killerwave7

Hi Jeff, Yes that was a randomized name of GMER that I had downloaded a long time ago on my desktop (perfectly safe just never used it). Anyways, with recent events and final exams coming up I was very busy and the computer was becoming a bit too much to handle with the random BSOD's and overall slow performance. My cousin also needs this laptop very soon so I decided to actually reformat my computer with everything backed up and I am typing this reply with my system fully back to normal installed with all the protections and no problems at all. I sincerely thank you for helping me with the issue and I learned some things from you. I also realized you guys are really busy on the forums and I would rather you move on to help others who need it right now and I will be too busy studying for finals to be constantly worried about fixing my computer. Thanks again for the help, if some big problem comes up I'll be sure to post on the forums in the future! You can mark this as solved/closed. ~Andrew

Here are the contents of CKFiles.txt: CKScanner 2.1 - Additional Security Risks - These are not necessarily bad c:\users\andrew\desktop\andrew's folder\andrew's documents\ucla\4th year\fall\be 177a\comsol\doc\plugins\com.comsol.help.models.sme.single_edge_crack.jar c:\users\andrew\desktop\andrew's folder\andrew's documents\ucla\4th year\fall\be 177a\comsol\models\structural_mechanics_module\verification_models\single_edge_crack.mph c:\users\andrew\desktop\andrew's folder\andrew's documents\ucla\4th year\fall\be 177a\cosmol 4.3\doc\plugins\com.comsol.help.models.sme.single_edge_crack.jar c:\users\andrew\desktop\andrew's folder\andrew's documents\ucla\4th year\fall\be 177a\cosmol 4.3\models\structural_mechanics_module\verification_models\single_edge_crack.mph hosts 127.0.0.1 activate.adobe.com scanner sequence 3.ZZ.11.WBNAJL ----- EOF -----

