Jump to content

Recommended Posts

Good evening all,

I appear to have been infected with the globasearch virus and it is proving to be a pain in the posterior to deal with.

I have tried Malwarebytes, Spybot Search & Destroy, AVG, Advanced Systemcare6, Glary Utilities and have also look at the results from HJT. It appears that it is persisting and I'd really appreciate some advice.

attach.txt

dds.txt

Link to post
Share on other sites

  • Replies 61
  • Created
  • Last Reply

Top Posters In This Topic

Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete anything unless instructed to.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.

Vista and Windows 7 users:

These tools MUST be run from the executable (.exe) every time you run them

with Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

---------

aswmbr-1.jpg Please download aswMBR to your desktop.

  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and attach its contents in your next reply.

aswmbrscan.jpg

Click the image to enlarge it

----------

adwcleaner.jpgAdwCleaner

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

----------

Link to post
Share on other sites

Hi,

ComboFix

Download Combofix from the link below, and save it to your desktop.

Link

**Note: It is important that it is saved directly to your desktop**

If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.


  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

----------

Link to post
Share on other sites

Hi,

ComboFix

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the box below:

    ClearJavaCache::
    DDS::
    uStart Page = hxxp://www.google.co.uk/
    mStart Page = hxxp://www.globasearch.com/?serie=21
    uURLSearchHooks: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned>
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Post the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

----------

Post the new ComboFix log and let me know how your system is running. :)

Link to post
Share on other sites

OTL.jpgOTL

  • Download OTL to your desktop.
  • Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

----------

Link to post
Share on other sites

OTL logfile created on: 19/01/2013 14:07:03 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sam\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.90 Gb Total Physical Memory | 3.24 Gb Available Physical Memory | 54.97% Memory free

11.79 Gb Paging File | 8.50 Gb Available in Paging File | 72.12% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 446.13 Gb Total Space | 36.72 Gb Free Space | 8.23% Space Free | Partition Type: NTFS

Drive D: | 465.76 Gb Total Space | 296.38 Gb Free Space | 63.63% Space Free | Partition Type: NTFS

Computer Name: SAM-LAPPY | User Name: Sam | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Sam\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Users\Sam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)

PRC - D:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe (IObit)

PRC - C:\Users\Sam\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)

PRC - D:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe (IObit)

PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()

PRC - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)

PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)

PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()

PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)

PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)

PRC - C:\Prey\platform\windows\cronsvc.exe (Fork Ltd.)

PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()

PRC - C:\Program Files (x86)\WordWeb\wweb32.exe (WordWeb Software)

PRC - C:\Program Files (x86)\Everything\Everything.exe ()

========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c9298c7ab70c4db2848fc747b7ea5c3\PresentationFramework.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\23da92e38ffc0bbf6673adb1892aa0f4\UIAutomationProvider.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()

MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppgooglenaclpluginchrome.dll ()

MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll ()

MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\libglesv2.dll ()

MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\libegl.dll ()

MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ffmpegsumo.dll ()

MOD - C:\Program Files (x86)\Evernote\Evernote\libxml2.dll ()

MOD - C:\Program Files (x86)\Evernote\Evernote\libtidy.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll ()

MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll ()

MOD - C:\Windows\wweb32.dll ()

MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()

MOD - C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll ()

MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()

MOD - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()

MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()

MOD - C:\Program Files (x86)\Everything\Everything.exe ()

========== Services (SafeList) ==========

SRV:64bit: - (NitroReaderDriverReadSpool2) -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (Nitro PDF Software)

SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)

SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()

SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)

SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel® Corporation)

SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)

SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel® Corporation)

SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)

SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (AdvancedSystemCareService6) -- D:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe (IObit)

SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)

SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()

SRV - (Te.Service) -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe (Microsoft Corporation)

SRV - (fussvc) -- C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)

SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (Sony SCSI Helper Service) -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation)

SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)

SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)

SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)

SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)

SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)

SRV - (CronService) -- C:\Prey\platform\windows\cronsvc.exe (Fork Ltd.)

SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)

SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)

SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)

SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)

SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (WinVNC4) -- C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.)

========== Driver Services (SafeList) ==========

DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )

DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )

DRV:64bit: - (nvkflt) -- C:\Windows\SysNative\drivers\nvkflt.sys (NVIDIA Corporation)

DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)

DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)

DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)

DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)

DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows ® Win 7 DDK provider)

DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows ® Win 7 DDK provider)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)

DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)

DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)

DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)

DRV:64bit: - (RsFx0105) -- C:\Windows\SysNative\drivers\RsFx0105.sys (Microsoft Corporation)

DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)

DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)

DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )

DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation)

DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)

DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)

DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)

DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)

DRV:64bit: - (NvStUSB) -- C:\Windows\SysNative\drivers\nvstusb.sys ()

DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Accelern.sys (ST Microelectronics)

DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel® Corporation)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)

DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)

DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)

DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:64bit: - (stdcfltn) -- C:\Windows\SysNative\drivers\stdcfltn.sys (ST Microelectronics)

DRV:64bit: - (qicflt) -- C:\Windows\SysNative\drivers\qicflt.sys (Quanta Computer)

DRV:64bit: - (AVer7231_x64) -- C:\Windows\SysNative\drivers\AVer7231_x64.sys (AVerMedia TECHNOLOGIES, Inc.)

DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)

DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)

DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)

DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)

DRV - (VSPerfDrv110) -- D:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys (Microsoft Corporation)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{F00A156D-B222-44CF-9055-2AE5990AF020}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{F00A156D-B222-44CF-9055-2AE5990AF020}: "URL" = http://www.globasearch.com/?serie=21&q={searchTerms}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-371144906-3944880737-2443039130-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

IE - HKU\S-1-5-21-371144906-3944880737-2443039130-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-371144906-3944880737-2443039130-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB

IE - HKU\S-1-5-21-371144906-3944880737-2443039130-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 42 6B 05 5F 5D F4 CD 01 [binary data]

IE - HKU\S-1-5-21-371144906-3944880737-2443039130-1002\..\SearchScopes,DefaultScope = {4F5CDA54-9914-4166-A3E1-AD46355AAE49}

IE - HKU\S-1-5-21-371144906-3944880737-2443039130-1002\..\SearchScopes\{4F5CDA54-9914-4166-A3E1-AD46355AAE49}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}'>http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

IE - HKU\S-1-5-21-371144906-3944880737-2443039130-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-371144906-3944880737-2443039130-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.co.uk"

FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Sam\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Sam\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Sam\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sam\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sam\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Sam\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/13 22:51:32 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\wcapturex@deskperience.com: C:\Program Files (x86)\WordWeb\WCaptureMoz [2011/10/10 15:17:35 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/13 22:51:32 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/03/09 10:28:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sam\AppData\Roaming\Mozilla\Extensions

[2011/12/17 01:20:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\extensions

[2011/12/17 01:20:16 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

[2012/11/26 22:29:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\ectamm6u.default\extensions

[2013/01/16 00:36:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\sge3aesf.default-1358118621276\extensions

[2012/07/31 18:14:26 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\ectamm6u.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi

[2013/01/13 23:17:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/10/10 09:30:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

[2013/01/13 22:51:32 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2013/01/13 22:51:31 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml

[2013/01/17 03:14:19 | 000,000,626 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

[2013/01/13 22:51:31 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2013/01/13 22:51:31 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml

[2013/01/13 22:51:31 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml

[2013/01/17 03:14:20 | 000,000,579 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\image.xml

[2013/01/13 22:51:31 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

[2013/01/13 22:51:31 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = http://www.google.com/search?q={searchTerms}

CHR - default_search_provider: suggest_url =

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Sam\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Sam\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll

CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll

CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

CHR - plugin: Citrix ICA Client (Enabled) = C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll

CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 7 U11 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll

CHR - plugin: Reader Application Detector (Enabled) = C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Unity Player (Enabled) = C:\Users\Sam\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll

CHR - plugin: Java Deployment Toolkit 7.0.110.21 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll

CHR - plugin: VLC Web Plugin (Enabled) = D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

O1 HOSTS File: ([2013/01/16 23:11:54 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.

O2:64bit: - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No CLSID value found.

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found

O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No CLSID value found.

O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - D:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.

O4:64bit: - HKLM..\Run: [bTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)

O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [intelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)

O4:64bit: - HKLM..\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [Everything] C:\Program Files (x86)\Everything\Everything.exe ()

O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)

O4 - HKU\.DEFAULT..\Run: [Advanced SystemCare 6] D:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)

O4 - HKU\S-1-5-18..\Run: [Advanced SystemCare 6] D:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)

O4 - HKU\S-1-5-21-371144906-3944880737-2443039130-1002..\Run: [spotify Web Helper] C:\Users\Sam\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)

O4 - HKU\S-1-5-21-371144906-3944880737-2443039130-1002..\Run: [WordWeb] C:\Program Files (x86)\WordWeb\wweb32.exe (WordWeb Software)

O4 - Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Sam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O4 - Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk = File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-371144906-3944880737-2443039130-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-371144906-3944880737-2443039130-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)

O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)

O16 - DPF: {E34F52FE-7769-46CE-8F8B-5E8ABAD2E9FC} https://webmail-eu.towerswatson.com/CACHE/sdesktop/install/binaries/instweb.cab (CSD ActiveX Installer)

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4CB81583-68DC-40B1-ABA5-FD3EA5118C3B}: DhcpNameServer = 192.168.1.254 192.168.1.254

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found

O18:64bit: - Protocol\Filter\ica - No CLSID value found

O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)

O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - D:\Stardock\Fences\FencesMenu64.dll (Stardock)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/19 14:06:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe

[2013/01/17 02:45:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013/01/17 02:40:37 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2013/01/14 02:38:05 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\MGlogs

[2013/01/14 02:30:41 | 000,000,000 | ---D | C] -- C:\MGtools

[2013/01/14 01:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro

[2013/01/14 01:06:17 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller

[2013/01/14 01:06:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group

[2013/01/14 01:01:07 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2013/01/14 00:58:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0

[2013/01/13 23:35:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2013/01/13 23:35:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013/01/13 23:35:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2013/01/13 23:35:48 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/01/13 23:35:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013/01/13 23:23:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2013/01/13 22:57:24 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\RK_Quarantine

[2013/01/13 22:42:00 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\Fixing

[2013/01/13 22:16:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2013/01/13 22:15:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google

[2013/01/12 16:16:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy

[2013/01/12 16:16:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2013/01/12 16:16:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2013/01/12 16:07:31 | 000,000,000 | ---D | C] -- C:\Users\Sam\Documents\CC Reg Backups

[2013/01/12 16:04:01 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Greenshot

[2013/01/12 16:03:52 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\Greenshot

[2013/01/12 15:24:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NoteTab Light

[2013/01/12 15:24:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NoteTab Light

[2013/01/12 15:23:12 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView

[2013/01/12 15:23:11 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\IrfanView

[2013/01/12 15:23:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView

[2013/01/12 14:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenshot

[2013/01/12 14:57:15 | 000,000,000 | ---D | C] -- C:\Program Files\Greenshot

[2013/01/12 14:56:19 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET

[2013/01/12 14:56:07 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\Paint.NET

[2013/01/12 14:54:03 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prey

[2013/01/12 14:54:02 | 000,000,000 | ---D | C] -- C:\Prey

[2013/01/12 14:48:15 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything

[2013/01/12 14:48:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Everything

[2013/01/12 14:44:18 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat

[2013/01/12 14:44:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat

[2013/01/12 14:44:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinDirStat

[2013/01/11 01:50:31 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\AVG2013

[2013/01/11 01:29:58 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\TuneUp Software

[2013/01/11 01:29:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

[2013/01/11 01:29:10 | 000,000,000 | ---D | C] -- C:\$AVG

[2013/01/11 01:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013

[2013/01/11 01:28:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG

[2013/01/11 01:25:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files

[2013/01/11 01:25:20 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\MFAData

[2013/01/11 01:25:20 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData

[2013/01/11 01:25:20 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\Avg2013

