\shellext.dll [MS] Glary Utilities\(Default) = {72923739-5A47-40A3-9895-25AF0DFBB9E4} -> {HKLM…CLSID} = Glary Utilities Context Menu Shell Extension \InProcServer32\(Default) = C:\PROGRA~1\GLARYU~1\CONTEX~1.DLL [Glarysoft Ltd] Notepad++\(Default) = {00F3C2EC-A6EE-11DE-A03A-EF8F55D89593} -> {HKLM…CLSID} = Notepad++ \InProcServer32\(Default) = C:\Program Files\Notepad++\NppShell_04.dll [null data] PhotoStreamsExt\(Default) = {89D984B3-813B-406A-8298-118AFA3A22AE} -> {HKLM…CLSID} = ContextMenuHandler Class \InProcServer32\(Default) = C:\Program Files\Common Files\Apple\Internet Services\ShellStreams.dll [Apple Inc.] TortoiseSVN\(Default) = {30351349-7B7D-4FCC-81B4-1E394CA267EB} -> {HKLM…CLSID} = TortoiseSVN \InProcServer32\(Default) = C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll [http://tortoisesvn.net] WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM…CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM…CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\*\shellex\PropertySheetHandlers\ TortoiseSVN\(Default) = {30351349-7B7D-4FCC-81B4-1E394CA267EB} -> {HKLM…CLSID} = TortoiseSVN \InProcServer32\(Default) = C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll [http://tortoisesvn.net] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ 00avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24} -> {HKLM…CLSID} = avast \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software] MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3} -> {HKLM…CLSID} = MBAMShlExt Class \InProcServer32\(Default) = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM…CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [MS] HKCU\Software\Classes\Directory\shellex\ContextMenuHandlers\ DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU…CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ EPP\(Default) = {09A47860-11B0-4DA5-AFA5-26D86198A780} -> {HKLM…CLSID} = (no title provided) \InProcServer32\(Default) = C:\PROGRA~1\MI8079~1\shellext.dll [MS] TortoiseSVN\(Default) = {30351349-7B7D-4FCC-81B4-1E394CA267EB} -> {HKLM…CLSID} = TortoiseSVN \InProcServer32\(Default) = C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll [http://tortoisesvn.net] WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM…CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM…CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\ FileZilla3CopyHook\(Default) = {DB70412E-EEC9-479C-BBA9-BE36BFDDA41B} -> {HKLM…CLSID} = FileZilla 3 Shell Extension \InProcServer32\(Default) = C:\Program Files\FileZilla FTP Client\fzshellext.dll [null data] TortoiseSVN\(Default) = {30351349-7B7D-4FCC-81B4-1E394CA267EB} -> {HKLM…CLSID} = TortoiseSVN \InProcServer32\(Default) = C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll [http://tortoisesvn.net] WinSCPCopyHook\(Default) = {E15E1D68-0D1C-49F7-BEB8-812B1E00FA60} -> {HKLM…CLSID} = WinSCP Shell Extension \InProcServer32\(Default) = C:\Program Files\WinSCP\DragExt.dll [Martin Prikryl] HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\ TortoiseSVN\(Default) = {3035134A-7B7D-4FCC-81B4-1E394CA267EB} -> {HKLM…CLSID} = TortoiseSVN \InProcServer32\(Default) = C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll [http://tortoisesvn.net] WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM…CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] HKLM\SOFTWARE\Classes\Directory\shellex\PropertySheetHandlers\ TortoiseSVN\(Default) = {30351349-7B7D-4FCC-81B4-1E394CA267EB} -> {HKLM…CLSID} = TortoiseSVN \InProcServer32\(Default) = C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll [http://tortoisesvn.net] HKCU\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\ DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU…CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ NvCplDesktopContext\(Default) = {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} -> {HKLM…CLSID} = NVIDIA CPL Context Menu Extension \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation] TortoiseSVN\(Default) = {30351349-7B7D-4FCC-81B4-1E394CA267EB} -> {HKLM…CLSID} = TortoiseSVN \InProcServer32\(Default) = C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll [http://tortoisesvn.net] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM…CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {30351349-7B7D-4FCC-81B4-1E394CA267EB}\(Default) = (no title provided) -> {HKLM…CLSID} = TortoiseSVN \InProcServer32\(Default) = C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll [http://tortoisesvn.net] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info -> {HKLM…CLSID} = PDF Shell