Here is the Extras.Txt: OTL Extras logfile created on: 12/4/2012 5:09:29 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andrew\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19328) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.96 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 56.13% Memory free 8.14 Gb Paging File | 6.19 Gb Available in Paging File | 76.10% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451.07 Gb Total Space | 12.59 Gb Free Space | 2.79% Space Free | Partition Type: NTFS Drive D: | 14.65 Gb Total Space | 7.14 Gb Free Space | 48.72% Space Free | Partition Type: NTFS Computer Name: ANDREW | User Name: Andrew | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html[@ = Opera.HTML] -- Reg Error: Key error. File not found .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = Opera.HTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Users\Andrew\Desktop\Andrew's Folder\VLC Player\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Users\Andrew\Desktop\Andrew's Folder\VLC Player\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Users\Andrew\Desktop\Andrew's Folder\VLC Player\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Users\Andrew\Desktop\Andrew's Folder\VLC Player\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = 61 AE 7F C4 46 7C CA 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3288300068-1004485751-1404075410-1000] "EnableNotifications" = 0 "EnableNotificationsRef" = 2 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{033A1DC5-B556-4181-BA80-8609F3B46319}" = lport=2869 | protocol=6 | dir=in | app=system | "{04285E04-20D9-4DBA-AD47-4CE0884DB810}" = lport=10243 | protocol=6 | dir=in | app=system | "{13F97B1D-7369-4CE8-B371-8B10B3D29E9A}" = rport=138 | protocol=17 | dir=out | app=system | "{1E343507-E92F-4A16-9708-4EA7029C803C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{21B58295-DC04-4725-85B5-362DDF2A7C55}" = lport=139 | protocol=6 | dir=in | app=system | "{25B56155-CBB9-4C9C-AC83-4BFB36EFEFE4}" = rport=10243 | protocol=6 | dir=out | app=system | "{29BA54F6-6924-4331-908C-50D46D3D6C87}" = lport=138 | protocol=17 | dir=in | app=system | "{2DD39019-D5AF-4710-AA2A-B866CBF6BA2E}" = rport=137 | protocol=17 | dir=out | app=system | "{2E413E2D-BA39-4174-AB63-5111FEA3113A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5AA1FA9C-B3D8-4102-9C7C-593FED5EB232}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8A974AEE-C38E-46F1-85CD-1F033F077D99}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{8CB2EEAC-2B11-4FD2-B67A-C9040A7F37E1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A0F198A6-7309-488F-A7EF-1AF46D90D73B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A5578829-5C9B-47F1-BCD7-AF2E808DFFE6}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{BB576831-C4D4-46C7-AAC0-48B40D29ED45}" = lport=2869 | protocol=6 | dir=in | app=system | "{BDE94DA1-EE8B-4471-936A-7CF996D12ADD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{C2BE46E4-B0C0-486C-82B7-8A87C94FD2E8}" = lport=445 | protocol=6 | dir=in | app=system | "{CD8B1817-371D-487A-969B-5A12582C2BBE}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | "{D7A7640D-16B4-4C0B-BF71-4A9C1B59CE92}" = rport=445 | protocol=6 | dir=out | app=system | "{E035623F-7D56-46E5-8D6A-42AD6A9670D3}" = rport=139 | protocol=6 | dir=out | app=system | "{E49829DF-5969-4BFB-B9B2-A3CC3B9C73C7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{EA6DDA76-DDEE-4E50-9211-53DE42478054}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{EC29786B-56FB-4C91-A06D-9A5D564CD076}" = lport=137 | protocol=17 | dir=in | app=system | "{F88CC2A2-EBC6-47C5-8A19-BDFC56C05374}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{FFC10551-126A-4567-981A-F4B90D1F8A3A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{006D70AC-0C25-4E6C-B477-40FFC7E19A6C}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{0100C0BA-2980-4AA3-A666-0E1A4FCD0920}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | "{030C4C64-427B-49E9-BCFD-550D8594604E}" = protocol=17 | dir=in | app=c:\users\andrew\desktop\andrew's folder\other\steam\steam.exe | "{060368ED-9943-4B0F-BF8A-0A8625178DBD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{061C645E-6E35-4FBF-89A2-57F5D6B30708}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | "{0658D08F-11FB-414B-AF81-14FFBC7C59FF}" = protocol=6 | dir=in | app=c:\users\andrew\desktop\andrew's folder\starcraft ii\versions\base23260\sc2.exe | "{075645E5-ECBB-4B7D-9077-709A12A91D34}" = protocol=6 | dir=in | app=c:\users\andrew\desktop\andrew's folder\other\steam\steamapps\common\dota 2 beta\dota.exe | "{082A9F7F-8C13-44D1-9506-7EF4E7301B1B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{0E30156E-74FD-4E93-A841-EB81AD7EF468}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{1154216A-4545-48A7-B69A-44D9E2D63FBF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{1196E0EF-D122-4759-B068-B06506BBFE89}" = protocol=6 | dir=in | app=c:\users\andrew\desktop\andrew's folder\starcraft ii\starcraft ii.exe | "{12B54522-37E4-475A-8F91-47DC46A6B5DE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1817C135-9A15-4BAB-AD5F-37DE13F20305}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{191AC33A-4632-4878-9513-062C5720EFB0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{194916E1-B690-46AA-96E1-18FDA51919D6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{199E9F9C-FE4D-4E22-93C5-E04CE480FEF2}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{1DAC6236-DDF8-441E-AB4D-29FB7E47DE77}" = protocol=17 | dir=in | app=c:\users\andrew\desktop\andrew's folder\starcraft ii\starcraft ii.exe | "{21F0D70F-490A-4D63-8385-3E9143FBD0EE}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{2CB4500A-2790-45D6-A413-89BD35EADF16}" = protocol=17 | dir=in | app=c:\users\andrew\appdata\roaming\dropbox\bin\dropbox.exe | "{2F4A5458-82A4-49E4-96FE-06FF8CCA2427}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{2F7191F1-A056-4CA6-AFA8-C461BDFE2A15}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe | "{2F94C4A9-4369-4BA4-A951-5D3798E22EEC}" = protocol=6 | dir=in | app=c:\users\andrew\desktop\andrew's folder\other\steam\steam.exe | "{3336F4A3-437E-452F-AC71-C90B13EC80F8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | "{356A8C3B-688C-4E62-A2D1-4596ED8AFE5F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{36AE4E44-A12F-419F-8E32-03C9D14ACDD7}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe | "{3A566422-58B6-4E4E-B8ED-21443A5260CC}" = protocol=6 | dir=in | app=c:\users\andrew\desktop\andrew's folder\other\cc file transfer\ccfile.exe | "{3D1055A2-3F57-4E75-B2E9-BD78C21EB3DB}" = protocol=17 | dir=in | app=c:\users\andrew\desktop\andrew's folder\other\steam\steamapps\common\dota 2 beta\dota.exe | "{3E74A609-1F34-4E40-992A-C5C09D53DA86}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "{40AD68F1-4C21-489C-9730-08A4768EE7B1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{41CB3E61-6830-478D-923D-776E34A95666}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | "{437E7989-E36F-4287-91DF-DC95D1D637A6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | "{44A7745E-4DAC-418D-8FCB-F1B251E41937}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe | "{47A65F5F-C526-4D01-A8DB-91D5C9F97A25}" = dir=in | app=e:\setup\hpznui40.exe | "{495F72F6-B065-4E30-A4B5-EF97F40B09A8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | "{4A863647-BE4F-47E8-9229-4FE7F32B3E10}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{4CBC2484-6553-4E00-9BD6-6E54A1DE3607}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{4F5A371F-CDD3-4FB3-9569-B394E7D854D4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{5013B0AB-477D-4914-9ECD-2F8A237E4E63}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{50E0B964-CD48-4801-A9DC-835841909CAE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{51D961ED-2AA0-478B-B286-4855DF25682E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{55550022-9D8A-4EDF-96DE-FBC4DB7D0235}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{577F4F37-38EA-4FC2-A6D1-833B6E9575DA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{5A0C159B-6D70-4DBE-A74E-2AA7067EE6F3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{5A42AA8A-FF90-47D6-8455-26EE96DD6A88}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | "{5CCB30B9-60D1-429D-BD66-6A320A46D6E8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5D66FFAC-9A5D-4998-A34C-F70AEB62C884}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | "{5F2F2403-61D7-49F4-AD99-5CDC824C50C6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{607775FB-C89C-441B-B641-1F51BE41CD42}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{62E5D69A-46E7-4A2C-83A9-8DE05E2546F6}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{6526F251-A638-4A21-8F9C-A8EC526EC57B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{660658D6-EDD7-4B59-B6ED-35D572348C13}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{68C03361-EA3D-4726-983A-FC28E594AF7F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{6AB486B0-FD8F-4EA6-8780-AB5F6011AAE7}" = protocol=6 | dir=in | app=c:\users\andrew\desktop\andrew's folder\other\ventrilo\ventrilo.exe | "{6AB58D18-6F49-48AD-B1AB-0673B92727EE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{6B7236A9-0F9F-4318-9EDF-F6F9498FFDF1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | "{6EA47B26-6DFA-40A8-8BA0-F2C3842D318F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{7205148D-DD67-440B-AA3D-C31285A0306B}" = protocol=6 | dir=in | app=c:\users\andrew\appdata\roaming\dropbox\bin\dropbox.exe | "{721466AD-16A7-4A2B-B070-759E126ECFA5}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe | "{747012B2-57BC-42F8-AD56-282482F832B5}" = protocol=17 | dir=in | app=c:\users\andrew\desktop\andrew's folder\starcraft ii\starcraft ii public test.exe | "{7617863C-0192-438F-9B53-90147FFC9E77}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | "{7A96BFB3-692C-4E28-93EE-5B74D8A2C3A8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{7B7FDC8E-3175-45B2-BC2D-3F4212354BE9}" = protocol=17 | dir=in | app=c:\users\andrew\desktop\andrew's folder\other\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe | "{7BED94E0-B146-42B8-A5A0-124EEE7799FD}" = protocol=17 | dir=in | app=c:\users\andrew\desktop\andrew's folder\teamviewer\version7\teamviewer.exe | "{7C7322CE-94AC-4928-AFF8-59BEACC0AE9D}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe | "{838D24CC-2BFE-42D5-BFED-5C3BE30D8F6E}" = protocol=6 | dir=in | app=c:\users\andrew\desktop\andrew's folder\other\steam\steamapps\common\dota 2 test\dota.exe | "{84A9ABEF-9662-4AF9-8360-0C14DA508675}" = protocol=6 | dir=in | app=c:\users\andrew\desktop\andrew's folder\teamviewer\version7\teamviewer.exe | "{85A1B548-4FEE-41FA-BC1C-BB5C4D5BC284}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | "{8787E547-FA11-4091-9F34-9F7A0BF14EAD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{88AABB58-3CDD-4234-81A0-38708B4BCA62}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{8CFE8176-563C-456A-8BCA-52508BD73476}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{8D6AC89F-E65E-4564-A5A2-762424643442}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{8F79AEFF-1086-40A1-B7BD-3AD7010DB635}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe | "{8FFF04CA-36B9-4975-8102-B442DA24E8A5}" = protocol=6 | dir=in | app=c:\users\andrew\desktop\andrew's folder\avg\avgmfapx.exe | "{914FFB70-1EE0-4B3A-8419-98DC2D5D1F42}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{98911418-62FF-46D9-BAA3-F9172F8EAF56}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{98F350E6-9C29-402B-9232-8F2C4EE9B5F3}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{99658928-5D0C-4F0A-A97F-A066432275A7}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe | "{A2DD8378-0B24-492C-B725-39C07F1ECA6A}" = protocol=6 | dir=in | app=c:\users\andrew\desktop\andrew's folder\starcraft ii\starcraft ii public test.exe | "{A6B77210-39AC-43A1-B3E0-456649E7B3A5}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | "{A6FC99B8-51B2-44A5-AEB6-03C5880C5120}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe | "{A8359FA8-32F7-476F-A6A0-C99B0293DD60}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "{ADE24DFA-C839-44E9-BBBD-E00FAA11EDF0}" = protocol=17 | dir=in | app=c:\users\andrew\desktop\andrew's folder\avg\avgmfapx.exe | "{AE602988-AF4A-49FC-8DBA-9C816294723C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{B066BF44-0367-4266-965E-33A1A30D98AB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B08C0AC1-7408-4F5E-84D2-416C73EF1D6A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | "{B12032C1-5F69-4511-814B-BF182A61A5AB}" = protocol=6 | dir=in | app=c:\users\andrew\desktop\andrew's folder\other\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe | "{B2A8DD44-8507-4446-8C09-ABE36491B2E5}" = protocol=17 | dir=in | app=c:\users\andrew\desktop\andrew's folder\teamviewer\version7\teamviewer_service.exe | "{B2E819C2-E665-4C57-B8B1-B1CF60B127B1}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{B342CB6F-DD79-4A9E-9CFF-1AC002B1AE61}" = protocol=17 | dir=in | app=c:\users\andrew\desktop\andrew's folder\starcraft ii\versions\base23260\sc2.exe | "{B4796A03-7041-489C-8047-50BEAAB26A96}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{BD38D575-1334-425B-8BBC-7B6D8F7BEEC9}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | "{BD9297EB-432E-4772-809E-F9CE19AD8EC7}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "{BDF30A59-40C1-4936-A1A1-2CB7FD8B1738}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{C14466E3-095E-4F75-B3B0-B0CDF1B032E6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{C1F3F01E-E4DF-461E-A67C-48A84FBB740E}" = protocol=17 | dir=in | app=c:\users\andrew\desktop\andrew's folder\other\ventrilo\ventrilo.exe | "{C264CB81-0E99-4EEE-8543-CF9E8C5C2207}" = protocol=17 | dir=in | app=c:\users\andrew\desktop\andrew's folder\other\steam\steamapps\common\dota 2 test\dota.exe | "{C272FF77-7BC6-47FD-8713-80F077DD6E9A}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{C4E29ACE-E7E7-47A4-888F-C5E4DA4796D4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{C4F3F25C-15A8-4E2A-B085-D3B92D7DB1C0}" = dir=in | app=c:\program files (x86)\itunes.exe | "{C965532A-F844-4108-918D-A705BF094A77}" = protocol=6 | dir=in | app=c:\users\andrew\desktop\andrew's folder\teamviewer\version7\teamviewer_service.exe | "{CEB07147-894F-4255-ABE6-62D141CA2B6A}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe | "{D032D23C-AC66-42EE-9DEE-7A805A915D3F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{D0D59C89-BA2F-473A-9E48-0671D7796C6D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{D109F4C3-C41D-4BDF-A96B-AE1847546DB0}" = protocol=17 | dir=in | app=c:\users\andrew\desktop\andrew's folder\other\cc file transfer\ccfile.exe | "{D5952CA3-EDA3-4338-87CE-0661F1B32CDD}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe | "{D897F623-840D-4A03-8F5B-8B4902DEBDAF}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe | "{DAFD281C-0DC9-4625-811E-73E9FF164986}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe | "{DD1C46F2-3D77-4551-8D83-7C8121F53912}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E23239B5-A601-4A4E-9F17-40D959FBA4B6}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | "{E2FF4DEA-59B2-4924-922A-110C4D9AC052}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{E3B086FF-98A6-412B-AAFF-940593F6810C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | "{E43AA2C9-7719-403E-83C1-12FC3A731A28}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{EA6DE15A-F3C6-4780-9703-0AD730C06D27}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{EA6E7AFA-EE18-46CA-B824-5A344F25F100}" = protocol=6 | dir=out | app=system | "{EB8E8597-1C80-4AD4-BB26-0F9CBB297DDE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{F65ABACF-FF97-4A58-8B5B-A15ADA9B5940}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{F9F35638-CAEF-4C77-9E56-961DC8D76D93}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | "{FD659447-523F-4605-BA60-FE6F53064D8C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{63BCF5DC-5242-4329-9AC8-2560B6332FCB}C:\users\andrew\desktop\andrew's folder\andrew's documents\ucla\4th year\fall\be 177a\comsol\bin\win64\comsol.exe" = protocol=6 | dir=in | app=c:\users\andrew\desktop\andrew's folder\andrew's documents\ucla\4th year\fall\be 177a\comsol\bin\win64\comsol.exe | "TCP Query User{8906E3D4-AD28-499E-9A39-C859CA6D3C7D}C:\users\andrew\desktop\andrew's folder\warcraft iii\listchecker\pickup.listchecker.exe" = protocol=6 | dir=in | app=c:\users\andrew\desktop\andrew's folder\warcraft iii\listchecker\pickup.listchecker.exe | "TCP Query User{BFFC5068-5009-49AC-AEA9-B22394D431CB}C:\users\andrew\desktop\andrew's folder\league of legends\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\users\andrew\desktop\andrew's folder\league of legends\lolreplay\lolreplay.exe | "TCP Query User{D22CE826-F05C-44E7-BECD-92D7FDEB1DED}C:\users\andrew\desktop\andrew's folder\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\users\andrew\desktop\andrew's folder\warcraft iii\war3.exe | "UDP Query User{0A943845-E908-461C-BDF9-66D82D73CDB0}C:\users\andrew\desktop\andrew's folder\league of legends\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\users\andrew\desktop\andrew's folder\league of legends\lolreplay\lolreplay.exe | "UDP Query User{1CB329DA-6BEA-42A5-BDED-7B583285AFA8}C:\users\andrew\desktop\andrew's folder\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\users\andrew\desktop\andrew's folder\warcraft iii\war3.exe | "UDP Query User{3B45B629-461F-46E4-A499-0841ED7CE926}C:\users\andrew\desktop\andrew's folder\andrew's documents\ucla\4th year\fall\be 177a\comsol\bin\win64\comsol.exe" = protocol=17 | dir=in | app=c:\users\andrew\desktop\andrew's folder\andrew's documents\ucla\4th year\fall\be 177a\comsol\bin\win64\comsol.exe | "UDP Query User{FA081ECF-5346-4DA4-97B7-4E78FFA955AA}C:\users\andrew\desktop\andrew's folder\warcraft iii\listchecker\pickup.listchecker.exe" = protocol=17 | dir=in | app=c:\users\andrew\desktop\andrew's folder\warcraft iii\listchecker\pickup.listchecker.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0857F88E-C72B-B4C4-6019-5A6D2050229C}" = AMD Catalyst Install Manager "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{2012D762-5DCA-455A-B5FE-EDF79BC93E18}" = HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6 "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables "{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition) "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{538B8C10-1BA5-131D-4B4C-F07770926D06}" = ccc-utility64 "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer "{565343AF-BB01-4638-A87A-06D04494796A}" = Desktop Restore "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440 "{604CB4FC-3D32-405F-A109-165F170529B6}" = WD SmartWare "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset "{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B305FB9-297D-4F86-BC8B-740E7A1EF200}" = AVG 2013 "{A269F383-3E55-DAFF-F948-655FDB3DB58A}" = ccc-utility64 "{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64 "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{BB0CAB96-2EDE-4DDF-B6F3-AEE02C0F1CA4}" = AVG 2013 "{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1 "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock "AVG" = AVG 2013 "CCleaner" = CCleaner "CPUID HWMonitor_is1" = CPUID HWMonitor 1.16 "Creative OA001" = Integrated Webcam Driver (1.06.03.0309) "doPDF 7 printer_is1" = doPDF 7.1 printer "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Print Projects" = HP Print Projects 1.0 "HP Smart Web Printing" = HP Smart Web Printing 4.60 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1 "PC-Doctor for Windows" = Dell Support Center "Shop for HP Supplies" = Shop for HP Supplies "SynTPDeinstKey" = Dell Touchpad [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64) "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{06096D5E-09ED-9A82-6946-6568EBB7CB2C}" = Catalyst Control Center InstallProxy "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE "{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0DF1DAD2-17FD-E64F-C6A2-A42D94474229}" = Skins "{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6 "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup "{1111706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3 "{15353551-375C-8E5A-5CAF-A4564C1CC2A5}" = ccc-core-static "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1C279CAE-F230-0255-0F19-634750A69747}" = CCC Help Portuguese "{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{206936E5-73DF-07D8-29B6-34E802541EBB}" = CCC Help English "{20D8E6B9-5E1A-4CE5-83D8-EF3626B6CEF9}" = Catalyst Control Center - Branding "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31 "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7 "{28D58BB6-06C3-49F3-3EF2-93F3158B6505}" = Catalyst Control Center Core Implementation "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86 "{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64) "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{3180427D-DDE9-4704-A30F-B4C46CC29C41}" = Catalyst Control Center Graphics Full Existing "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed "{34E38BB7-98FD-03C2-13D1-B68789668CEE}" = CCC Help Italian "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode "{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU "{3BB37700-F05F-213F-FF1C-684698BAC17E}" = CCC Help Japanese "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision "{44A69352-33DD-405E-ADB8-2D768643BBAE}_is1" = AnyBizSoft PDF to Word (Build 3.0.0) "{46A869A1-3F59-44A4-64D7-120FE0057B2F}" = CCC Help German "{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU "{485B9C29-6B47-22AF-022A-F9D65292F3A7}" = CCC Help English "{4893B2BB-5C9B-7E6C-4BAD-BDFBAB33184A}" = Catalyst Control Center Localization All "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A1CBB5F-3620-4E19-A4A6-0D2AFDCCE6B7}" = Brother HL-2140 "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4AF97226-2624-AD56-9003-E581DEB96E8C}" = CCC Help Korean "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{4DD386D7-8D6D-985B-418B-94BCA7CEDB8E}" = ccc-core-static "{4FC41915-5EFB-27A4-1C4B-B06DB9673CD7}" = CCC Help Spanish "{52E9A798-88C7-4EE6-94D4-2D54FEC8EE52}" = Ragnarok Online "{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress "{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1 "{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69535FEF-6533-8F4F-D96B-2C345D89617A}" = CCC Help Chinese Traditional "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6CA2A34B-93EC-C934-8251-08960730AB69}" = CCC Help Danish "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{739777CE-1678-65B2-B97E-C0E1545EECDF}" = Catalyst Control Center Graphics Light "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights "{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{7FA65461-34D3-43A2-A513-3E8CFE53FFED}" = Revo Uninstaller Pro w Loader "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{82B39CBA-144C-4D34-8C5D-31D2CAEC2AFB}" = PyMOL (32 bit) "{82E80931-6DFE-5E67-7C37-F66ABF135331}" = CCC Help Swedish "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8ECD943A-0C75-CAD5-FC01-91CBFEDFBC9E}" = CCC Help Chinese Standard "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{93F0A673-84B6-90E5-C701-457F796D1430}" = CCC Help Dutch "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6 "{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9DF04B9A-3B45-3D00-8A0F-9EB596626DA7}" = Catalyst Control Center Graphics Full New "{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap "{A1E21995-127E-4B7F-8C4D-CB04AA8A58EF}_is1" = Advanced System Optimizer "{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor "{A55F4F9F-CCA8-4732-AA1F-0390A4A50947}" = C4700 "{A669EFEC-39AA-D25B-5F81-450FAABF1E3E}" = CCC Help Russian "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A8C4C48C-EE3D-F934-D312-99B7793E9740}" = Skins "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A909E7C7-F541-4B53-EA99-4F531E5E242B}" = CCC Help French "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA0B63ED-2485-5E3B-DB58-F8962C32CDF9}" = Catalyst Control Center Localization All "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI "{AB7D24EC-BB5A-E746-C5D2-526BBE6C36AD}" = Catalyst Control Center Graphics Previews Vista "{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status "{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins "{B131BD51-21C7-FE1C-91A7-1B1361A9B283}" = Catalyst Control Center Graphics Previews Common "{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center "{B5790265-B654-4377-9EF0-085A6AB6FA8E}" = Plants Vs. Zombies "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy "{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit "{B7A9964C-A9A7-4714-B494-50067238876E}" = Fantasy Earth Zero "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 "{B8B4902F-D1B7-41C9-8144-887C7CC0CE0C}" = Mp3/Tag Studio 3.5 (beta 21) "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects "{CA1D5579-2901-06E0-A3B7-ACA65136FFB6}" = CCC Help Finnish "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection "{ce23d75b-fd92-440e-b48b-897c4d3be6b6}" = Nero 9 Trial "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack "{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D23B5897-4D59-25D5-9478-BA1E5EC58552}" = CCC Help Norwegian "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E36F3199-C282-47CA-BAC7-2B77D247E760}" = PS_AIO_06_C4700_SW_Min "{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit "{E5C04820-9EDB-BB72-647E-7DC9BCBCE983}" = Catalyst Control Center Graphics Previews Vista "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0 "{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse® "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget "{F18FB90C-2DC4-4CFF-908F-2FB7DEEF26E0}" = Musical Scales "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F6BB6248-C507-46FE-8A35-1B16F35E0441}" = ITECIR "{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "7B5A8C4E-6C07-47CB-8F2C-2AFD18A0C473" = Blackhawk Striker 2 from WildGames (remove only) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Advanced Audio FX Engine" = Advanced Audio FX Engine "AI RoboForm" = AI RoboForm (All Users) "AIM_7" = AIM 7 "Brother 1440" = Brother 1440 "BROWNIE" = Brownie "CCFile_is1" = CCFile 3.6 "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "COMSOL42" = COMSOL 4.2 "COMSOL43a" = COMSOL 4.3a "Dell Video Chat" = Dell Video Chat "Dell Webcam Central" = Dell Webcam Central "Diablo II" = Diablo II "EasyBCD" = EasyBCD 2.2 "Final Fantasy VII_is1" = Final Fantasy VII - Ultima Edition "GoToAssist" = GoToAssist 8.0.0.514 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "Impulse®" = Impulse® "InstallWIX_{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan "IOGEAR Auto Printer Sharing Switch_is1" = IOGEAR Printer Sharing Switch 1.0.0.1 "Java Web Start" = Java Web Start "KeyFinder_is1" = Magical Jelly Bean KeyFinder "LOLReplay" = LOLReplay "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000 "Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU "Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1 "Monopoly by Parker Brothers" = Monopoly by Parker Brothers "PIXresizer_is1" = PIXresizer 2.0.4 "PowerISO" = PowerISO "Revo Uninstaller Pro w Loader" = Revo Uninstaller Pro w Loader "SafeConnect" = SafeConnect "SimCity 3000" = SimCity 3000 "Sins of a Solar Empire Trinity_is1" = Sins of a Solar Empire Trinity "SmartFTP Client 4.0 (x64) Setup Files" = SmartFTP Client Setup Files 4.0 (x64) (remove only) "StarCraft II" = StarCraft II "Steam App 204300" = Awesomenauts "Steam App 205790" = Dota 2 Test "Steam App 570" = Dota 2 "SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010) "Tansee iPhone Transfer SMS_is1" = Tansee iPhone Transfer SMS 3.3.0.0 "TeamSpeak 3 Client" = TeamSpeak 3 Client "TeamViewer 7" = TeamViewer 7 "VLC media player" = VLC media player 1.0.3 "Warcraft III" = Warcraft III "WildTangent CDA" = WildTangent Web Driver "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "WinLiveSuite" = Windows Live Essentials "WinPcapInst" = WinPcap 4.1.1 "WinRAR" = WinRAR "Xvid Video Codec 1.3.1" = Xvid Video Codec "Zuma Deluxe 1.0" = Zuma Deluxe 1.0 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3288300068-1004485751-1404075410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "9204f5692a8faf3b" = Dell System Detect "Adobe Connect Add-in" = Adobe Connect Add-in "Dropbox" = Dropbox "ExeIco" = ExeIco (remove only) "Google Chrome" = Google Chrome "QUICKMEDIACONVERTER" = QMC ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 12/4/2012 8:06:40 PM | Computer Name = Andrew | Source = WinMgmt | ID = 10 Description = Error - 12/4/2012 8:07:45 PM | Computer Name = Andrew | Source = SideBySide | ID = 16842830 Description = Activation context generation failed for "C:\Users\Andrew\Desktop\Andrew's Folder\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Error - 12/4/2012 8:11:06 PM | Computer Name = Andrew | Source = WinMgmt | ID = 10 Description = Error - 12/4/2012 8:12:19 PM | Computer Name = Andrew | Source = SideBySide | ID = 16842830 Description = Activation context generation failed for "C:\Users\Andrew\Desktop\Andrew's Folder\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Error - 12/4/2012 8:12:19 PM | Computer Name = Andrew | Source = SideBySide | ID = 16842830 Description = Activation context generation failed for "C:\Users\Andrew\Desktop\Andrew's Folder\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Error - 12/4/2012 8:14:44 PM | Computer Name = Andrew | Source = Windows Search Service | ID = 3013 Description = Error - 12/4/2012 8:17:13 PM | Computer Name = Andrew | Source = LoadPerf | ID = 3012 Description = Error - 12/4/2012 8:17:13 PM | Computer Name = Andrew | Source = LoadPerf | ID = 3011 Description = Error - 12/4/2012 9:00:18 PM | Computer Name = Andrew | Source = LoadPerf | ID = 3012 Description = Error - 12/4/2012 9:00:18 PM | Computer Name = Andrew | Source = LoadPerf | ID = 3011 Description = [ OSession Events ] Error - 10/6/2010 8:24:57 PM | Computer Name = Andrew-PC2 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. Error - 10/24/2010 11:21:09 PM | Computer Name = Andrew-PC2 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 20744 seconds with 6540 seconds of active time. This session ended with a crash. Error - 4/28/2011 2:12:36 PM | Computer Name = Andrew-PC2 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 5596 seconds with 480 seconds of active time. This session ended with a crash. Error - 6/9/2011 6:14:07 PM | Computer Name = Andrew-PC2 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8 seconds with 0 seconds of active time. This session ended with a crash. Error - 9/4/2012 7:25:04 PM | Computer Name = Andrew-PC2 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 22 seconds with 0 seconds of active time. This session ended with a crash. Error - 11/19/2012 6:25:57 AM | Computer Name = Andrew | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 14378 seconds with 780 seconds of active time. This session ended with a crash. Error - 11/30/2012 8:58:38 PM | Computer Name = Andrew | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 4630 seconds with 1260 seconds of active time. This session ended with a crash. [ System Events ] Error - 12/4/2012 1:26:17 AM | Computer Name = Andrew | Source = Service Control Manager | ID = 7026 Description = Error - 12/4/2012 5:30:40 PM | Computer Name = Andrew | Source = Microsoft-Windows-TaskScheduler | ID = 412 Description = Error - 12/4/2012 5:31:38 PM | Computer Name = Andrew | Source = Service Control Manager | ID = 7002 Description = Error - 12/4/2012 5:31:38 PM | Computer Name = Andrew | Source = Service Control Manager | ID = 7026 Description = Error - 12/4/2012 8:05:43 PM | Computer Name = Andrew | Source = Microsoft-Windows-TaskScheduler | ID = 412 Description = Error - 12/4/2012 8:06:41 PM | Computer Name = Andrew | Source = Service Control Manager | ID = 7002 Description = Error - 12/4/2012 8:06:41 PM | Computer Name = Andrew | Source = Service Control Manager | ID = 7026 Description = Error - 12/4/2012 8:10:15 PM | Computer Name = Andrew | Source = Microsoft-Windows-TaskScheduler | ID = 412 Description = Error - 12/4/2012 8:11:07 PM | Computer Name = Andrew | Source = Service Control Manager | ID = 7002 Description = Error - 12/4/2012 8:11:07 PM | Computer Name = Andrew | Source = Service Control Manager | ID = 7026 Description = < End of report >