[2013/01/05 18:55:36 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\ElevatedDiagnostics

[2012/12/28 11:52:37 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\Programs

[2012/12/23 12:25:43 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\Tidy up

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/19 14:07:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-371144906-3944880737-2443039130-1002UA.job

[2013/01/19 14:06:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe

[2013/01/19 14:05:35 | 000,000,031 | ---- | M] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat

[2013/01/19 14:05:34 | 000,000,542 | ---- | M] () -- C:\Windows\tasks\MATLAB R2012a Startup Accelerator.job

[2013/01/19 14:05:29 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/01/19 14:05:27 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/01/19 14:05:25 | 000,000,252 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job

[2013/01/19 14:05:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/01/19 05:36:47 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/01/17 05:38:15 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-371144906-3944880737-2443039130-1002Core.job

[2013/01/17 05:30:36 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/01/17 05:30:36 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/01/17 03:13:40 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job

[2013/01/17 03:10:38 | 453,640,191 | -HS- | M] () -- C:\hiberfil.sys

[2013/01/16 23:11:54 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2013/01/16 23:03:13 | 000,001,222 | ---- | M] () -- C:\Users\Sam\Desktop\ComboFix - Shortcut.lnk

[2013/01/16 01:12:18 | 000,000,512 | ---- | M] () -- C:\Users\Sam\Desktop\MBR.dat

[2013/01/14 02:35:23 | 000,380,010 | ---- | M] () -- C:\Users\Sam\Desktop\MGlogs.zip

[2013/01/14 02:35:23 | 000,380,010 | ---- | M] () -- C:\MGlogs.zip

[2013/01/14 01:06:17 | 000,001,266 | ---- | M] () -- C:\Users\Sam\Desktop\Revo Uninstaller.lnk

[2013/01/14 01:01:38 | 000,859,272 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2013/01/14 01:01:38 | 000,719,824 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/01/14 01:01:38 | 000,147,058 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/01/14 01:01:32 | 000,859,272 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/01/14 00:16:32 | 000,002,281 | ---- | M] () -- C:\Users\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2013/01/13 23:49:49 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130114-005115.backup

[2013/01/13 22:16:21 | 000,002,257 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013/01/12 17:54:21 | 000,048,301 | ---- | M] () -- C:\Users\Sam\Desktop\bookmarks_12_01_2013.html

[2013/01/12 16:16:56 | 000,001,284 | ---- | M] () -- C:\Users\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2013/01/12 16:09:01 | 000,001,092 | ---- | M] () -- C:\Users\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities.lnk

[2013/01/12 15:24:36 | 000,001,037 | ---- | M] () -- C:\Users\Sam\Desktop\NoteTab Light.lnk

[2013/01/12 14:56:34 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk

[2013/01/12 14:44:19 | 000,001,033 | ---- | M] () -- C:\Users\Sam\Desktop\WinDirStat.lnk

[2013/01/09 03:30:36 | 005,501,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/01/07 00:00:12 | 000,001,052 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/16 23:03:13 | 000,001,222 | ---- | C] () -- C:\Users\Sam\Desktop\ComboFix - Shortcut.lnk

[2013/01/16 01:12:18 | 000,000,512 | ---- | C] () -- C:\Users\Sam\Desktop\MBR.dat

[2013/01/14 02:35:23 | 000,380,010 | ---- | C] () -- C:\Users\Sam\Desktop\MGlogs.zip

[2013/01/14 02:30:43 | 000,380,010 | ---- | C] () -- C:\MGlogs.zip

[2013/01/14 01:06:17 | 000,001,266 | ---- | C] () -- C:\Users\Sam\Desktop\Revo Uninstaller.lnk

[2013/01/13 23:35:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013/01/13 23:35:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013/01/13 23:35:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013/01/13 23:35:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013/01/13 23:35:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013/01/13 22:16:21 | 000,002,281 | ---- | C] () -- C:\Users\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2013/01/13 22:16:21 | 000,002,257 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013/01/13 22:15:32 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/01/13 22:15:30 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/01/12 17:54:21 | 000,048,301 | ---- | C] () -- C:\Users\Sam\Desktop\bookmarks_12_01_2013.html

[2013/01/12 16:16:56 | 000,001,284 | ---- | C] () -- C:\Users\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2013/01/12 15:24:36 | 000,001,037 | ---- | C] () -- C:\Users\Sam\Desktop\NoteTab Light.lnk

[2013/01/12 14:56:34 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk

[2013/01/12 14:56:34 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk

[2013/01/12 14:54:48 | 000,000,031 | ---- | C] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat

[2013/01/12 14:44:19 | 000,001,033 | ---- | C] () -- C:\Users\Sam\Desktop\WinDirStat.lnk

[2012/11/21 20:00:52 | 000,003,500 | ---- | C] () -- C:\Users\Sam\AppData\Local\recently-used.xbel

[2012/09/22 01:49:06 | 003,360,624 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe

[2012/04/26 19:25:04 | 000,007,645 | ---- | C] () -- C:\Users\Sam\AppData\Local\Resmon.ResmonCfg

[2012/02/27 16:55:47 | 000,000,050 | ---- | C] () -- C:\Users\Sam\ewin30.tcl

[2012/02/27 16:55:47 | 000,000,031 | ---- | C] () -- C:\Users\Sam\eoffice30.tcl

[2011/12/19 23:33:43 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini

[2011/10/14 15:43:20 | 000,021,504 | ---- | C] () -- C:\Users\Sam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/10/10 16:55:39 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011/10/10 16:55:23 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2011/10/10 15:17:35 | 002,212,096 | ---- | C] () -- C:\Windows\wweb32.dll

[2011/10/06 16:40:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_89001461_aa.bin

[2011/10/06 16:40:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_49001461_aa.bin

[2011/10/06 16:40:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_33011461_aa.bin

[2011/10/06 16:40:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_ca.bin

[2011/10/06 16:40:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_ca.bin

[2011/10/06 16:40:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_aa.bin

[2011/10/06 16:40:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_8a.bin

[2011/10/06 16:40:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_ca.bin

[2011/10/06 16:40:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_aa.bin

[2011/10/06 16:40:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_8a.bin

[2011/10/06 16:40:26 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_890F1461_ca.bin

[2011/10/06 16:40:26 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_2B0f1461_ca.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_aa.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_8a.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A0F1461_ca.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_ca.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_aa.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_8a.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_14001461_61.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_13011461_aa.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_ca.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_8a.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_aa.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_8a.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_ca.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_aa.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_8a.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A0F1461_ca.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_ca.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_aa.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_8a.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A031461_ca.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A031461_aa.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A011461_ca.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A011461_aa.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_09001461_aa.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_08071461_aa.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_060F1461_ca.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_aa.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_8a.bin

[2011/10/06 16:40:25 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_07031461_aa.bin

[2011/10/06 16:40:25 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_ca.bin

[2011/10/06 16:40:25 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_aa.bin

[2011/10/06 16:40:25 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_8a.bin

[2011/10/06 16:40:25 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_29001461_ca.bin

[2011/10/06 16:40:25 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_0B0f1461_ca.bin

[2011/10/06 16:40:25 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_090F1461_ca.bin

[2011/10/06 16:40:25 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_180F1461_ca.bin

[2011/10/06 16:40:25 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_18071461_aa.bin

[2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_aa.bin

[2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_8a.bin

[2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_aa.bin

[2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_8a.bin

[2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_ca.bin

[2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_8a.bin

[2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_aa.bin

[2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_8a.bin

[2011/10/06 16:40:24 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03131461_8a.bin

[2011/10/06 16:40:24 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03031461_aa.bin

[2011/10/06 16:40:24 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_ca.bin

[2011/10/06 16:40:24 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_aa.bin

[2011/10/06 16:40:24 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_8a.bin

[2011/10/06 16:40:24 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_aa.bin

[2011/10/06 16:40:24 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_8a.bin

[2011/10/06 16:40:24 | 000,000,376 | ---- | C] () -- C:\Windows\11317231_03131461_aa.bin

[2011/10/06 16:38:25 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

[2011/10/06 16:38:22 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

[2011/10/06 16:38:20 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

[2011/02/10 16:10:51 | 000,859,272 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/02/10 04:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/01/11 01:50:31 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\AVG2013

[2011/10/10 19:05:40 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Blio

[2012/02/08 18:32:33 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Camfrog

[2012/03/09 11:17:01 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Cisco

[2012/08/23 01:04:45 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2013/01/19 05:36:36 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Dropbox

[2012/11/10 21:07:36 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\FileZilla

[2011/10/10 11:41:49 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Fingertapps

[2011/11/25 17:57:58 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\GFT Global Markets UK

[2013/01/12 16:08:59 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\GlarySoft

[2013/01/12 16:04:14 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Greenshot

[2012/12/01 14:32:06 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\ICAClient

[2012/11/27 21:39:46 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\IObit

[2013/01/12 15:23:11 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\IrfanView

[2012/12/12 20:21:07 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Kalypso Media

[2011/11/25 17:41:31 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\MetaQuotes

[2013/01/14 02:33:47 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Nitro PDF

[2012/08/22 23:58:09 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Notepad++

[2012/12/09 02:33:13 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Origin

[2012/03/04 19:19:23 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Pamela

[2011/10/10 13:09:15 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\PCDr

[2012/08/25 18:09:01 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\PDAppFlex

[2012/05/08 22:35:24 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\PrimoPDF

[2012/02/11 15:31:26 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Rainmeter

[2011/11/14 22:28:24 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Research In Motion

[2012/01/21 10:36:45 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\SoftGrid Client

[2011/10/17 03:28:57 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Sports Interactive

[2013/01/06 23:15:57 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Spotify

[2012/09/04 19:50:16 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2012/04/27 00:44:25 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Stardock

[2012/04/11 16:34:53 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\TeamViewer

[2011/10/22 21:42:29 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\The Creative Assembly

[2011/10/14 14:22:07 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\TP

[2012/10/30 22:44:37 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\TS3Client

[2013/01/11 01:29:58 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\TuneUp Software

[2012/07/31 19:55:56 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Unity

[2012/11/10 21:07:32 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\uTorrent

[2012/02/24 15:13:25 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\ZinioReader4

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 19/01/2013 14:07:03 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sam\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.90 Gb Total Physical Memory | 3.24 Gb Available Physical Memory | 54.97% Memory free

11.79 Gb Paging File | 8.50 Gb Available in Paging File | 72.12% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 446.13 Gb Total Space | 36.72 Gb Free Space | 8.23% Space Free | Partition Type: NTFS

Drive D: | 465.76 Gb Total Space | 296.38 Gb Free Space | 63.63% Space Free | Partition Type: NTFS

Computer Name: SAM-LAPPY | User Name: Sam | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-371144906-3944880737-2443039130-1002\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{144E7479-E97B-47E6-A69E-B669014BEA26}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{17064C47-F2F5-44D1-BA84-8412BD0B41D4}" = lport=6917 | protocol=6 | dir=in | app=d:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |

"{194760A7-F3DA-41A2-A43C-BA24FBC66AD9}" = lport=6915 | protocol=6 | dir=in | app=d:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |

"{19B46003-E856-4125-B7F5-0A34F8AE21A3}" = lport=137 | protocol=17 | dir=in | app=system |

"{211E4EBD-422D-4BD1-A57D-AE62F6C163CD}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |

"{288E5049-79C6-4A02-8B98-88123149B318}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{36666BE7-6A8D-4D7A-B856-B17A50E7017E}" = lport=3702 | protocol=17 | dir=in | app=d:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |

"{3F2B9363-9918-4D44-9FAB-D62F8ACB6313}" = lport=139 | protocol=6 | dir=in | app=system |

"{41C17D5B-2727-4750-992B-34B397E9180E}" = lport=9700 | protocol=6 | dir=in | name=syncup_tcp_9700 |

"{41C77901-8179-4717-BE49-C9AE936EB41F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{47244707-B77D-4AF5-AC19-79612AC67D54}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{4E9BA712-0CCA-46EB-B589-A007BF065785}" = lport=445 | protocol=6 | dir=in | app=system |