Extension \InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24} -> {HKLM…CLSID} = avast \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software] Glary Utilities\(Default) = {72923739-5A47-40A3-9895-25AF0DFBB9E4} -> {HKLM…CLSID} = Glary Utilities Context Menu Shell Extension \InProcServer32\(Default) = C:\PROGRA~1\GLARYU~1\CONTEX~1.DLL [Glarysoft Ltd] MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3} -> {HKLM…CLSID} = MBAMShlExt Class \InProcServer32\(Default) = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation] TortoiseSVN\(Default) = {30351349-7B7D-4FCC-81B4-1E394CA267EB} -> {HKLM…CLSID} = TortoiseSVN \InProcServer32\(Default) = C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll [http://tortoisesvn.net] WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM…CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM…CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\ TortoiseSVN\(Default) = {3035134A-7B7D-4FCC-81B4-1E394CA267EB} -> {HKLM…CLSID} = TortoiseSVN \InProcServer32\(Default) = C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll [http://tortoisesvn.net] WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM…CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] {E5BA42A9-BF3F-40B3-978A-CCD306F381A7}\(Default) = (no title provided) -> {HKLM…CLSID} = Compressed (LZH) Folder Right Drag Handler \InProcServer32\(Default) = C:\Windows\system32\lzhfldr2.dll [MS] Default executables: -------------------- .bat HKCU\Software\Classes\.bat\(Default) = batfile Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\ NoChangingWallpaper = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|Control Panel|Display| Disable changing wallpaper} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ NoDrives = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ NoDrives = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ DisableRegistryTools = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} DisableTaskMgr = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\ HomePage = (REG_SZ) 1 {Computer Configuration|Administrative Templates|Windows Components|Internet Explorer| Disable changing home page settings} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ ConsentPromptBehaviorAdmin = (REG_DWORD) dword:0x00000000 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode} EnableLUA = (REG_DWORD) dword:0x00000000 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Run All Administrators In Admin Approval Mode} PromptOnSecureDesktop = (REG_DWORD) dword:0x00000000 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Switch to the secure desktop when prompting for elevation} DisableRegistryTools = (REG_DWORD) dword:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ Wallpaper = C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ SCRNSAVE.EXE = C:\Windows\system32\logon.scr [file not found] Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ HPAutoplayPSE\ Provider = HP Photosmart Essential 2.01 InvokeProgID = HpqPSApl.Autoplay InvokeVerb = Play HKLM\SOFTWARE\Classes\HpqPSApl.Autoplay\shell\Play\DropTarget\CLSID = {A6873065-D632-4615-A3A9-C5F05EE109C1} -> {HKLM…CLSID} = (no title provided) \LocalServer32\(Default) = C:\Program Files\HP\Digital Imaging\bin\HpqPsApl.exe [Hewlett-Packard] iTunesBurnCDOnArrival\ Provider = iTunes InvokeProgID = iTunes.BurnCD InvokeVerb = burn HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L" [Apple Inc.] iTunesImportSongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.ImportSongsOnCD InvokeVerb = import HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L" [Apple Inc.] iTunesPlaySongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.PlaySongsOnCD InvokeVerb = play HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /playCD "%L" [Apple Inc.] iTunesShowSongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.ShowSongsOnCD InvokeVerb = showsongs HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L" [Apple Inc.] MSLivePhotoAcqHWEventHandler\ Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10 ProgID = Microsoft.LivePhotoAcqHWEventHandler HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqHWEventHandler\CLSID\(Default) = {3BD0ACD1-71CA-4475-92CC-E0AA0AAF843F} -> {HKLM…CLSID} = (no title provided) \LocalServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [MS] MSLivePhotoAcquireDropHandler\ Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10 InvokeProgID = Microsoft.LivePhotoAcqDTShim.1 InvokeVerb = open HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625} -> {HKLM…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] MSLiveShowPicturesOnArrival\ Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10 InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1 InvokeVerb = open HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7} -> {HKLM…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] MSLiveVideoCameraArrivalCaptureWizard\ Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10 ProgID = WLXAutoPlayMgr.WLXHWEventHandler InitCmdLine = WLXVideoAcquireWizard HKLM\SOFTWARE\Classes\WLXAutoPlayMgr.WLXHWEventHandler\CLSID\(Default) = {9B5C97F6-B3A5-4A6D-8B03-993EC7291A22} -> {HKLM…CLSID} = WLXWEventHandler Class \LocalServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\WLXVideoCameraAutoPlayManager.exe" [MS] VLCPlayCDAudioOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.CDAudio InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file cdda:///%1 [VideoLAN] VLCPlayDVDAudioOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] VLCPlayDVDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.DVDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file dvd:///%1 [VideoLAN] VLCPlayMusicFilesOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] VLCPlaySVCDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.SVCDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.SVCDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN] VLCPlayVCDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.VCDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.VCDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN] VLCPlayVideoFilesOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] WIA_{7B8D3C88-5134-4626-B585-0BB47BE06D5C}\ Provider = Microsoft Word CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\Program Files\Microsoft Office\Office14\WINWORD.EXE /IMG_WIA; -> {HKLM…CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] WinampMTPHandler\ Provider = Winamp ProgID = Shell.HWEventHandlerShellExecute InitCmdLine = C:\Program Files\Winamp\winamp.exe HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} -> {HKLM…CLSID} = Shell Execute Hardware Event Handler \LocalServer32\(Default) = C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS] WinampPlayMediaOnArrival\ Provider = Winamp InvokeProgID = Winamp.File InvokeVerb = Play HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = "C:\Program Files\Winamp\winamp.exe" "%1" [Nullsoft, Inc.] HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = {46986115-84D6-459c-8F95-52DD653E532E} -> {HKLM…CLSID} = (no title provided) \LocalServer32\(Default) = "C:\Program Files\Winamp\winamp.exe" [Nullsoft, Inc.] Startup items in "Ben" & "All Users" startup folders: ----------------------------------------------------- C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup {++} Dropbox -> shortcut to: C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [Dropbox, Inc.] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup {++} UltraMon -> shortcut to: C:\Windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico /auto [null data] Windows Sidebar Gadgets: {++} ------------------------ C:\Users\Ben\AppData\Local\Microsoft\Windows Sidebar\Settings.ini "C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CClock.Gadget" "C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CCurrency.Gadget" "C:%5CUsers%5CBen%5CAppData%5CLocal%5CMicrosoft%5CWindows%20Sidebar%5CGadgets%5CAll_CPU_Meter_V4.5.gadget" "C:%5CUsers%5CBen%5CAppData%5CLocal%5CMicrosoft%5CWindows%20Sidebar%5CGadgets%5CNetwork_Meter_V8.5.gadget" "C:%5CUsers%5CBen%5CAppData%5CLocal%5CMicrosoft%5CWindows%20Sidebar%5CGadgets%5CDrives_Meter_V4.1.gadget" Non-disabled Scheduled Tasks: {++} ----------------------------- C:\Windows\System32\Tasks Adobe Flash Player Updater -> launches: C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated] avast! Emergency Update -> (HIDDEN!) launches: C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [AVAST Software] GlaryInitialize -> launches: C:\Program Files\Glary Utilities\initialize.exe [Glarysoft Ltd] GoogleUpdateTaskMachineCore -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /c [Google Inc.] GoogleUpdateTaskMachineUA -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.] GoogleUpdateTaskUserS-1-5-21-956322425-969636760-2544637902-1000Core -> launches: C:\Users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe /c [Google Inc.] GoogleUpdateTaskUserS-1-5-21-956322425-969636760-2544637902-1000UA -> launches: C:\Users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.] SidebarExecute -> launches: C:\Program Files\Windows