Here is the OTL.Txt: OTL logfile created on: 12/4/2012 5:09:29 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andrew\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19328) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.96 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 56.13% Memory free 8.14 Gb Paging File | 6.19 Gb Available in Paging File | 76.10% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451.07 Gb Total Space | 12.59 Gb Free Space | 2.79% Space Free | Partition Type: NTFS Drive D: | 14.65 Gb Total Space | 7.14 Gb Free Space | 48.72% Space Free | Partition Type: NTFS Computer Name: ANDREW | User Name: Andrew | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Andrew\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\SafeConnect\scManager.sys (Impulse Point, LLC) PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO) PRC - C:\Users\Andrew\Desktop\Andrew's Folder\Andrew's Documents\UCLA\UCLA VPN\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks) ========== Modules (No Company Name) ========== MOD - C:\Users\Andrew\AppData\Local\Google\Chrome\Application\23.0.1271.95\ppgooglenaclpluginchrome.dll () MOD - C:\Users\Andrew\AppData\Local\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll () MOD - C:\Users\Andrew\AppData\Local\Google\Chrome\Application\23.0.1271.95\pdf.dll () MOD - C:\Users\Andrew\AppData\Local\Google\Chrome\Application\23.0.1271.95\libglesv2.dll () MOD - C:\Users\Andrew\AppData\Local\Google\Chrome\Application\23.0.1271.95\libegl.dll () MOD - C:\Users\Andrew\AppData\Local\Google\Chrome\Application\23.0.1271.95\avutil-51.dll () MOD - C:\Users\Andrew\AppData\Local\Google\Chrome\Application\23.0.1271.95\avcodec-54.dll () MOD - C:\Users\Andrew\AppData\Local\Google\Chrome\Application\23.0.1271.95\avformat-54.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC) SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe (IDT, Inc.) SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe (Andrea Electronics Corporation) SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (TeamViewer7) -- C:\Users\Andrew\Desktop\Andrew's Folder\Teamviewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (SCManager) -- C:\Program Files (x86)\SafeConnect\scManager.sys (Impulse Point, LLC) SRV - (!SASCORE) -- C:\Users\Andrew\Desktop\Andrew's Folder\Other\Super Anti Spyware\SASCore64.exe (SUPERAntiSpyware.com) SRV - (KSS) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (CVPND) -- C:\Users\Andrew\Desktop\Andrew's Folder\Andrew's Documents\UCLA\UCLA VPN\cvpnd.exe (Cisco Systems, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ASO3DiskOptimizer) -- C:\Users\Andrew\Desktop\Andrew's Folder\Advanced System Optimizer 3\ASO3DefragSrv64.exe (Systweak Inc.) SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (DAUpdaterSvc) -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare) SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.) SRV - (WDSmartWareBackgroundService) -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (vmm) -- C:\Windows\SysNative\Drivers\vmm.sys (Microsoft Corporation) DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\DRIVERS\avgidsha.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\DRIVERS\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\DRIVERS\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\DRIVERS\avgloga.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (Power Software Ltd) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (PCDSRVC{1E208CE0-FB7451FF-06020200}_0) -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms (PC-Doctor, Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdLH6.sys (Advanced Micro Devices) DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\Drivers\CVPNDRVA.sys () DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (cpuz133) -- C:\Windows\SysNative\drivers\cpuz133_x64.sys (Windows ® Win 7 DDK provider) DRV:64bit: - (itecir) -- C:\Windows\SysNative\DRIVERS\itecir.sys (ITE Tech. Inc. ) DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\DRIVERS\CVirtA64.sys (Cisco Systems, Inc.) DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys () DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.) DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation) DRV:64bit: - (kl1) -- C:\Windows\SysNative\DRIVERS\kl1.sys (Kaspersky Lab) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Research Inc.) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.) DRV:64bit: - (OA001Vid) -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys (Creative Technology Ltd.) DRV:64bit: - (OA001Ufd) -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys (Creative Technology Ltd.) DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\DRIVERS\mcdbus.sys (MagicISO, Inc.) DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys (Western Digital Technologies) DRV:64bit: - (NETw5v64) -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys (Intel Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.) DRV:64bit: - (DNE) -- C:\Windows\SysNative\DRIVERS\dne64x.sys (Deterministic Networks, Inc.) DRV:64bit: - (FACAP) -- C:\Windows\SysNative\DRIVERS\facap.sys (Sensible Vision ) DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys (REDC) DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys (REDC) DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimspx64.sys (REDC) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys (Microsoft Corporation) DRV:64bit: - (e1express) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (VPCNetS2) -- C:\Windows\SysNative\DRIVERS\VMNetSrv.sys (Microsoft Corporation) DRV - (SASDIFSV) -- C:\Users\Andrew\Desktop\Andrew's Folder\Other\Super Anti Spyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Users\Andrew\Desktop\Andrew's Folder\Other\Super Anti Spyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl (CyberLink Corp.) DRV - (WinRing0_1_2_0) -- C:\Users\Andrew\Desktop\Andrew's Folder\Other\Programs\Computers\WinRing0x64.sys (OpenLibSys.org) DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.) DRV - (BrPar) -- C:\Windows\SysWOW64\drivers\BRPAR.SYS (Brother Industries Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?} IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3288300068-1004485751-1404075410-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://mail.ucla.edu/login.phpht [binary data over 200 bytes] IE - HKU\S-1-5-21-3288300068-1004485751-1404075410-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-3288300068-1004485751-1404075410-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3288300068-1004485751-1404075410-1000\..\SearchScopes,DefaultScope = {5A8E1A6F-DFC2-4F6C-9A39-A1EF8496BCA7} IE - HKU\S-1-5-21-3288300068-1004485751-1404075410-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox IE - HKU\S-1-5-21-3288300068-1004485751-1404075410-1000\..\SearchScopes\{131B573A-C00D-82EC-098E-145BB127FA4F}: "URL" = http://www.bing.com/...037&form=ZGAIDF IE - HKU\S-1-5-21-3288300068-1004485751-1404075410-1000\..\SearchScopes\{5A8E1A6F-DFC2-4F6C-9A39-A1EF8496BCA7}: "URL" = http://www.google.co...utputEncoding?} IE - HKU\S-1-5-21-3288300068-1004485751-1404075410-1000\..\SearchScopes\{82D3C67E-52A4-4C20-B5A6-D27FFA0FD7BC}: "URL" = http://websearch.ask...6-37477D85114E IE - HKU\S-1-5-21-3288300068-1004485751-1404075410-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3288300068-1004485751-1404075410-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://simplegpt.com/members/signupPTS.php|http://gmx.com/mail.html#1" FF - prefs.js..extensions.enabledAddons: textlinks@plpickle.com:1.0.0 FF - prefs.js..extensions.enabledAddons: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Users\Andrew\Desktop\Andrew's Folder\VLC Player\npvlc.dll (the VideoLAN Team) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Andrew\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Andrew\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/25 22:10:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/12/03 01:05:10 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/25 22:10:14 | 000,000,000 | ---D | M] [2011/04/02 02:22:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrew\AppData\Roaming\Mozilla\Extensions [2012/12/02 23:57:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\a87b3ne2.default\extensions [1641/02/09 23:01:15 | 000,004,816 | ---- | M] () (No name found) -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\a87b3ne2.default\extensions\vbftxniady@vbftxniady.org.xpi ========== Chrome ========== CHR - homepage: http://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Andrew\AppData\Local\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Andrew\AppData\Local\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Andrew\AppData\Local\Google\Chrome\Application\23.0.1271.95\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Java™ Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Plugins\npitunes.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\Andrew\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Users\Andrew\Desktop\Andrew's Folder\VLC Player\npvlc.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Google Drive = C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Gmail = C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/12/02 23:55:07 | 000,000,057 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O3 - HKU\S-1-5-21-3288300068-1004485751-1404075410-1000\..\Toolbar\WebBrowser: (no name) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - No CLSID value found. O3 - HKU\S-1-5-21-3288300068-1004485751-1404075410-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-3288300068-1004485751-1404075410-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-3288300068-1004485751-1404075410-1000\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Users\Andrew\Desktop\Andrew's Folder\Other\PowerISO\PWRISOVM.EXE (Power Software Ltd) O4 - HKU\.DEFAULT..\Run: [AOL OCP] C:\Users\Andrew\AppData\Local\Apple\AOL OCP\lpjpkkpp.dll (CyberLink Corp.) O4 - HKU\S-1-5-18..\Run: [AOL OCP] C:\Users\Andrew\AppData\Local\Apple\AOL OCP\lpjpkkpp.dll (CyberLink Corp.) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3288300068-1004485751-1404075410-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3288300068-1004485751-1404075410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-21-3288300068-1004485751-1404075410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: &Clean Traces - C:\Users\Andrew\Desktop\Andrew's Folder\Download Accelerator Plus\Privacy Package\dapcleanerie.htm File not found O8:64bit: - Extra context menu item: &Download with &DAP - C:\Users\Andrew\Desktop\Andrew's Folder\Download Accelerator Plus\dapextie.htm File not found O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html () O8:64bit: - Extra context menu item: Download &all with DAP - C:\Users\Andrew\Desktop\Andrew's Folder\Download Accelerator Plus\dapextie2.htm File not found O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O8 - Extra context menu item: &Clean Traces - C:\Users\Andrew\Desktop\Andrew's Folder\Download Accelerator Plus\Privacy Package\dapcleanerie.htm File not found O8 - Extra context menu item: &Download with &DAP - C:\Users\Andrew\Desktop\Andrew's Folder\Download Accelerator Plus\dapextie.htm File not found O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html () O8 - Extra context menu item: Download &all with DAP - C:\Users\Andrew\Desktop\Andrew's Folder\Download Accelerator Plus\dapextie2.htm File not found O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3288300068-1004485751-1404075410-1000\..Trusted Domains: dell.com ([]* in Trusted sites) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell....r/SysProExe.CAB (WMI Class) O16 - DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.) O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.micro...gWebControl.cab (Diagnostics ActiveX WebControl) O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} Reg Error: Key error. (Java Plug-in 1.4.1_02) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3415CFBA-4741-40C4-9E0B-778148F5B025}: DhcpNameServer = 209.18.47.61 209.18.47.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0E1AA1F-D075-4518-9F20-31338BD08F7D}: DhcpNameServer = 209.18.47.61 209.18.47.62 O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\linkscanner - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found O24 - Desktop WallPaper: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (autocheck sasnative64) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/12/04 17:08:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTL.exe [2012/12/04 17:03:33 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\NeoSmart_Technologies [2012/12/04 16:44:44 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Andrew\Desktop\dds.com [2012/12/04 16:42:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies [2012/12/04 16:25:55 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell [2012/12/04 15:03:43 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\$OEM$ [2012/12/04 14:52:11 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\PowerISO [2012/12/04 14:46:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO [2012/12/04 14:46:16 | 000,126,944 | ---- | C] (Power Software Ltd) -- C:\Windows\SysNative\drivers\scdemu.sys [2012/12/04 14:11:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyFinder [2012/12/03 20:36:40 | 001,931,088 | ---- | C] (Symantec Corporation) -- C:\Users\Andrew\Desktop\FixTDSS.exe [2012/12/03 14:01:40 | 000,000,000 | ---D | C] -- C:\Users\Andrew\My Backup Files [2012/12/03 13:59:49 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\SoftThinks [2012/12/03 01:12:01 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2012/12/03 01:06:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2 [2012/12/01 21:55:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/12/01 20:53:45 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\temp [2012/12/01 20:33:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/12/01 20:33:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/12/01 20:33:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/12/01 20:33:21 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/12/01 20:32:47 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/12/01 20:31:48 | 005,009,347 | R--- | C] (Swearware) -- C:\Users\Andrew\Desktop\ComboFix.exe [2012/12/01 16:55:35 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Andrew\Desktop\aswMBR.exe [2012/11/29 21:06:44 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan [2012/11/29 21:05:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2012/11/29 12:54:13 | 000,000,000 | -H-D | C] -- C:\ProgramData\{807DF20C-D1F6-4D87-91A0-F7767E463806} [2012/11/29 12:54:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro [2012/11/24 01:59:32 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\SUPERAntiSpyware.com [2012/11/24 01:59:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012/11/24 01:59:13 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012/11/23 16:47:04 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2012/11/23 11:32:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012/11/19 20:26:11 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{C2252938-0E72-4B99-AD99-5D6D53940C91} [2012/11/19 16:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMSOL 4.3a [2012/11/16 16:40:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2012/11/16 16:40:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2012/11/10 15:46:38 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\DassaultSystemes [2012/11/10 15:46:38 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\DassaultSystemes [2012/11/10 15:46:38 | 000,000,000 | ---D | C] -- C:\ProgramData\DassaultSystemes [2012/11/10 15:46:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMSOL 4.2 [2012/11/10 14:30:40 | 000,000,000 | ---D | C] -- C:\Users\Andrew\.comsol [2012/11/09 05:07:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012/09/09 22:30:38 | 000,293,776 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunesOutlookAddIn.dll [2012/09/09 22:30:34 | 000,421,776 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunesHelper.exe [2012/09/09 22:30:34 | 000,403,344 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunesAdmin.dll [2012/09/09 22:30:34 | 000,156,560 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunesHelper.dll [2012/09/09 22:30:28 | 009,777,040 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunes.exe [2012/09/09 22:30:24 | 021,131,152 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunes.dll [2012/09/09 22:30:22 | 003,008,536 | ---- | C] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_dsp.dll [2012/09/09 22:30:22 | 000,776,216 | ---- | C] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_sdkmanager.dll [2012/09/09 22:30:22 | 000,262,680 | ---- | C] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_submit.dll [2012/09/09 22:30:22 | 000,219,672 | ---- | C] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_musicid.dll [2012/08/08 18:15:32 | 000,112,528 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\ITDetector.ocx [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/12/04 17:08:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTL.exe [2012/12/04 17:04:40 | 000,333,257 | RHS- | M] () -- C:\bootmgr [2012/12/04 17:00:21 | 008,343,306 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/12/04 17:00:21 | 002,965,102 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/12/04 17:00:21 | 000,006,576 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/12/04 16:48:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3288300068-1004485751-1404075410-1000UA.job [2012/12/04 16:44:45 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Andrew\Desktop\dds.com [2012/12/04 16:42:38 | 000,000,462 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{26268F19-04BF-40FD-A955-AB1B37464A7D}.job [2012/12/04 16:42:35 | 000,024,576 | ---- | M] () -- C:\Users\Andrew\Documents\EasyBCD Backup (2012-12-04).bcd [2012/12/04 16:42:21 | 000,000,924 | ---- | M] () -- C:\Users\Public\Desktop\EasyBCD 2.2.lnk [2012/12/04 16:37:18 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/12/04 16:22:26 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/12/04 16:22:26 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/12/04 16:10:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/12/04 14:46:18 | 000,000,940 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk [2012/12/04 11:52:41 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\ASOService.job [2012/12/03 22:57:47 | 000,002,635 | ---- | M] () -- C:\Users\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk [2012/12/03 21:46:01 | 000,168,448 | ---- | M] () -- C:\Users\Andrew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/12/03 21:23:59 | 653,982,720 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012/12/03 21:01:08 | 000,302,592 | ---- | M] () -- C:\Users\Andrew\Desktop\6pvnt71z.exe [2012/12/03 20:36:43 | 001,931,088 | ---- | M] (Symantec Corporation) -- C:\Users\Andrew\Desktop\FixTDSS.exe [2012/12/03 13:57:11 | 000,002,049 | ---- | M] () -- C:\Users\Andrew\Desktop\Google Chrome.lnk [2012/12/03 13:57:11 | 000,002,011 | ---- | M] () -- C:\Users\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012/12/03 02:14:58 | 000,304,576 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/12/03 01:06:34 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk [2012/12/02 23:55:07 | 000,000,057 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/12/02 13:51:24 | 000,540,743 | ---- | M] () -- C:\Users\Andrew\Desktop\AdwCleaner.exe [2012/12/02 12:30:26 | 000,000,549 | ---- | M] () -- C:\Users\Andrew\Desktop\Minidump - Shortcut.lnk [2012/12/01 23:08:56 | 000,001,836 | ---- | M] () -- C:\Users\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk [2012/12/01 20:31:56 | 005,009,347 | R--- | M] (Swearware) -- C:\Users\Andrew\Desktop\ComboFix.exe [2012/12/01 16:56:06 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Andrew\Desktop\aswMBR.exe [2012/11/29 22:55:51 | 000,002,593 | ---- | M] () -- C:\Users\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk [2012/11/26 22:59:40 | 000,000,242 | ---- | M] () -- C:\Users\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Dota 2.url [2012/11/26 22:50:21 | 000,001,455 | ---- | M] () -- C:\Users\Andrew\Desktop\config.lnk [2012/11/24 22:20:14 | 000,001,836 | ---- | M] () -- C:\Users\Andrew\Desktop\Skype.lnk [2012/11/24 01:59:17 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012/11/23 16:47:04 | 000,000,242 | ---- | M] () -- C:\Users\Andrew\Desktop\Dota 2.url [2012/11/19 16:31:31 | 000,002,668 | ---- | M] () -- C:\Users\Public\Desktop\COMSOL Multiphysics 4.3a.lnk [2012/11/14 23:31:50 | 000,000,036 | ---- | M] () -- C:\Windows\avgui.INI [2012/11/10 14:47:28 | 000,000,258 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\default.rss [2012/11/10 14:47:25 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/12/04 16:42:35 | 000,024,576 | ---- | C] () -- C:\Users\Andrew\Documents\EasyBCD Backup (2012-12-04).bcd [2012/12/04 16:42:35 | 000,000,462 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{26268F19-04BF-40FD-A955-AB1B37464A7D}.job [2012/12/04 16:42:21 | 000,000,924 | ---- | C] () -- C:\Users\Public\Desktop\EasyBCD 2.2.lnk [2012/12/04 14:46:18 | 000,000,940 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk [2012/12/03 21:01:06 | 000,302,592 | ---- | C] () -- C:\Users\Andrew\Desktop\6pvnt71z.exe [2012/12/03 13:34:46 | 000,002,049 | ---- | C] () -- C:\Users\Andrew\Desktop\Google Chrome.lnk [2012/12/03 13:34:46 | 000,002,011 | ---- | C] () -- C:\Users\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012/12/03 01:06:34 | 000,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk [2012/12/03 01:06:33 | 000,001,812 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk [2012/12/03 01:06:33 | 000,001,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk [2012/12/02 13:51:22 | 000,540,743 | ---- | C] () -- C:\Users\Andrew\Desktop\AdwCleaner.exe [2012/12/02 12:30:26 | 000,000,549 | ---- | C] () -- C:\Users\Andrew\Desktop\Minidump - Shortcut.lnk [2012/12/01 23:08:56 | 000,001,836 | ---- | C] () -- C:\Users\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk [2012/12/01 20:33:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/12/01 20:33:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/12/01 20:33:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/12/01 20:33:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/12/01 20:33:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/12/01 17:03:18 | 653,982,720 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012/11/26 22:59:40 | 000,000,242 | ---- | C] () -- C:\Users\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Dota 2.url [2012/11/26 22:50:21 | 000,001,455 | ---- | C] () -- C:\Users\Andrew\Desktop\config.lnk [2012/11/24 22:20:14 | 000,001,836 | ---- | C] () -- C:\Users\Andrew\Desktop\Skype.lnk [2012/11/24 01:59:17 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012/11/23 16:47:04 | 000,000,242 | ---- | C] () -- C:\Users\Andrew\Desktop\Dota 2.url [2012/11/19 16:31:31 | 000,002,668 | ---- | C] () -- C:\Users\Public\Desktop\COMSOL Multiphysics 4.3a.lnk [2012/10/18 14:11:08 | 000,000,291 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini [2012/09/29 10:44:57 | 000,000,036 | ---- | C] () -- C:\Windows\avgui.INI [2012/08/12 15:35:55 | 000,027,520 | ---- | C] () -- C:\Users\Andrew\AppData\Local\dt.dat [2012/08/08 18:14:16 | 000,064,083 | ---- | C] () -- C:\Program Files (x86)\Acknowledgements.rtf [2011/06/05 22:38:23 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011/06/05 22:38:23 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011/03/28 22:23:58 | 000,000,089 | ---- | C] () -- C:\Users\Andrew\AppData\Local\Del5723.bat [2011/03/28 21:06:58 | 000,774,878 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/01/13 20:05:15 | 000,000,000 | ---- | C] () -- C:\Users\Andrew\1CXVH.pdb [2010/04/22 13:35:00 | 000,000,000 | ---- | C] () -- C:\Users\Andrew\AppData\Local\Temp0cdab112c4a6e11872374c7bded4a529.lock [2010/03/24 12:46:37 | 000,000,258 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\default.rss [2009/11/22 15:47:37 | 000,001,459 | ---- | C] () -- C:\Users\Andrew\.recently-used.xbel [2009/09/25 20:15:40 | 000,017,043 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\UserTile.png [2009/08/31 22:44:09 | 000,000,552 | ---- | C] () -- C:\Users\Andrew\AppData\Local\d3d8caps.dat [2009/08/25 12:50:56 | 000,000,801 | ---- | C] () -- C:\Users\Andrew\.plugin141_02.trace [2009/08/23 01:16:11 | 000,168,448 | ---- | C] () -- C:\Users\Andrew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/08/17 22:01:16 | 000,007,052 | ---- | C] () -- C:\Users\Andrew\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [2006/11/02 07:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 09:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 09:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/10 23:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/10 22:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 18:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\SysWow64\wbem\wbemess.dll ========== LOP Check ========== [2009/08/18 00:39:12 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\acccore [2012/09/28 12:47:33 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\AVG2013 [2010/09/20 00:10:34 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\AVG9 [2010/05/11 11:14:49 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\CocoonSoftware [2011/03/25 00:21:03 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\DAEMON Tools Pro [2012/11/10 15:46:38 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\DassaultSystemes [2011/09/03 17:57:42 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Decipher Media [2011/01/06 21:52:31 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\DiskAid [2012/03/30 12:12:34 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\DMCache [2011/05/07 13:03:42 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Dropbox [2009/12/29 13:32:35 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\fltk.org [2010/02/08 01:25:41 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\FOG Downloader [2011/08/22 00:45:10 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\FrostWire [2010/02/14 18:22:35 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\GoodSync [2009/11/22 15:47:37 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\gtk-2.0 [2010/01/31 01:04:05 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\iExpert Software [2011/01/06 21:38:43 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\iPodtoComputer [2012/04/07 15:04:33 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\libimobiledevice [2011/12/27 17:47:43 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\LolClient [2012/05/23 13:08:12 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\LolClient2 [2009/10/26 21:57:15 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\MusE [2010/09/20 13:14:26 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Opera [2011/03/03 01:25:11 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\PCDr [2009/09/25 20:15:40 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\PeerNetworking [2012/12/04 14:52:11 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\PowerISO [2009/08/18 00:39:13 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\QQ Games Plugin [2011/08/21 22:44:37 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Registry Mechanic [2012/01/04 01:21:14 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Replay Media Catcher 4 [2010/06/15 22:07:24 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Softland [2011/03/20 23:18:41 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Stardock [2010/08/23 19:27:22 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\SystemRequirementsLab [2010/11/06 00:47:11 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Systweak [2012/10/08 21:05:11 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\TeamViewer [2011/01/06 23:07:59 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\TuneAid [2012/09/28 10:39:46 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\TuneUp Software [2010/09/20 00:25:31 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Uniblue [2010/03/23 14:58:52 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Western Digital [2012/10/14 05:35:36 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software ========== Purity Check ========== ========== Custom Scans ========== < MD5 for: EXPLORER.EXE > [2009/04/24 19:53:49 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe [2009/04/24 19:53:48 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe [2009/04/24 19:53:48 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe [2009/04/24 19:53:47 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe [2009/04/10 23:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\erdnt\cache86\explorer.exe [2009/04/10 23:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe [2009/04/10 23:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe [2009/04/24 19:53:48 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe [2009/04/24 19:53:47 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe [2009/04/24 19:53:47 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe [2009/04/24 19:53:48 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe [2008/01/20 18:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe [2008/01/20 18:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe < MD5 for: SVCHOST.EXE > [2009/10/09 13:56:13 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=2662DBEAD02082F1AB671E550B56E920 -- C:\Windows\svchost.exe [2008/01/20 18:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\erdnt\cache86\svchost.exe [2008/01/20 18:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe [2008/01/20 18:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe [2012/09/29 18:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Users\Andrew\Desktop\Andrew's Folder\Malwarebytes Anti-Malware\Chameleon\svchost.exe [2008/01/20 18:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\erdnt\cache64\svchost.exe [2008/01/20 18:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe [2008/01/20 18:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe < MD5 for: USERINIT.EXE > [2008/01/20 18:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\erdnt\cache86\userinit.exe [2008/01/20 18:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe [2008/01/20 18:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2008/01/20 18:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\erdnt\cache64\userinit.exe [2008/01/20 18:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe [2008/01/20 18:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe < MD5 for: WINLOGON.EXE > [2009/04/10 23:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\erdnt\cache64\winlogon.exe [2009/04/10 23:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe [2009/04/10 23:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe [2008/01/20 18:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe [2012/09/29 18:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Users\Andrew\Desktop\Andrew's Folder\Malwarebytes Anti-Malware\Chameleon\winlogon.exe [2009/04/10 22:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe [2009/04/10 22:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008/01/20 18:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe ========== Alternate Data Streams ========== @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:D1B5B4F1 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:C69EAC3C @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:BEB15613 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:A9662AE0 < End of report >