"{5300DCD6-769C-4E93-8159-539200BF22DC}" = lport=138 | protocol=17 | dir=in | app=system |

"{5B813431-BF1B-4906-B4FA-941892300895}" = lport=6916 | protocol=6 | dir=in | app=d:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |

"{64F06F8F-5F9E-499E-B061-9F47C0E13F8D}" = lport=6920 | protocol=6 | dir=in | app=d:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |

"{67446A8A-6668-4F75-9532-E234B48891B7}" = lport=10243 | protocol=6 | dir=in | app=system |

"{6AA769AD-2FA8-4F85-BC90-265AF46AB4E8}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |

"{6C2CC718-AD5F-4659-B3F1-78CCE9AC80B6}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |

"{6C57541E-7D22-4A01-A207-69DB8A1629A6}" = lport=2869 | protocol=6 | dir=in | app=system |

"{71ADCC6B-BCE5-4BE5-A2AE-AAC8B9C569DC}" = rport=138 | protocol=17 | dir=out | app=system |

"{7CCFB8B8-021E-4A03-84B8-AC2B65C89E85}" = rport=137 | protocol=17 | dir=out | app=system |

"{81443875-E1D8-443F-BBB3-0704D9109DB3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{8619830D-912F-43FF-BC69-AD914A86CE89}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{8BDB8599-B635-4D69-9007-F5E19E5D1ACA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{8C319F0D-A1D4-46C7-92A5-DD078833F066}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{8C460D7C-BEF3-46EE-999F-C2EE55791ACC}" = rport=445 | protocol=6 | dir=out | app=system |

"{8D3FD2A5-6530-4962-9F62-983430770200}" = rport=139 | protocol=6 | dir=out | app=system |

"{8ECF381C-AF31-4FCF-8F8F-D955B0613898}" = lport=6918 | protocol=6 | dir=in | app=d:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |

"{9049FE33-E819-45BF-85EE-3B21B008FD93}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{9731ACE0-35CB-42CD-B81D-A1A1215F031D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{9E6B121E-AA31-40A7-8483-BCF8B9CFA5D8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

"{AA46CC0D-0D22-4A9C-BA3A-841FC185362F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{BAD60F8C-F11F-40D6-8B9C-585CC059E46C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{C30A5903-9083-409F-B4F3-2EE0319540D5}" = lport=9700 | protocol=17 | dir=in | name=syncup_udp_9700 |

"{C400745B-4F97-4AF7-9255-0A1EBC9A7DDB}" = lport=9702 | protocol=6 | dir=in | name=syncup_tcp_9702 |

"{CB70C9DB-36A3-45B1-B76B-5E3983BBBA29}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |

"{D04DF8B6-5B59-4FC1-84D1-59A27215A274}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |

"{D93A440E-F3DB-49F3-868B-5742078010C9}" = lport=6919 | protocol=6 | dir=in | app=d:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |

"{DB325830-E916-440B-A48D-D0FBC2CFCD9E}" = rport=10243 | protocol=6 | dir=out | app=system |

"{DB680971-5F96-4E8E-B322-7BEB37789EA8}" = lport=9701 | protocol=6 | dir=in | name=syncup_tcp_9701 |

"{E1E8593C-BC91-4D9F-845D-014D9C8EABB9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{E691C52A-EB77-4CD6-9090-0CD5DBB786F1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00AACE11-FC5B-477D-9E35-040D275C54C0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\frontline tactics\frontline pc v1.exe |

"{04A1FA26-40AE-4D98-AEA3-FF6D26328C65}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dear esther\dearesther.exe |

"{05E2108F-6F8E-45CF-AA8D-2E5AF5C40C3C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mount and blade\runme.exe |

"{07941ED1-71F3-433B-B2FC-0B7B84AF0B3B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |

"{083DB87A-E59B-4302-A7CC-569DB74BF6E9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nexuiz\bin32\editor.exe |

"{088CFA59-5EBD-4564-90FB-B857048B3ECA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |

"{09DCF737-43BE-4490-ADC0-F6EA93A3BCB9}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{0D4B810F-43A2-425F-83DB-5B39BDBE4EDE}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\dragon age ii\dragonage2launcher.exe |

"{0F42C8EB-FD49-4A95-8626-C592C4ADFD81}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander\bin\supremecommander.exe |

"{102C1D35-A20F-4264-9A1D-2BC6DF6A3B30}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |

"{12A9FFAF-8538-4B54-BD61-4AC560C9F457}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |

"{12B30ACC-F5FB-4553-87B1-075CEB6BEFF0}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |

"{1657EC16-1E68-4E35-BC59-FBC45D636136}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |

"{17B98A8B-C2E8-4F08-AC0D-3AEADF471726}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |

"{17EBAEBF-B813-46C8-ABAA-A3155C814E33}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic_ds.exe |

"{1955BC72-6F75-4E71-86BA-53E2BE08788C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nexuiz\bin32\editor.exe |

"{1957F1E9-CC30-4C91-B14E-CE7EAB3158B7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{196A1485-4542-4B98-B32B-F2FDDB57395F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires online\aoeonline.exe |

"{19AFFD90-DB04-4145-9D12-AF8243544677}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic_online.exe |

"{1AC28F01-A837-44D2-ACEB-EF6DBD4CE162}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander\bin\supremecommander.exe |

"{1C1875DF-DCA5-4A91-A1B5-9A1360220C5C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeons the dark lord demo\dungeons - the dark lord demo.exe |

"{22571886-F7A6-47CB-8C16-CFAEF618B843}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\dragon age ii\bin_ship\dragonage2.exe |

"{23D35ECE-E0F3-4C85-902D-C6415530BFD7}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe |

"{2559B100-4113-40FC-A9C3-C4D9511AF500}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\dragon age ii\bin_ship\dragonage2.exe |

"{270807BC-3500-496D-84A7-6E0BCD7C2F4E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman codename 47\hitman.exe |

"{281F158D-B771-46D9-B163-8E5674D3E993}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{28F00051-6AC4-4589-A68B-810E5302B40F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe |

"{2983FE66-7250-4F68-BAF2-521F3EB0FABF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{2ACA83D6-556B-49B1-BADD-4B1A125FFC10}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{2CA62013-E8AF-4E73-A684-31A34242518B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rock of ages\binaries\win32\roa.exe |

"{2DC762DE-05B7-4CEB-A04C-6B5FFE4615C1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe |

"{2FB6F418-8D8B-438A-B22E-F8C96D24093E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{32CE2B47-EBE0-497D-B406-1D5834C5A78F}" = protocol=17 | dir=in | app=c:\users\sam\appdata\roaming\dropbox\bin\dropbox.exe |

"{338C1EE0-9C73-4B08-A307-CDA1B9A18E20}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{3402E509-CDF5-48B8-A597-44FCBD9DFE82}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{358224B7-BBB3-4AE5-A3CD-9F347E8AB699}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeons the dark lord demo\dungeons-server.exe |

"{358B37E6-215B-4A86-BC63-70C4BD6B9073}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic_ds.exe |

"{3676AF5D-800E-4D39-8124-FEBA15DDF089}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\homefront\binaries\homefront.exe |

"{3B9C3772-679A-4B66-AAE5-3DB34CF97591}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\homefront\binaries\homefront.exe |

"{3E0F9F64-460C-4289-985F-1D5A45B7C599}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |

"{3FDF2D08-5D3F-46EB-8034-6D6E1568A6A4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\men of war assault squad\mow_assault_squad.exe |

"{40DAE3BF-67D3-4F50-AAD1-34824680E507}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |

"{42A949FF-5421-4DD4-BF76-E1F6A2C2ED37}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe |

"{43DBDC33-A535-4D5D-B568-F9C9C0A06F04}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe |

"{45FB8EEF-AD7F-4034-B9FB-4FE3EA0204B9}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe |

"{46486445-3467-424F-BAE8-EB8328E391B8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crimecraft\steamlauncher.exe |

"{480B05A5-A331-444D-8B1C-450CC0652AE8}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |

"{48D95423-2088-4B66-AC6D-E3C8FD4F5632}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{48DC6186-3A99-43EB-A254-4A8B46900C3F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\men of war\mow_editor.exe |

"{4C1409E7-D52E-402B-B9B9-FA05B265A925}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mount and blade\runme.exe |

"{4CD035FB-6209-4DA2-8B05-7FA8E3F3766F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{4E965719-C7F3-4403-87BA-61DE10904439}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{50BD4FBF-06B6-46BB-B80C-67D997092F77}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{51F2377C-6E55-4D52-974E-F995C018EFC2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{53317DC6-0516-464D-8094-EC4051B17EED}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires online\aoeonline.exe |

"{53E24925-DD82-4BC2-A9AF-0D880E47A86D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{54A20CB0-5183-4BE5-A110-4E4BE53B555A}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |

"{54EF51ED-03BA-45D3-8527-6F366883AAE6}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{554D59D7-2B1B-476B-8E92-91C02672123C}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\devicesetup.exe |

"{55C4E5A5-1847-4517-897F-77AF79DC83C3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\configure.exe |

"{56B4B976-BA28-49BB-A7F4-B83C0EB1DC73}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |

"{58B5E7CA-4C76-45C8-A90B-13BC7B9F9AE8}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe |

"{5964D649-6D5D-4398-BA99-26E0B7DECF43}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic.exe |

"{599A0F44-F256-4DB1-A063-1F2E5D44000B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\america's army 3\binaries\aa3game.exe |

"{5C525D8D-6E58-4B98-9819-F72486BEA42F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{5CA29E7E-45D9-46D0-8EDD-B9606622E6DB}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe |

"{5D30124F-A179-4C42-9F3A-9A38797CA8E5}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |

"{5D38007A-05F8-4888-AAD6-BD106F6CA27B}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |

"{5D45F557-66E3-4AC5-A44F-566BC4F4DFD6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\men of war\mow.exe |

"{60D8BC30-4AAB-4EE8-9AA8-6AF07D26CFC2}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{61F04CC5-6BE1-4BE7-A519-9957FE558E6F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ava\reactor.exe |

"{64A029C1-B1F4-4A1E-A0A3-6CECA7C5C3D0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman 2 silent assassin\hitman2.exe |

"{6BC3481A-B40D-4366-8592-873DE9AB1D07}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dear esther\dearesther.exe |

"{6C50B426-1EA3-44EF-878C-E13664F792FF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman 2 silent assassin\config.exe |

"{74D9BA0E-C88E-4910-86DE-F4768CDDDA9B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |

"{750D8665-C791-4356-B507-EEE1CFD0076D}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |

"{75ABE1F7-B845-4F1C-B9C5-0C7FE4508248}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crimecraft\steamlauncher.exe |

"{772B1EB3-6549-48EA-9DF5-76B04527876B}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe |

"{779050D6-7207-4770-9E63-9CBB5AFD13BC}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe |

"{78A8AA82-E5C3-4EBD-BFA1-E00A8038B9B9}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{797645BC-31EF-43AF-93C3-B6FDD0E56B40}" = protocol=17 | dir=in | app=c:\users\sam\appdata\local\google\google talk plugin\googletalkplugin.exe |

"{7B1F8139-E3C0-4DE1-8FD8-9F5589621377}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |

"{7BB16D07-0C9B-4242-9956-B56EA5BD6FA5}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |

"{7CDF0720-4076-4EBE-8CA7-EF66DDFC4DEC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |

"{7F35AD60-7E51-4C0C-9184-A50216DA0FB9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |

"{7F99D323-3D66-4890-B21D-C8F1587BDC2D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |

"{81442EC4-18FC-468F-880F-EEAFD8DDF583}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |

"{85F0CD07-75F0-4643-B792-BE842F623E9F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\men of war\mow.exe |

"{86A49559-F801-45C0-8739-1C3512D389C7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{86C13259-2E5B-4BEC-A451-B5DAA44029B4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |

"{8789B7CF-930F-4C27-AD49-888EE99C10E0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |

"{8864B392-D87F-45E5-A69D-F10BE312CF24}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic_online.exe |

"{89380516-0390-4C6B-885C-0B3C35FADA72}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\zombie_driver_hd\bin\zombiedriverhd.exe |

"{898BEA95-9F24-467A-A976-C57D1D5FA700}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ava\reactor.exe |

"{8A29CB0B-54B9-4B63-B76F-ED8BA8E5F196}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vanguard saga of heroes f2p\launchpad.exe |

"{8C4B8D2B-EE93-4D6E-BC93-0B62F2640BA2}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\dragon age ii\dragonage2launcher.exe |

"{8D934C5E-C13C-4BED-86BC-FC106A69184E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |

"{8EC73DBF-1FD4-4E85-BFDE-E8076BBAA46F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{90123EC8-1B99-4662-B24D-27798CAB4FF1}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe |

"{9012509B-D1F6-4E67-BDFE-6D39461ED048}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |

"{902FBC8E-CF48-476A-9DD3-B4A1C7CDDB34}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{9079323F-3BC2-4E80-BBD2-391D60C16F06}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\men of war red tide\redtide.exe |

"{92D290E9-E7E8-435B-9A93-A83FBD2B447C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe |

"{93752F2E-C2EB-4FAC-8FC8-78D073B54CDA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{96BBF877-852F-4EE2-9271-FA4E15150388}" = dir=in | app=c:\users\sam\appdata\local\facebook\video\skype\facebookvideocalling.exe |

"{9890B331-9E8C-455B-9E0B-BE18350E23EB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\might and magic heroes vi demo\might & magic heroes vi.exe |

"{994982DD-A7EF-4703-82D8-FDC8386ED78E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\men of war\mow_editor.exe |

"{99BC01F1-8D39-4AF3-844F-98A0E5ECBD61}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |

"{99CBCB65-3174-4855-8DE6-CB0C647E5937}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ravaged\binaries\win32\ravagedgame.exe |

"{99ECD9C5-F76F-4872-8945-337A0AEF32B5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |

"{9A09D8F4-B830-404F-8FC9-A8A3A91EA4A5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\frontline tactics\frontline pc v1.exe |

"{9BDB1C90-9815-45FE-995E-F2E826AD6FC7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman 2 silent assassin\config.exe |

"{9D356853-40DF-49BE-9EBA-C12881AD28F2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander forged alliance\bin\supremecommander.exe |

"{9DD4F9B9-B632-4CFE-9468-B8FA733CB13D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman 2 silent assassin\hitman2.exe |

"{9DF06025-D982-48E5-9999-8B4EA5A5AD85}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\might and magic heroes vi demo\might & magic heroes vi.exe |

"{9E4B59E3-F28C-45A5-A2E3-E5FF9F588F18}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\america's army 3\binaries\aa3loader.exe |

"{9EC2DEFE-47A6-4EE8-8645-9EDE9BEFF76C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeons the dark lord demo\dungeons-server.exe |

"{9EEF080B-C5A7-4337-82ED-BABF58BD9482}" = protocol=6 | dir=in | app=c:\users\sam\appdata\local\google\google talk plugin\googletalkplugin.exe |

"{9F09D231-9B2B-436A-8087-D145B1C5ED42}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nexuiz\bin32\nexuiz.exe |

"{A19E0C47-10AB-4102-BEDE-67E78ED3BB42}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{A652A380-8E3F-4F23-959A-E1B487CF33BE}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |

"{A92616C3-76D0-494A-A144-7CE26ED2B477}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeons the dark lord demo\dungeons - the dark lord demo.exe |

"{AB8740CE-33B1-4C63-8C8B-E3CD66963E6C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\men of war - vietnam\vietnam.exe |

"{AC6F92D0-B52A-4BA0-91C8-B0B579EEA517}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |

"{AD6DDDA1-3BDD-4517-9D2C-7D39E26FC338}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{AE3D677A-EA8E-46F8-9469-84F76AFBC3E7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ravaged\binaries\win32\ravagedgame.exe |

"{AF7CDC4A-B69E-4123-AC68-0AD8B807029E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\men of war assault squad\mow_assault_squad.exe |

"{B05E47B3-D681-439D-8283-7BB50C04CFCA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\men of war red tide\redtide.exe |

"{B0EB78F1-5786-4DF0-8B3A-D58CEF37A6DB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{B5A0C105-4E75-4A20-B66D-7BC94F473DC7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gotham city impostors f2p\impostors.exe |

"{B78D6EC0-F099-4405-A38C-0C71EC7BAE8E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{B7A5247C-CBF7-4584-BE8E-FF1CDC1628D6}" = protocol=6 | dir=out | app=system |

"{B7DB6502-C425-4302-8B23-F53AE075824A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |

"{B9C3FB1C-9571-4358-B177-DDBD9973C760}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman codename 47\hitman.exe |

"{B9CF717B-5596-4FAC-87A0-9E2F1FCD9EC8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |

"{BACD576F-1C43-47DC-B4A5-8A513A677E2C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe |

"{BBFADAAC-136B-4D96-A840-4FEE565FF3F9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{BC72AB75-C9CF-42B2-9545-6EC28D167D21}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |

"{BDCED23B-B479-438C-BD0C-8E7CC8E9B6A1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nexuiz\bin32\nexuiz.exe |

"{C1ADE2DC-B93D-4899-8785-2DB5B24F32BB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{C21A5470-D9BD-4E60-A144-8E4A361CA7D4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{C2EB9064-E8DF-499F-92C2-5C2776EF75F1}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |

"{C4A03F5C-5374-4377-A1FF-878054CB21F2}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |

"{C668DF05-0B30-4F83-B7E8-395A367C8B7D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |

"{C7716126-2FAE-41EE-BA05-E0EAF07E769E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\configure.exe |

"{C7924850-8CC1-4C5E-9E4E-C69CE1D5CBD4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |

"{C7DAB214-3EC8-4242-8D5C-63294886B4E7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\men of war - vietnam\vietnam.exe |

"{C7EFF5C4-6ADD-41D8-AF6B-EEDBCFF3194D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |

"{C8649683-D4E1-4CE8-BE41-7ECEF99E575E}" = protocol=6 | dir=in | app=c:\program files\metatrader - alpari uk\metatester64.exe |

"{C93BA956-162D-4ABA-ABCE-9745DA6219F8}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{CA41558D-161A-4DEA-8059-D81352B5B05B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\men of war condemned heroes\condemnedheroes.exe |

"{CB737FE1-AB23-4DCC-8325-FF45E372682E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman codename 47\setup.exe |

"{CC1F3F5A-B655-4C6E-9D79-D178FC457858}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{CCD168E8-3B31-4E9D-B18A-D16860B226EB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rock of ages\binaries\win32\roa.exe |

"{CD4C170C-CBB1-418E-80CA-AA6F1C2CBFED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\america's army 3\binaries\aa3game.exe |

"{CD8881E1-E6B3-486B-A9BF-184EFAAABCE4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\america's army 3\binaries\aa3loader.exe |

"{CD8E5787-2A53-442C-9562-23C3F98B18DE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |

"{CE227B0B-1E23-4658-A2EF-4865BFBE28C6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |

"{CEC0F865-97E2-4160-BBF9-BC9FFF705550}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\hpnetworkcommunicator.exe |

"{CFE460B6-C42F-4A7C-94E9-CFFC66C370B2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |

"{D09D7DBD-AA27-4EC5-B9D9-4BD55632374F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe |

"{D0B08F78-721E-4F68-B37A-B85C86EEB7C6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |

"{D35CF63F-53F9-4597-8E5A-3ABFFE385634}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{D523BBCF-74A4-44AE-8A67-DFB59B6E6522}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |

"{D9274D16-105D-436C-BF32-22CC5D6BE522}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vanguard saga of heroes f2p\launchpad.exe |

"{DA76837F-E8CF-4BA2-95E2-57E91DE042B9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe |

"{DACE20B2-7BD5-4C7A-B9A0-F5E1BDFC55CD}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |

"{DC171E12-6D57-4ADE-88B9-7EF495299029}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{DD8614CC-BF18-4D2A-B9BA-AC8F37475BBD}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe |

"{E014C494-4E1D-4B55-AAEC-654B893D7727}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |

"{E1870661-E4C9-4EF4-ACEC-9FEF70544560}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |

"{E1CAA7D0-9E30-4F4D-A1ED-B50D44154651}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |

"{E38B4D80-7F9D-4E4A-A6B0-69262FE4F385}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic.exe |

"{E3B912BA-0AE7-4BFF-9570-2EF29F9F72A0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{E5D0734F-9409-4AAC-AFEB-20D818A83D21}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{EA2898C9-681D-4BC8-A755-68CE600E35CC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe |

"{EFACB75C-0511-4B76-8770-337A9650EE4B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{F1C645C7-38C1-42A7-BA9E-FA579BE70D07}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |

"{F4939B48-3296-4331-9899-CBE14B2B5702}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\men of war condemned heroes\condemnedheroes.exe |

"{F51A7DED-6C6F-4CC3-B546-C197210C41B7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |

"{F9CE79EF-34CC-4CB4-8DCD-AFC8977DDE78}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\zombie_driver_hd\bin\zombiedriverhd.exe |

"{FA5A888F-E232-4F64-8BE4-0C24B87F20C9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander forged alliance\bin\supremecommander.exe |

"{FB96D2BE-AE25-46D1-A813-37C3D5638EC9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{FCDC97A6-F9C3-4CDA-B572-9F092FE676DD}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{FCE3BC95-45EF-41B6-A4E1-6078177FEC7F}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe |

"{FE09844C-0232-440E-80E5-25A87CBF71AB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gotham city impostors f2p\impostors.exe |

"{FEBF25D1-AD7C-4BA9-ADD3-9766FE8EFC57}" = protocol=6 | dir=in | app=c:\users\sam\appdata\roaming\dropbox\bin\dropbox.exe |

"{FEFB9F08-18E3-494D-8A63-96972E97D1AC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman codename 47\setup.exe |

"{FF2A280B-EC13-4A3D-8469-28929C335917}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe |

"{FF2DBC3D-A078-421F-A483-051A42EC0A78}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe |

"TCP Query User{99344802-717E-4F4C-B0F1-2CC0FD270F5F}C:\users\sam\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\sam\appdata\roaming\dropbox\bin\dropbox.exe |

"UDP Query User{63CC88C2-E4F6-4EAD-9D3C-98945A0B70B5}C:\users\sam\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\sam\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer

"{0E8670B8-3965-4930-ADA6-570348B67153}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom

"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences

"{13417784-A359-3CDD-8DE1-B7108707D647}" = Visual Studio 2012 Prerequisites - ENU Language Pack

"{13D558FE-A863-402C-B115-160007277033}" = Microsoft SQL Server 2012 Express LocalDB

"{13DF8BA9-B101-4535-81E3-0C5FBF19AB56}" = SQL Server 2012 RC0 Management Studio

"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5

"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{1D8F9364-762C-4FE3-8923-256D66BCBE1A}" = Microsoft SQL Server 2012 RC0 Setup (English)

"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables

"{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}" = Microsoft SQL Server 2008 Native Client

"{27EF252D-800C-ED42-9904-459FE0046225}" = Windows Software Development Kit for Windows Store Apps DirectX x64 Remote

"{28D85F24-B685-3364-BB7C-284C88C2FFE5}" = Microsoft Visual Studio Team Foundation Server 2012 Storyboarding

"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display

"{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}" = Intel® PROSet/Wireless Software for Bluetooth® Technology

"{2B997E80-3BEC-3222-9114-98DBE1182B2E}" = Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727

"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program

"{36E619BC-A234-4EC3-849B-779A7C865A45}" = Microsoft SQL Server 2012 Data-Tier App Framework

"{3A92A8D7-60F4-4BC0-892B-3AAE4481359D}" = Nitro Reader 2

"{3FA063D7-EDC1-AFA8-54AF-0563C7DEE070}" = Windows App Certification Kit Native Components