Sidebar\sidebar.exe [MS] User_Feed_Synchronization-{2DD9BCB2-E15F-44F5-AD0F-87C99CDA2616} -> (HIDDEN!) launches: C:\Windows\system32\msfeedssync.exe sync [MS] {038A4749-472C-4F7F-B5E1-A5EC17603F55} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Program files\Bohemia Interactive\ArmA 2\UnInstall_OA.exe" [MS] {0E617D00-A9E4-41D2-BB06-F904F1EB3312} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Program Files\Steam\steam.exe" -c steam://uninstall/42710 [MS] {2B2172DE-8155-4238-84B2-08E8B2D72D84} -> launches: C:\Windows\system32\pcalua.exe -a C:\Users\Ben\Desktop\Left2Die_v100_to_v101_patch\Setup.exe -d C:\Users\Ben\Desktop\Left2Die_v100_to_v101_patch [MS] {A394F893-50AC-4AA2-8B77-1962086C58FD} -> launches: C:\Program Files\Steam\steamapps\common\payday the heist\payday_win32_release.exe [null data] {C3A4B18C-FD4D-4F76-9FF0-8950DD4A88B3} -> launches: C:\Program Files\Steam\steamapps\common\payday the heist\payday_win32_release.exe [null data] {E2D65346-2165-49B9-94D4-5A76CBA10FFB} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Games\Dragon Age\DAO-Modmanager_1_9d-277\mods\dazip\Dragon_Age_Redesigned_-686\Dragon Age Redesigned Version 7.3d\Dragon Age Origins\Companion NPCs for Origins\Zevran\Dragon Age Redesigned- Zevran.exe" -d "C:\Games\Dragon Age\DAO-Modmanager_1_9d-277\mods\dazip\Dragon_Age_Redesigned_-686\Dragon Age Redesigned Version 7.3d\Dragon Age Origins\Companion NPCs for Origins\Zevran" [MS] {F1CAE40F-D954-4EBF-9BE3-3F6E5BAB5327} -> launches: C:\Windows\system32\pcalua.exe -a C:\Users\Ben\Downloads\Sequoia1.3Install.exe -d C:\Users\Ben\Downloads [MS] {FC5C98D8-B45F-441C-B8F2-5E1F92F562C2} -> launches: C:\Windows\system32\pcalua.exe -a F:\Setup.exe -d F:\ [MS] C:\Windows\System32\Tasks\Apple AppleSoftwareUpdate -> launches: C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task [Apple Inc.] C:\Windows\System32\Tasks\Microsoft\Microsoft Antimalware MpIdleTask -> launches: C:\Program Files\Microsoft Security Client\MpCmdRun.exe -IdleTask -TaskName MpIdleTask [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C} -> {HKLM…CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience AitAgent -> launches: aitagent [MS] ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Autochk Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM…CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM…CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS] KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c} -> {HKLM…CLSID} = KernelCeipCustomHandler \InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS] UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8} -> {HKLM…CLSID} = UsbCeip \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3} -> {HKLM…CLSID} = ScheduledDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Location Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Media Center ActivateWindowsSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS] ConfigureInternetTimeService -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS] DispatchRecoveryTasks -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS] ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS] InstallPlayReady -> launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS] mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS] MediaCenterRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS] ObjectStoreRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS] OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS] OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS] PBDADiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS] PBDADiscoveryW1 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS] PBDADiscoveryW2 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS] PvrRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS] PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS] RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS] ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS] SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS] UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM…CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS] DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM…CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E} -> {HKLM…CLSID} = HotStart User Agent \InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MUI Lpksetup -> launches: C:\Windows\System32\lpksetup.exe -v [MS] LPRemove -> launches: %windir%\system32\lpremove.exe [MS] Mcbuilder -> launches: C:\Windows\System32\mcbuilder.