Here is the file you requested from the DDS scan Also I have another question, if I do want to do a complete factory reset of my computer (Dell Studio XPS 1640) how would I be able to do it if "Repair your computer" does not work from hitting F8 because it comes up with "Other User" and prompts for a username/password which never works no matter what credentials you enter. I googled this and it came up with some malware/virus associations and in the future I just want to be able to restore my laptop to its factory default settings (I have all my data backed up). I'm thinking the recovery partition might be affected somehow which brings me to the next point: My slot loading optical drive has a CD stuck in there so I can't use recovery discs through that. I checked and I don't know if my BIOS supports booting from the external CD/DVD drive I have either. I was wondering if a bootable USB would work with a Vista ISO image? attach.txt

Yes and now when I try to open it (after all these BSOD's), it seems the interface has changed into what I'm thinking is the newer version of Google Chrome. All my bookmarks and saved data seems to have been kept, only the look of Chrome is different aside from user profiles (it did prompt me to set up or log in but I just said skip for now). Basically, Chrome works and for the past hour I have not encountered any redirects although I would probably wait some more time to see what happens. I think my bigger problem would be the BSOD's and why they are occurring but that's just my thought.

I received the same Blue Screen of Death after clicking uninstall at the window (with the clear browsing data, change default browser, etc...

I tried to uninstall Google Chrome by clicking on All Programs -> Google Chrome -> Uninstall I clicked on uninstall after the first popup (where you check clear browsing data, change default browser, etc...) and received the Blue Screen of Death error immediately after I tried it again and I got the exact same error at the exact same place.

Google Chrome

I did some browsing and it looked like there were no more redirects and then I got one just now. I have a feeling something is still around somewhere

Here is the logfile from AdwCleaner [delete] option AdwCleanerS1.txt

Here is the logfile from AdwCleaner AdwCleanerR1.txt

Hi Jeff, I still get redirects to random websites after clicking google links. Also, I noticed that I have been getting more BSOD's from yesterday evening and when I try to click on the solution that Windows offers me (the link to the Microsoft KB article), the BSOD happens again and again. I was able to click it once last night and it discussed trojan/malware but I couldn't really get any more information from that. I'm thinking that maybe I should also free up some disk space (I have about 24.0GB free out of a 451 GB hard drive)?

Here is the ComboFix log ComboFix.txt

Hi Jeff, Here is the log from TDSSKiller TDSSKiller.2.8.15.0_01.12.2012_20.26.54_log.txt