"{4701DEDE-1888-49E0-BAE5-857875924CA2}" = Microsoft SQL Server System CLR Types (x64)

"{49D665A2-4C2A-476E-9AB8-FCC425F526FC}" = Microsoft SQL Server 2012 Native Client

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud

"{4DEA21F6-2F26-464F-BCDA-3335184FF1F3}" = HP Deskjet 3070 B611 series Product Improvement Study

"{502275B0-3DA3-44D8-8702-066525CAAE98}" = AVG 2013

"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10

"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files

"{55EFD1A6-ED8E-3A4C-9581-5E1A1FF244CD}" = Microsoft Visual Studio Team Foundation Server 2012 Storyboarding Language Pack - ENU

"{572E796D-C52B-3797-A685-2FB6F895D4BE}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)

"{5FB4C443-6BD6-1514-2717-3827D65AE6FB}" = Windows Software Development Kit DirectX x64 Remote

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup

"{61862D7C-CDBC-48D5-8AE1-3B8BD1E23BC5}" = Visual Studio 2012 Prerequisites

"{6292D514-17A4-403F-98F9-E150F10C043D}" = Microsoft SQL Server 2008 Setup Support Files

"{633AB014-DDE6-403E-A302-8920CC32C543}" = Microsoft Visual Studio 2012 Performance Collection Tools

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English

"{68A48EF1-DF03-394F-AF40-1E4FE42BB8DD}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU

"{6AAF4427-3039-4C8A-BE53-D6F01C21AD46}" = Microsoft Visual Studio 2012 IntelliTrace Core amd64

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{6F07A6C2-9068-3673-A120-DC10012468C6}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model

"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support

"{78909610-D229-459C-A936-25D92283D3FD}" = Microsoft SQL Server Compact 4.0 SP1 x64 ENU

"{789C9644-9F82-44d3-B4CA-AC31F46F5883}" = Python 3.2.3 (64-bit)

"{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}" = IIS 8.0 Express

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64

"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}" = Microsoft SQL Server 2012 Command Line Utilities

"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst

"{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb" = IIS Express Application Compatibility Database for x64

"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727

"{A7D58353-BFB8-40D4-9F46-D04706A24A79}" = SQL Server 2012 RC0 Management Studio

"{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}" = Microsoft Web Deploy 3.0

"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{ADBD6E65-46CB-4A97-9AFB-64963FEACC40}" = Microsoft SQL Server 2008 RsFx Driver

"{AF06DCB0-7E2A-4E7E-89C7-D797774C2471}" = SQL Server 2012 RC0 Common Files

"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97

"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel® Turbo Boost Technology Monitor 2.0

"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU

"{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}" = Microsoft SQL Server 2012 Transact-SQL Compiler Service

"{BFAB7835-55A2-41CD-AE66-F673BCA4E49F}" = AVG 2013

"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared

"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU

"{D61E4101-9E15-4D0E-ABD1-1ABD36B43330}" = Intel® PROSet/Wireless WiFi Software

"{D9F3D00D-E946-3B3D-A4A6-93D5020DB9F7}" = Microsoft Visual C++ 2012 x64 Designtime - 11.0.50727

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DC8D8E05-ECDF-413D-A4F7-5DD161CEFAE5}" = HP Deskjet 3070 B611 series Basic Device Software

"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{E2B8249D-895C-4685-8C83-00F3B1A13028}" = Microsoft Web Platform Installer 4.0

"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1

"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64

"{F1949145-EB64-4DE7-9D81-E6D27937146C}" = Microsoft System CLR Types for SQL Server 2012 (x64)

"{F731C1F6-F70A-47A3-996F-B976E29B6214}" = SQL Server 2012 RC0 Common Files

"{FA0A244E-F3C2-4589-B42A-3D522DE79A42}" = Microsoft SQL Server 2012 Management Objects (x64)

"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services

"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services

"{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb" = IIS Express Application Compatibility Database for x86

"{FE74AC04-F248-4641-B3A9-89C6AA4339CD}" = Microsoft Visual Studio 2012 Performance Collection Tools - ENU

"AVG" = AVG 2013

"CCleaner" = CCleaner

"CutePDF Writer Installation" = CutePDF Writer 2.8

"Defraggler" = Defraggler

"GIMP-2_is1" = GIMP 2.8.2

"Greenshot_is1" = Greenshot 1.0.6.2228

"Matlab R2012a" = MATLAB R2012a

"MetaTrader - Alpari UK" = MetaTrader - Alpari UK

"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1

"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)

"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)

"Microsoft SQL Server 11" = Microsoft SQL Server 2012 RC0 (64-bit)

"Microsoft SQL Server SQL11RC0" = Microsoft SQL Server 2012 RC0 (64-bit)

"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

"PC-Doctor for Windows" = Dell Support Center

"ProInst" = Intel PROSet Wireless

"R for Windows 2.14.0_is1" = R for Windows 2.14.0

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"WinRAR archiver" = WinRAR 4.10 beta 5 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00EC8ABC-3C5A-40F8-A8CB-E7DCD5ABFA05}" = Microsoft NuGet - Visual Studio 2012

"{01070EBF-D92B-4E09-8A5C-F33CE8B9D9D5}" = Blio

"{02213A81-CB13-7262-5ABE-1FFA2C75559F}" = Windows App Certification Kit x64

"{046806D1-0A38-3FCA-AF84-F71C50A0C363}" = Microsoft Visual Studio Premium 2012

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0A1A1D48-DB23-443A-BC7B-49255D138020}" = Entity Framework Designer for Visual Studio 2012 - enu

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0BCC836F-0B28-4090-B58A-64883BAA3B2F}" = WCF Data Services 5.0 (for OData v3) Primary Components

"{0DD706AF-B542-438C-999E-B30C7F625C8D}" = Intel® WiDi

"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime

"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup

"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

"{1172AC15-080E-30E3-85B0-FF59AD2E6315}" = Microsoft Visual Studio Ultimate 2012 - ENU

"{148878BD-A2A5-4CF1-A103-2BA632F41953}" = WCF Data Services Tools for Microsoft Visual Studio 2012

"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR

"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

"{1690CE56-2231-4E59-9006-A0876D949EA8}" = Tools for .Net 3.5

"{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}" = Microsoft Silverlight 4 SDK

"{1948E039-EC79-4591-951D-9867A8C14C90}" = Microsoft .NET Framework 4.5 SDK

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1B9BBB23-65CB-3AEE-BFC6-633E7CA299FD}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU

"{1C163D33-33B3-33EB-A617-0D4D852BE8E1}" = Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727

"{1DB43E5A-2F24-4F51-92B0-A2C0EBF5C742}" = Microsoft Report Viewer Add-On for Visual Studio 2012

"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1" = World of Tanks

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1F8E06E2-BA93-40DC-B183-E024CBD853A8}" = Microsoft Visual C++ 2012 Compilers

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{23176E97-26CB-C72A-19EB-BFB21AC1D15A}" = Windows Software Development Kit DirectX x86 Remote

"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback

"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10

"{246B0F46-F84E-4857-8C47-F2A86B598BC5}" = Microsoft Visual Studio 2012 Preparation

"{246CB06B-308C-4CAE-AD1C-CB8409274261}" = Citrix Receiver(Aero)

"{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{29F259D7-C517-3EED-84B4-237573CFD39C}" = Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{2C0CC01A-DDBC-3AED-AF18-E741242FD727}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources

"{2C76E3DA-BA76-4FAD-B1B1-72B46D639028}" = PreEmptive Analytics Visual Studio Components

"{2DCD0543-22F6-4E54-80D3-B4EFB9AC4943}" = TweetDeck

"{2DE9C112-2482-4D27-AA90-1504DFD9F117}" = Citrix Authentication Manager

"{2F6CE32A-018D-4656-895B-9E5E20D7740A}" = Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update

"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727

"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX

"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress

"{330E5D98-20D2-4CA4-AE51-FCB8AA80F634}" = Microsoft Visual Studio 2012 Devenv

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{372D17F6-A54E-4A01-B264-1314890FFE61}" = Dotfuscator and Analytics Community Edition

"{38FC6E9A-F719-431A-A83D-4C86D5FD6555}" = Microsoft Visual Studio 2012 Shell (Minimum) Resources

"{39901B4C-E954-4471-ADAB-E786AEE326D1}" = Dell Stage

"{3A523AF9-D32F-4C85-8388-0335731F3405}" = WCF RIA Services V1.0 SP2

"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU

"{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}" = SyncUP

"{42F61556-29ED-8122-F39E-6F04EA5FF279}" = Windows Software Development Kit for Windows Store Apps DirectX x86 Remote

"{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4D565319-8B91-41CB-961C-0DDC86101AC5}" = Dragon Age II

"{50A861B7-6A7D-4218-875E-5B6779F2AB14}" = FireArc Arcade

"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)

"{532DBCC8-9468-435C-AEF6-30B7F50735A2}" = Blend for Visual Studio 2012 ENU resources

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{57D782D7-49FD-48DE-AB47-A690A1519A2D}" = Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools

"{57F20F04-014D-453F-B6A3-AE9485C4DFAB}" = Blend for Visual Studio 2012

"{59D87F40-6C4B-4F80-A42B-FAA0E6EAFAB6}" = Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools

"{59F24743-2EA1-3A45-B8C2-6E0E1E078FA8}" = Microsoft Visual C# 2010 Express - ENU

"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack

"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1

"{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}" = Microsoft .NET Framework 4.5 Multi-Targeting Pack

"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219

"{60D5EF2A-4E0C-2C30-38F6-59C26E134F4A}" = Windows Software Development Kit

"{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages

"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{655C5545-7974-443F-882F-D745607EBB08}" = Citrix Receiver(DV)

"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6D6D43E5-218C-4B05-92D3-2240810F4760}" = Microsoft SQL Server 2012 T-SQL Language Service

"{6DAB46E3-D017-3E2B-85D8-F57A230384C0}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer

"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10

"{6F066545-40A2-4C38-A8F7-78581CC5C442}" = Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools

"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter

"{6FC3B79F-47C6-38AF-B9A9-67DE3C639598}" = Microsoft Visual Studio Premium 2012 - ENU

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{731C183B-86A0-3442-BE55-68A7C92581E9}" = Microsoft Visual C++ 2012 Extended Libraries

"{739A6D0C-CA8D-4955-8E3D-58D1847327AC}" = Online Plug-in

"{7437A4B9-314F-3B8F-827B-22909146E471}" = Microsoft LightSwitch for Visual Studio 2012 Core

"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1

"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™

"{77033683-0816-4D7D-8BF1-3949B4E9823D}" = Battlefield 3™

"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{790993EE-42FF-4D74-8770-FD6DB582A435}_is1" = DeadLine Equation Solver

"{790E9425-8570-493F-9AE7-81AFC9E46930}" = Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00)

"{7AAA27E4-CDB3-49C0-AA2D-41827C001BA3}" = Microsoft Small Basic v1.0

"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide

"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online

"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4

"{800F484E-9D69-492D-B656-7BAA32586142}" = Microsoft Visual Studio 2012 Shell (Minimum)

"{815928D4-B230-40C7-AEEF-FCC3DC4B3C59}" = Aeria Ignite

"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{820C677A-41B2-48C3-8136-FEE35A052E73}" = Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}" = Microsoft SQL Server 2008 R2 Management Objects

"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11

"{89B4532E-19CE-4FA9-9692-10BFD5A38532}" = Visual Studio Extensions for Windows Library for JavaScript

"{89BA1176-0C98-483D-9CAF-EBBC4EEE5DB3}" = VitalSource Bookshelf

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8C8711FD-0FC8-4801-B33E-ED19BB0350B1}_is1" = GPU Temp version 1.0

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010

"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010

"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{91605026-DBBF-48FF-B703-F7719CE3F703}" = Reader for PC

"{9169C939-ED01-446A-BD0C-29873BAF4E48}" = Prerequisites for SSDT

"{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}" = Dell MusicStage

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{93489CA8-6656-33A0-A5AC-E0EDEDB17C3E}" = Microsoft Visual Studio Professional 2012