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543} -> {HKLM…CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data] C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RAC RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6} -> {HKLM…CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Ras MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa} -> {HKLM…CLSID} = RasMobilityManager \InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Registry RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2} -> {HKLM…CLSID} = RegistryIdleBackupHandler \InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SideShow GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61} -> {HKLM…CLSID} = GadgetsManager Class \InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4} -> {HKLM…CLSID} = RunTask \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS] IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1} -> {HKLM…CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS] C:\Windows\System32\Tasks\Microsoft\Windows\UPnP UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WDI ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1} -> {HKLM…CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup ConfigNotification -> launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Wininet CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148} -> {HKLM…CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE Extractor Definitions Update Task -> launches: {3519154C-227E-47F3-9CC9-12C3F05817F1} -> {HKLM…CLSID} = Windows Live Social Object Extractor Engine Definition Updater \InProcServer32\(Default) = C:\Program Files\Windows Live\SOXE\wlsoxe.dll [MS] C:\Windows\System32\Tasks\PCMeter Startup -> launches: C:\Users\Ben\Downloads\PCMeter\PCMeter\PCMeterV0.3.exe [null data] C:\Windows\System32\Tasks\WPD SqmUpload_S-1-5-21-956322425-969636760-2544637902-1000 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000007\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] 000000000008\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] 000000000009\LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll [Apple Inc.] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 36 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ {8E5E2654-AD2D-48BF-AC2D-D17F00898D06} = (no title provided) -> {HKLM…CLSID} = avast! WebRep \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [AVAST Software] Explorer Bars HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = Groove Folder Synchronization Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {0000036B-C524-4050-81A0-243669A86B9F}\ ButtonText = @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 CLSIDExtension = {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} -> {HKLM…CLSID} = Windows Live Messenger Companion Command Bar Button \InProcServer32\(Default) = C:\Program Files\Windows Live\Companion\companioncore.dll [MS] {219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\ ButtonText = @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 MenuText = @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 CLSIDExtension = {5F7B1267-94A9-47F5-98DB-E99415F33AEC} -> {HKLM…CLSID} = BlogThisToolbarButton Class \InProcServer32\(Default) = C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [MS] {2670000A-7350-4F3C-8081-5663EE0C6C49}\ ButtonText = Send to OneNote MenuText = Se&nd to OneNote CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C} -> {HKLM…CLSID} = Send to OneNote from Internet Explorer button \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll [MS] {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ ButtonText = OneNote Lin&ked Notes MenuText = OneNote Lin&ked Notes CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52} -> {HKLM…CLSID} = Linked Notes button \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [MS] {898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ ButtonText = Skype Click to Call CLSIDExtension = {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -> {HKLM…CLSID} = Skype Browser Helper \InProcServer32\(Default) = C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [skype Technologies S.A.] Internet Explorer Address Prefixes: ----------------------------------- Prefix for specific service (i.e., "www") HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\ <<H>> = http://www.google.com/ Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated] Apple Mobile Device, Apple Mobile Device, "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [Apple Inc.] AsusSE, AsusSE, C:\Program Files\ASUS\PCE-N15 WLAN Card Utilities\RtlService.exe [Realtek] avast! Antivirus, avast! Antivirus, "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [AVAST Software] HP CUE DeviceDiscovery Service, hpqddsvc, C:\Windows\system32\svchost.exe -k hpdevmgmt {C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [Hewlett-Packard Co.]