"{942CC691-5B98-42A3-8BC5-A246BA69D983}" = Microsoft ASP.NET MVC 4 Runtime

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{991057FA-3CA7-42B0-94B6-5B1B2535FBD3}" = Citrix Receiver Inside

"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9F20CE56-3828-432D-A3C5-3EC6A2ED93C6}" = HP Deskjet 3070 B611 series Help

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A113003E-8271-4485-ABC1-83FB96BFFF52}" = Citrix Receiver(USB)

"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module

"{A23AADDA-3DBF-11E2-A6F2-984BE15F174E}" = Evernote v. 4.6

"{A3A6D5EA-B6B5-3C05-BDA8-EAB99C09CDDC}" = Microsoft Visual Studio 2012 SharePoint Developer Tools

"{A4366F69-CE22-4DB7-9C8C-46A5845AF997}" = Microsoft Visual C++ 2012 Compilers - ENU Resources

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A6E16998-A241-438F-A916-5CD59B5506C0}_is1" = XWidget Ver1.73

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)

"{AD1AEE2A-D9C0-3FAC-8D6B-B5E07B47257B}" = Microsoft Visual C++ 2012 Core Libraries

"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager

"{AF4D3C63-009B-4A17-B02E-D395065DD3F0}" = Dell Stage Remote

"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime

"{B1465D1D-6427-4CA1-AE29-8B699209E663}" = Microsoft Visual Studio 2012 Devenv Resources

"{B3533B84-A8DF-4A7A-8E95-B15F08B26E96}" = Microsoft Visual Studio 2012 IntelliTrace Core x86

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B5DA9D49-9BD8-0F2F-52FC-C7E66BC8D944}" = LocalESPCui for en-us

"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287

"{B96FCD4F-6EDD-4258-8A6D-0FCEA8445E3E}" = Microsoft Web Developer Tools - Visual Studio 2012

"{B9F35D86-242E-3FA4-B9F8-A982E0DF918D}" = Microsoft Visual Studio 2012 SharePoint Developer Tools ENU Language Pack

"{BAD0254F-9BDB-3D14-A5AC-9C0EF51F3D09}" = Microsoft Portable Library Multi-Targeting Pack Language Pack - enu

"{BC728724-882E-4E2D-B3EE-E2C7332DC2F2}" = Citrix Receiver (HDX Flash Redirection)

"{BDBE5D2A-AAB7-77BD-7A0E-5006665CE7C6}" = LocalESPC

"{C1BE4600-7D15-3D1E-8AA2-B3241DB1D063}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core

"{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}" = Microsoft SQL Server System CLR Types

"{C4CAD994-6EA2-3121-8352-DA593150B322}" = Microsoft Portable Library Multi-Targeting Pack

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser

"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari

"{C81452EB-CBCF-B8EB-3124-48C5B3D506B0}" = Windows Runtime Intellisense Content - en-us

"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86

"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack

"{CFFDC0EC-6924-3347-B047-13339EDBEC28}" = Microsoft Visual Studio Professional 2012 - ENU

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D11F66FF-82B3-DDB8-1146-525370552BE1}" = Windows Software Development Kit for Windows Store Apps

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker

"{D64B6984-242F-32BC-B008-752806E5FC44}" = Microsoft Visual Studio 2010 Shell (Isolated) - ENU

"{D92C9CCE-E5F0-4125-977A-0590F3225B74}" = SyncUP

"{D971780F-A609-4F78-92AA-B56FBC3955B9}" = Microsoft Visual Studio 2012 IntelliTrace Front End x86

"{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}" = Microsoft SQL Server 2012 Management Objects

"{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}" = Microsoft ASP.NET MVC 3

"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E1FBB3D4-ADB0-4949-B101-855DA061C735}" = Microsoft Silverlight 5 SDK

"{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}" = Microsoft System CLR Types for SQL Server 2012

"{e238e1a0-7fbd-4146-a4ac-d48badcdf3ae}" = Microsoft Visual Studio Ultimate 2012

"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage

"{E4ADE757-7FE9-322D-9CAE-C77D77A2D2BF}" = Microsoft LightSwitch for Visual Studio 2012 CoreRes - ENU

"{E4C33F5B-1B2F-466E-957E-B274F08151A0}" = Microsoft Web Deploy dbSqlPackage Provider - enu

"{E56B8E1D-8E90-46DC-AE55-EBA87ED69A5F}" = DealBook 360

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{E818AE7C-244B-4A50-9C86-C0E4A8B69159}" = Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU

"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0

"{EA5F34F3-3911-B4DB-63CA-1E44B2AB13A1}" = Adobe Download Assistant

"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter

"{EFA87714-E75A-3BFC-A698-A3AABA5A8A0C}" = Microsoft Visual Studio Ultimate 2012

"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = World in Conflict

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic

"{F605992E-FD5B-46D7-AFDA-FDB1AB00F829}" = Self-service Plug-in

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{FA414A52-6E3A-484E-A1FB-CA9AF0D62EFE}" = Microsoft Report Viewer 2012 Runtime - Beta

"{FA804794-2CCB-4301-954F-2C2894698876}" = Microsoft SQL Server Data Tools - enu (11.1.20627.00)

"{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}" = Microsoft SQL Server 2012 Data-Tier App Framework

"{FBBC8076-BB21-4E06-9FA0-309AEF6E35EE}" = Microsoft ASP.NET Web Pages 2 Runtime

"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FEB375AB-6EEC-3929-8FAF-188ED81DD8B5}" = Microsoft Help Viewer 2.0

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe AIR" = Adobe AIR

"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Advanced Audio FX Engine" = Advanced Audio FX Engine

"Advanced SystemCare 6_is1" = Advanced SystemCare 6

"Aeria Ignite 1.10.1721" = Aeria Ignite

"Amazon Kindle" = Amazon Kindle

"AVerMedia H339 Hybrid TV Tuner" = AVerMedia H339 Hybrid TV Tuner 2.2.64.64

"Battlelog Web Plugins" = Battlelog Web Plugins

"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1

"Camfrog 6.1" = Camfrog Video Chat 6.1

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager

"CitrixOnlinePluginPackWeb" = Citrix Receiver

"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant

"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows

"Dell Webcam Central" = Dell Webcam Central

"Diablo III" = Diablo III

"Everything" = Everything 1.2.1.371

"Fences" = Fences

"FileZilla Client" = FileZilla Client 3.5.3

"GeoGebra" = GeoGebra

"Glary Utilities_is1" = Glary Utilities 2.52.0.1698

"Google Chrome" = Google Chrome

"GoToAssist" = GoToAssist Corporate

"Graph_is1" = Graph 4.3

"Graphing Calculator 3D_is1" = Graphing Calculator 3D 3.2

"HP Photo Creations" = HP Photo Creations

"IDroo" = IDroo 1.0.0.154

"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage

"IrfanView" = IrfanView (remove only)

"Lure of the Temptress_is1" = Lure of the Temptress

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100

"Microsoft Help Viewer 2.0" = Microsoft Help Viewer 2.0

"Microsoft Visual C# 2010 Express - ENU" = Microsoft Visual C# 2010 Express - ENU

"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1

"Mozilla Firefox 14.0.1 (x86 en-GB)" = Mozilla Firefox 14.0.1 (x86 en-GB)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Notepad++" = Notepad++

"NoteTab Light 7_is1" = NoteTab Light 7 (Remove only)

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Office14.Click2Run" = Microsoft Office Click-to-Run 2010

"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010

"Origin" = Origin

"Pamela" = Pamela Basic 4.8

"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software

"PunkBusterSvc" = PunkBuster Services

"Rainmeter" = Rainmeter

"RealVNC_is1" = VNC Free Edition 4.1.3

"Revo Uninstaller" = Revo Uninstaller 1.94

"Shaiya" = Shaiya

"Skitch 1.0.1.4" = Skitch

"SopCast" = SopCast 3.4.7

"SpeedFan" = SpeedFan (remove only)

"Steam App 10180" = Call of Duty: Modern Warfare 2

"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer

"Steam App 102700" = Alliance of Valiant Arms

"Steam App 105400" = Fable III

"Steam App 105430" = Age of Empires Online

"Steam App 110800" = L.A. Noire

"Steam App 12110" = Grand Theft Auto: Vice City

"Steam App 12120" = Grand Theft Auto: San Andreas

"Steam App 13140" = America's Army 3

"Steam App 201060" = Dungeons: The Dark Lord Demo

"Steam App 201760" = Cities XL 2012

"Steam App 202200" = Galactic Civilizations II: Ultimate Edition

"Steam App 203810" = Dear Esther

"Steam App 204860" = Men of War: Condemned Heroes

"Steam App 20540" = Company of Heroes: Tales of Valor

"Steam App 206210" = Gotham City Impostors: Free To Play

"Steam App 211160" = Viking: Battle for Asgard

"Steam App 214150" = Galactic Civilizations I: Ultimate Edition

"Steam App 218210" = Vanguard: Saga of Heroes F2P

"Steam App 218310" = Frontline Tactics

"Steam App 219540" = ARMA 2: Operation Arrowhead Beta

"Steam App 220840" = Zombie Driver HD Demo

"Steam App 22230" = Rock of Ages

"Steam App 33910" = ARMA 2

"Steam App 33930" = ARMA 2: Operation Arrowhead

"Steam App 34330" = Total War: SHOGUN 2

"Steam App 38830" = Crimecraft: BLEEDOUT

"Steam App 42650" = Transformers: War for Cybertron

"Steam App 440" = Team Fortress 2

"Steam App 4560" = Company of Heroes

"Steam App 47760" = Mass Effect 2 Demo

"Steam App 48280" = Might and Magic Heroes VI Demo

"Steam App 48700" = Mount & Blade: Warband

"Steam App 48720" = Mount & Blade: With Fire and Sword

"Steam App 49520" = Borderlands 2

"Steam App 500" = Left 4 Dead

"Steam App 50300" = Spec Ops: The Line

"Steam App 550" = Left 4 Dead 2

"Steam App 55100" = Homefront

"Steam App 55230" = Saints Row: The Third

"Steam App 63940" = Men of War: Vietnam

"Steam App 64000" = Men of War: Assault Squad

"Steam App 6860" = Hitman: Blood Money

"Steam App 6900" = Hitman: Codename 47

"Steam App 72850" = The Elder Scrolls V: Skyrim

"Steam App 7830" = Men of War

"Steam App 8190" = Just Cause 2

"Steam App 8930" = Sid Meier's Civilization V

"Steam App 9340" = Company of Heroes: Opposing Fronts

"Steam App 9350" = Supreme Commander

"Steam App 9420" = Supreme Commander: Forged Alliance

"Steam App 96300" = Ravaged

"Steam App 96800" = Nexuiz

"TeamViewer 7" = TeamViewer 7

"Total Annihilation - Commander Pack_is1" = Total Annihilation - Commander Pack

"uTorrent" = µTorrent

"VLC media player" = VLC media player 2.0.4

"WinLiveSuite" = Windows Live Essentials

"WordWeb" = WordWeb

"World of Warcraft" = World of Warcraft

"ZinioReader4" = Zinio Reader 4

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-371144906-3944880737-2443039130-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

"InstallShield_{E56B8E1D-8E90-46DC-AE55-EBA87ED69A5F}" = DealBook 360

"Spotify" = Spotify

"UnityWebPlayer" = Unity Web Player

"WinDirStat" = WinDirStat 1.1.2

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 08/01/2013 23:27:50 | Computer Name = Sam-lappy | Source = .NET Runtime Optimization Service | ID = 1101

Description =

Error - 08/01/2013 23:27:51 | Computer Name = Sam-lappy | Source = .NET Runtime Optimization Service | ID = 1101

Description =

Error - 08/01/2013 23:27:51 | Computer Name = Sam-lappy | Source = .NET Runtime Optimization Service | ID = 1101

Description =

Error - 08/01/2013 23:27:51 | Computer Name = Sam-lappy | Source = .NET Runtime Optimization Service | ID = 1101

Description =

Error - 08/01/2013 23:27:52 | Computer Name = Sam-lappy | Source = .NET Runtime Optimization Service | ID = 1101

Description =

Error - 08/01/2013 23:27:53 | Computer Name = Sam-lappy | Source = .NET Runtime Optimization Service | ID = 1101

Description =

Error - 08/01/2013 23:27:53 | Computer Name = Sam-lappy | Source = .NET Runtime Optimization Service | ID = 1101

Description =

Error - 08/01/2013 23:31:15 | Computer Name = Sam-lappy | Source = WinMgmt | ID = 10

Description =

Error - 09/01/2013 00:09:21 | Computer Name = Sam-lappy | Source = .NET Runtime Optimization Service | ID = 1101

Description =

Error - 09/01/2013 00:09:21 | Computer Name = Sam-lappy | Source = .NET Runtime Optimization Service | ID = 1101

Description =

Error - 10/01/2013 18:08:18 | Computer Name = Sam-lappy | Source = WinMgmt | ID = 10

Description =

[ Media Center Events ]

Error - 28/09/2012 02:40:59 | Computer Name = Sam-lappy | Source = MCUpdate | ID = 0

Description = 07:40:59 - Error connecting to the internet. 07:40:59 - Unable

to contact server..