} hpqcxs08, hpqcxs08, C:\Windows\system32\svchost.exe -k hpdevmgmt {C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [Hewlett-Packard Co.]} Intel® Management and Security Application Local Management Service, LMS, C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe [intel Corporation] iPod Service, iPod Service, "C:\Program Files\iPod\bin\iPodService.exe" [Apple Inc.] LogMeIn Hamachi Tunneling Engine, Hamachi2Svc, "C:\Program Files\LogMeIn Hamachi\hamachi-2.exe" -s [LogMeIn Inc.] Microsoft Antimalware Service, MsMpSvc, "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [MS] NVIDIA Display Driver Service, nvsvc, "C:\Windows\system32\nvvsvc.exe" [NVIDIA Corporation] NVIDIA Stereoscopic 3D Driver Service, Stereo Service, "C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" [NVIDIA Corporation] O&O CleverCache, OOCleverCache, "C:\Program Files\OO Software\CleverCache\ooccag.exe" [O&O Software GmbH] PnkBstrA, PnkBstrA, C:\Windows\system32\PnkBstrA.exe [null data] SQL Server (SQLEXPRESS), MSSQL$SQLEXPRESS, "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [MS] SQL Server VSS Writer, SQLWriter, "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [MS] Windows Live ID Sign-in Assistant, wlidsvc, "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [MS] Safe Mode Drivers & Services (subkey name, subkey default value): ----------------------------------------------------------------- HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ <<!>> 63108623.sys, Driver <<!>> MsMpSvc, Service HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ <<!>> 63108623.sys, Driver <<!>> Hamachi2Svc, Service <<!>> MsMpSvc, Service <<!>> SprtListen, Service <<!>> SprtListenPush, Service <<!>> SupportSoft RemoteAssist, Service Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ LIDIL hpzll5ha\Driver = hpzll5ha.dll [Hewlett-Packard Company] ---------- (launch time: 2013-04-08 20:28:14) <<!>>: Suspicious data at a malware launch point. <<H>>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 29 seconds, including 5 seconds for message boxes) fsquirt did pop up after the Junkware run however.

I cant bypass the router, but I have tried to reset it both through the control panel and a hard reset. That hasn't stopped fsquirt popping up however.

Uninstalled Chrome, however fsquirt is still popping up in IE as my new default browser

Yes I am using a router. I have reset both browsers and tried to change my default one. fsquirt.exe still appears when the machine boots

Oh, forgot to upload the link. https://www.virustotal.com/en/file/d24af9b0461a0b132544e278cbaf1642e58aba27d2fb19cddf74af299bd5bf60/analysis/

I ran the fix as instructed, however the program crashed whilst running it. Here is the log after reboot All processes killed ========== OTL ========== Service WinRing0_1_2_0 stopped successfully! Service WinRing0_1_2_0 deleted successfully! File C:\Users\Ben\AppData\Local\Temp\tmp1479.tmp not found. Service VMnetAdapter stopped successfully! Service VMnetAdapter deleted successfully! File system32\DRIVERS\vmnetadapter.sys not found. Service VGPU stopped successfully! Service VGPU deleted successfully! File System32\drivers\rdvgkmd.sys not found. Service tsusbhub stopped successfully! Service tsusbhub deleted successfully! File system32\drivers\tsusbhub.sys not found. Service Synth3dVsc stopped successfully! Service Synth3dVsc deleted successfully! File System32\drivers\synth3dvsc.sys not found. Service catchme stopped successfully! Service catchme deleted successfully! File C:\Users\Ben\AppData\Local\Temp\catchme.sys not found. Service bDMusicb stopped successfully! Service bDMusicb deleted successfully! File C:\Users\Ben\AppData\Local\Temp\bDMusicb.sys not found. Service AmdLLD stopped successfully! Service AmdLLD deleted successfully! File system32\DRIVERS\AmdLLD.sys not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EE30F140-AFEC-44C0-AD4B-FAD74A6700B7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE30F140-AFEC-44C0-AD4B-FAD74A6700B7}\ not found. File PTYJAVA] not found. File ptytemp] not found. File PTYFLASH] not found. OTL by OldTimer - Version 3.2.69.0 log created on 04032013_194227 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... Also ran DrWebCureit and nothing was found. fsquirt is still popping up on boot however.