Error - 28/09/2012 02:41:08 | Computer Name = Sam-lappy | Source = MCUpdate | ID = 0

Description = 07:41:04 - Error connecting to the internet. 07:41:04 - Unable

to contact server..

Error - 28/09/2012 03:58:39 | Computer Name = Sam-lappy | Source = MCUpdate | ID = 0

Description = 08:58:17 - Error connecting to the internet. 08:58:31 - Unable

to contact server..

Error - 28/09/2012 04:04:31 | Computer Name = Sam-lappy | Source = MCUpdate | ID = 0

Description = 08:58:56 - Error connecting to the internet. 08:58:56 - Unable

to contact server..

Error - 28/09/2012 05:04:41 | Computer Name = Sam-lappy | Source = MCUpdate | ID = 0

Description = 10:04:40 - Error connecting to the internet. 10:04:40 - Unable

to contact server..

Error - 28/09/2012 05:04:57 | Computer Name = Sam-lappy | Source = MCUpdate | ID = 0

Description = 10:04:46 - Error connecting to the internet. 10:04:46 - Unable

to contact server..

Error - 29/09/2012 01:40:55 | Computer Name = Sam-lappy | Source = MCUpdate | ID = 0

Description = 06:40:55 - Error connecting to the internet. 06:40:55 - Unable

to contact server..

Error - 29/09/2012 01:41:08 | Computer Name = Sam-lappy | Source = MCUpdate | ID = 0

Description = 06:41:00 - Error connecting to the internet. 06:41:00 - Unable

to contact server..

Error - 30/09/2012 01:14:44 | Computer Name = Sam-lappy | Source = MCUpdate | ID = 0

Description = 06:14:44 - Error connecting to the internet. 06:14:44 - Unable

to contact server..

Error - 30/09/2012 01:14:58 | Computer Name = Sam-lappy | Source = MCUpdate | ID = 0

Description = 06:14:50 - Error connecting to the internet. 06:14:50 - Unable

to contact server..

[ System Events ]

Error - 27/06/2012 16:53:17 | Computer Name = Sam-lappy | Source = Service Control Manager | ID = 7000

Description = The NVIDIA Update Service Daemon service failed to start due to the

following error: %%1069

Error - 27/06/2012 17:07:21 | Computer Name = Sam-lappy | Source = BROWSER | ID = 8032

Description =

Error - 27/06/2012 19:48:19 | Computer Name = Sam-lappy | Source = NetBT | ID = 4321

Description = The name "WORKGROUP :1d" could not be registered on the interface

with IP address 192.168.1.64. The computer with the IP address 192.168.1.69 did

not allow the name to be claimed by this computer.

Error - 27/06/2012 20:01:58 | Computer Name = Sam-lappy | Source = BROWSER | ID = 8032

Description =

Error - 27/06/2012 20:55:58 | Computer Name = Sam-lappy | Source = NetBT | ID = 4321

Description = The name "WORKGROUP :1d" could not be registered on the interface

with IP address 192.168.1.64. The computer with the IP address 192.168.1.69 did

not allow the name to be claimed by this computer.

Error - 27/06/2012 21:10:50 | Computer Name = Sam-lappy | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk2\DR3.

Error - 30/06/2012 08:01:32 | Computer Name = Sam-lappy | Source = BROWSER | ID = 8032

Description =

Error - 30/06/2012 08:19:04 | Computer Name = Sam-lappy | Source = BROWSER | ID = 8032

Description =

Error - 01/07/2012 18:02:21 | Computer Name = Sam-lappy | Source = BROWSER | ID = 8032

Description =

Error - 03/07/2012 17:22:52 | Computer Name = Sam-lappy | Source = BROWSER | ID = 8032

Description =

< End of report >

Link to post
Share on other sites

Hi and sorry for any delay...I have been doing home renovations and don't have much time.

--------

Please go to: VirusTotal

On the page you'll find a "Choose File" button.

Click on the Choose File button.

In the Choose File to Upload window which opens, copy and paste this into the File Name box.

C:\Windows\11317231_89001461_aa.bin

Next, click the Open button.

Then click the "Scan It!" button just below.

This will scan the file. Please be patient.

If you get a message saying File has already been analyzed: click Reanalyze file now

Once scanned, copy and paste the link to the results page in your next reply.

----------

OTL.jpg Run OTL.exe

  • Copy/paste the following text written inside of the quote box into the Custom Scans/Fixes box located at the bottom of OTL

    :Services
    :OTL
    IE:64bit: - HKLM\..\SearchScopes\{F00A156D-B222-44CF-9055-2AE5990AF020}: "URL" = http://www.bing.com/...rc=IE-SearchBox
    IE - HKLM\..\SearchScopes\{F00A156D-B222-44CF-9055-2AE5990AF020}: "URL" = http://www.globasear...q={searchTerms}
    IE - HKU\S-1-5-21-371144906-3944880737-2443039130-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 42 6B 05 5F 5D F4 CD 01 [binary data]
    IE - HKU\S-1-5-21-371144906-3944880737-2443039130-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
    [2011/12/17 01:20:16 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
    [2013/01/17 03:14:19 | 000,000,626 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
    O2:64bit: - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No CLSID value found.
    O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
    O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [2011/10/14 15:43:20 | 000,021,504 | ---- | C] () -- C:\Users\Sam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    :Files
    ipconfig /flushdns /c
    :Commands
    [emptytemp]
    [resethosts]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

----------

Post the new OTL log and let me know how your system is running now. :)

Link to post
Share on other sites

OTL logfile created on: 19/01/2013 23:56:00 - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sam\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.90 Gb Total Physical Memory | 3.56 Gb Available Physical Memory | 60.31% Memory free

11.79 Gb Paging File | 9.15 Gb Available in Paging File | 77.59% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 446.13 Gb Total Space | 37.71 Gb Free Space | 8.45% Space Free | Partition Type: NTFS

Drive D: | 465.76 Gb Total Space | 296.38 Gb Free Space | 63.63% Space Free | Partition Type: NTFS

Computer Name: SAM-LAPPY | User Name: Sam | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Sam\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Users\Sam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)

PRC - D:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe (IObit)

PRC - C:\Users\Sam\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)

PRC - D:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe (IObit)

PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()

PRC - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)

PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)

PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()

PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)

PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)

PRC - C:\Prey\platform\windows\cronsvc.exe (Fork Ltd.)

PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()

PRC - C:\Program Files (x86)\WordWeb\wweb32.exe (WordWeb Software)

PRC - C:\Program Files (x86)\Everything\Everything.exe ()

========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c9298c7ab70c4db2848fc747b7ea5c3\PresentationFramework.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()

MOD - C:\Program Files (x86)\Evernote\Evernote\libxml2.dll ()

MOD - C:\Program Files (x86)\Evernote\Evernote\libtidy.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll ()

MOD - C:\Windows\wweb32.dll ()

MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()

MOD - C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll ()

MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()

MOD - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()

MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()

MOD - C:\Program Files (x86)\Everything\Everything.exe ()

========== Services (SafeList) ==========

SRV:64bit: - (NitroReaderDriverReadSpool2) -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (Nitro PDF Software)

SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)

SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()

SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)

SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel® Corporation)

SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)

SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel® Corporation)

SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)

SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (AdvancedSystemCareService6) -- D:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe (IObit)

SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)

SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()

SRV - (Te.Service) -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe (Microsoft Corporation)

SRV - (fussvc) -- C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)

SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (Sony SCSI Helper Service) -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation)

SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)

SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)

SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)

SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)

SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)

SRV - (CronService) -- C:\Prey\platform\windows\cronsvc.exe (Fork Ltd.)

SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)

SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)

SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)

SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)

SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (WinVNC4) -- C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.)

========== Driver Services (SafeList) ==========

DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )

DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )

DRV:64bit: - (nvkflt) -- C:\Windows\SysNative\drivers\nvkflt.sys (NVIDIA Corporation)

DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)

DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)

DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)

DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)

DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows ® Win 7 DDK provider)

DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows ® Win 7 DDK provider)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)

DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)

DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)

DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)

DRV:64bit: - (RsFx0105) -- C:\Windows\SysNative\drivers\RsFx0105.sys (Microsoft Corporation)

DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)

DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)

DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )

DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation)

DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)

DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)

DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)

DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)

DRV:64bit: - (NvStUSB) -- C:\Windows\SysNative\drivers\nvstusb.sys ()

DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Accelern.sys (ST Microelectronics)

DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel® Corporation)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)

DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)

DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)

DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:64bit: - (stdcfltn) -- C:\Windows\SysNative\drivers\stdcfltn.sys (ST Microelectronics)

DRV:64bit: - (qicflt) -- C:\Windows\SysNative\drivers\qicflt.sys (Quanta Computer)

DRV:64bit: - (AVer7231_x64) -- C:\Windows\SysNative\drivers\AVer7231_x64.sys (AVerMedia TECHNOLOGIES, Inc.)

DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)

DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)

DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)

DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)

DRV - (VSPerfDrv110) -- D:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys (Microsoft Corporation)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-371144906-3944880737-2443039130-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

IE - HKU\S-1-5-21-371144906-3944880737-2443039130-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-371144906-3944880737-2443039130-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB

IE - HKU\S-1-5-21-371144906-3944880737-2443039130-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =

IE - HKU\S-1-5-21-371144906-3944880737-2443039130-1002\..\SearchScopes,DefaultScope = {4F5CDA54-9914-4166-A3E1-AD46355AAE49}

IE - HKU\S-1-5-21-371144906-3944880737-2443039130-1002\..\SearchScopes\{4F5CDA54-9914-4166-A3E1-AD46355AAE49}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}'>http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

IE - HKU\S-1-5-21-371144906-3944880737-2443039130-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.co.uk"

FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Sam\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Sam\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Sam\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sam\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sam\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Sam\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/13 22:51:32 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\wcapturex@deskperience.com: C:\Program Files (x86)\WordWeb\WCaptureMoz [2011/10/10 15:17:35 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/13 22:51:32 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/03/09 10:28:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sam\AppData\Roaming\Mozilla\Extensions

[2011/12/17 01:20:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\extensions

[2012/11/26 22:29:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\ectamm6u.default\extensions

[2013/01/16 00:36:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\sge3aesf.default-1358118621276\extensions

[2012/07/31 18:14:26 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\ectamm6u.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi

[2013/01/13 23:17:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/10/10 09:30:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

[2013/01/13 22:51:32 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2013/01/13 22:51:31 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml

[2013/01/19 23:53:22 | 000,000,626 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

[2013/01/13 22:51:31 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2013/01/13 22:51:31 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml

[2013/01/13 22:51:31 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml

[2013/01/19 23:53:22 | 000,000,579 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\image.xml

[2013/01/13 22:51:31 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

[2013/01/13 22:51:31 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = http://www.google.com/search?q={searchTerms}

CHR - default_search_provider: suggest_url =

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Sam\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Sam\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll

CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll

CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

CHR - plugin: Citrix ICA Client (Enabled) = C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll

CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 7 U11 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll

CHR - plugin: Reader Application Detector (Enabled) = C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Unity Player (Enabled) = C:\Users\Sam\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll

CHR - plugin: Java Deployment Toolkit 7.0.110.21 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll

CHR - plugin: VLC Web Plugin (Enabled) = D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

O1 HOSTS File: ([2013/01/19 23:51:03 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - D:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O4:64bit: - HKLM..\Run: [bTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)

O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [intelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)

O4:64bit: - HKLM..\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [Everything] C:\Program Files (x86)\Everything\Everything.exe ()

O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)

O4 - HKU\.DEFAULT..\Run: [Advanced SystemCare 6] D:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)

O4 - HKU\S-1-5-18..\Run: [Advanced SystemCare 6] D:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)

O4 - HKU\S-1-5-21-371144906-3944880737-2443039130-1002..\Run: [spotify Web Helper] C:\Users\Sam\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)

O4 - HKU\S-1-5-21-371144906-3944880737-2443039130-1002..\Run: [WordWeb] C:\Program Files (x86)\WordWeb\wweb32.exe (WordWeb Software)

O4 - Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Sam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O4 - Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk = File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-371144906-3944880737-2443039130-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-371144906-3944880737-2443039130-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)

O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)

O16 - DPF: {E34F52FE-7769-46CE-8F8B-5E8ABAD2E9FC} https://webmail-eu.towerswatson.com/CACHE/sdesktop/install/binaries/instweb.cab (CSD ActiveX Installer)

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4CB81583-68DC-40B1-ABA5-FD3EA5118C3B}: DhcpNameServer = 192.168.1.254 192.168.1.254

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found

O18:64bit: - Protocol\Filter\ica - No CLSID value found

O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)

O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - D:\Stardock\Fences\FencesMenu64.dll (Stardock)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/19 23:50:33 | 000,000,000 | ---D | C] -- C:\_OTL

[2013/01/19 14:26:28 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\New folder

[2013/01/19 14:06:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe

[2013/01/17 02:45:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013/01/17 02:40:37 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2013/01/14 02:38:05 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\MGlogs

[2013/01/14 02:30:41 | 000,000,000 | ---D | C] -- C:\MGtools

[2013/01/14 01:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro

[2013/01/14 01:06:17 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller

[2013/01/14 01:06:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group

[2013/01/14 00:58:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0

[2013/01/13 23:35:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2013/01/13 23:35:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013/01/13 23:35:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2013/01/13 23:35:48 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/01/13 23:35:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013/01/13 23:23:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2013/01/13 22:57:24 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\RK_Quarantine

[2013/01/13 22:42:00 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\Fixing

[2013/01/13 22:16:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2013/01/13 22:15:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google

[2013/01/12 16:16:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy

[2013/01/12 16:16:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2013/01/12 16:16:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2013/01/12 16:07:31 | 000,000,000 | ---D | C] -- C:\Users\Sam\Documents\CC Reg Backups

[2013/01/12 16:04:01 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Greenshot

[2013/01/12 16:03:52 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\Greenshot

[2013/01/12 15:24:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NoteTab Light

[2013/01/12 15:24:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NoteTab Light

[2013/01/12 15:23:12 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView

[2013/01/12 15:23:11 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\IrfanView

[2013/01/12 15:23:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView

[2013/01/12 14:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenshot

[2013/01/12 14:57:15 | 000,000,000 | ---D | C] -- C:\Program Files\Greenshot

[2013/01/12 14:56:19 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET

[2013/01/12 14:56:07 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\Paint.NET

[2013/01/12 14:54:03 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prey

[2013/01/12 14:54:02 | 000,000,000 | ---D | C] -- C:\Prey

[2013/01/12 14:48:15 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything

[2013/01/12 14:48:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Everything

[2013/01/12 14:44:18 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat

[2013/01/12 14:44:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat

[2013/01/12 14:44:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinDirStat

[2013/01/11 01:50:31 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\AVG2013

[2013/01/11 01:29:58 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\TuneUp Software

[2013/01/11 01:29:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

[2013/01/11 01:29:10 | 000,000,000 | ---D | C] -- C:\$AVG

[2013/01/11 01:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013

[2013/01/11 01:28:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG

[2013/01/11 01:25:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files

[2013/01/11 01:25:20 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\MFAData

[2013/01/11 01:25:20 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData

[2013/01/11 01:25:20 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\Avg2013

[2013/01/05 18:55:36 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\ElevatedDiagnostics

[2012/12/28 11:52:37 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\Programs

[2012/12/23 12:25:43 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\Tidy up

========== Files - Modified Within 30 Days ==========

[2013/01/19 23:53:45 | 000,000,031 | ---- | M] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat

[2013/01/19 23:53:21 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/01/19 23:53:19 | 000,000,542 | ---- | M] () -- C:\Windows\tasks\MATLAB R2012a Startup Accelerator.job

[2013/01/19 23:53:07 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job

[2013/01/19 23:52:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/01/19 23:52:34 | 453,640,191 | -HS- | M] () -- C:\hiberfil.sys

[2013/01/19 23:51:03 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts

[2013/01/19 23:51:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/01/19 23:40:48 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-371144906-3944880737-2443039130-1002UA.job

[2013/01/19 23:40:48 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/01/19 23:40:43 | 000,000,252 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job

[2013/01/19 14:06:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe

[2013/01/17 05:38:15 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-371144906-3944880737-2443039130-1002Core.job

[2013/01/17 05:30:36 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/01/17 05:30:36 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/01/16 23:03:13 | 000,001,222 | ---- | M] () -- C:\Users\Sam\Desktop\ComboFix - Shortcut.lnk

[2013/01/16 01:12:18 | 000,000,512 | ---- | M] () -- C:\Users\Sam\Desktop\MBR.dat

[2013/01/14 02:35:23 | 000,380,010 | ---- | M] () -- C:\Users\Sam\Desktop\MGlogs.zip

[2013/01/14 02:35:23 | 000,380,010 | ---- | M] () -- C:\MGlogs.zip

[2013/01/14 01:06:17 | 000,001,266 | ---- | M] () -- C:\Users\Sam\Desktop\Revo Uninstaller.lnk

[2013/01/14 01:01:38 | 000,859,272 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2013/01/14 01:01:38 | 000,719,824 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/01/14 01:01:38 | 000,147,058 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/01/14 01:01:32 | 000,859,272 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/01/14 00:16:32 | 000,002,281 | ---- | M] () -- C:\Users\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2013/01/13 23:49:49 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130114-005115.backup

[2013/01/13 22:16:21 | 000,002,257 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013/01/12 17:54:21 | 000,048,301 | ---- | M] () -- C:\Users\Sam\Desktop\bookmarks_12_01_2013.html

[2013/01/12 16:16:56 | 000,001,284 | ---- | M] () -- C:\Users\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2013/01/12 16:09:01 | 000,001,092 | ---- | M] () -- C:\Users\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities.lnk

[2013/01/12 15:24:36 | 000,001,037 | ---- | M] () -- C:\Users\Sam\Desktop\NoteTab Light.lnk

[2013/01/12 14:56:34 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk

[2013/01/12 14:44:19 | 000,001,033 | ---- | M] () -- C:\Users\Sam\Desktop\WinDirStat.lnk

[2013/01/09 03:30:36 | 005,501,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/01/07 00:00:12 | 000,001,052 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

========== Files Created - No Company Name ==========

[2013/01/16 23:03:13 | 000,001,222 | ---- | C] () -- C:\Users\Sam\Desktop\ComboFix - Shortcut.lnk

[2013/01/16 01:12:18 | 000,000,512 | ---- | C] () -- C:\Users\Sam\Desktop\MBR.dat

[2013/01/14 02:35:23 | 000,380,010 | ---- | C] () -- C:\Users\Sam\Desktop\MGlogs.zip

[2013/01/14 02:30:43 | 000,380,010 | ---- | C] () -- C:\MGlogs.zip

[2013/01/14 01:06:17 | 000,001,266 | ---- | C] () -- C:\Users\Sam\Desktop\Revo Uninstaller.lnk

[2013/01/13 23:35:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013/01/13 23:35:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013/01/13 23:35:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013/01/13 23:35:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013/01/13 23:35:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013/01/13 22:16:21 | 000,002,281 | ---- | C] () -- C:\Users\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2013/01/13 22:16:21 | 000,002,257 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013/01/13 22:15:32 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/01/13 22:15:30 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/01/12 17:54:21 | 000,048,301 | ---- | C] () -- C:\Users\Sam\Desktop\bookmarks_12_01_2013.html

[2013/01/12 16:16:56 | 000,001,284 | ---- | C] () -- C:\Users\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2013/01/12 15:24:36 | 000,001,037 | ---- | C] () -- C:\Users\Sam\Desktop\NoteTab Light.lnk

[2013/01/12 14:56:34 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk

[2013/01/12 14:56:34 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk

[2013/01/12 14:54:48 | 000,000,031 | ---- | C] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat

[2013/01/12 14:44:19 | 000,001,033 | ---- | C] () -- C:\Users\Sam\Desktop\WinDirStat.lnk

[2012/11/21 20:00:52 | 000,003,500 | ---- | C] () -- C:\Users\Sam\AppData\Local\recently-used.xbel

[2012/09/22 01:49:06 | 003,360,624 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe

[2012/04/26 19:25:04 | 000,007,645 | ---- | C] () -- C:\Users\Sam\AppData\Local\Resmon.ResmonCfg

[2012/02/27 16:55:47 | 000,000,050 | ---- | C] () -- C:\Users\Sam\ewin30.tcl

[2012/02/27 16:55:47 | 000,000,031 | ---- | C] () -- C:\Users\Sam\eoffice30.tcl

[2011/12/19 23:33:43 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini

[2011/10/10 16:55:39 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011/10/10 16:55:23 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2011/10/10 15:17:35 | 002,212,096 | ---- | C] () -- C:\Windows\wweb32.dll

[2011/10/06 16:40:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_89001461_aa.bin

[2011/10/06 16:40:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_49001461_aa.bin

[2011/10/06 16:40:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_33011461_aa.bin

[2011/10/06 16:40:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_ca.bin

[2011/10/06 16:40:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_ca.bin

[2011/10/06 16:40:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_aa.bin

[2011/10/06 16:40:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_8a.bin

[2011/10/06 16:40:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_ca.bin

[2011/10/06 16:40:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_aa.bin

[2011/10/06 16:40:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_8a.bin

[2011/10/06 16:40:26 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_890F1461_ca.bin

[2011/10/06 16:40:26 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_2B0f1461_ca.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_aa.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_8a.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A0F1461_ca.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_ca.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_aa.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_8a.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_14001461_61.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_13011461_aa.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_ca.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_8a.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_aa.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_8a.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_ca.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_aa.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_8a.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A0F1461_ca.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_ca.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_aa.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_8a.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A031461_ca.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A031461_aa.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A011461_ca.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A011461_aa.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_09001461_aa.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_08071461_aa.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_060F1461_ca.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_aa.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_8a.bin

[2011/10/06 16:40:25 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_07031461_aa.bin

[2011/10/06 16:40:25 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_ca.bin

[2011/10/06 16:40:25 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_aa.bin

[2011/10/06 16:40:25 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_8a.bin

[2011/10/06 16:40:25 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_29001461_ca.bin

[2011/10/06 16:40:25 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_0B0f1461_ca.bin

[2011/10/06 16:40:25 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_090F1461_ca.bin

[2011/10/06 16:40:25 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_180F1461_ca.bin

[2011/10/06 16:40:25 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_18071461_aa.bin

[2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_aa.bin

[2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_8a.bin

[2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_aa.bin

[2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_8a.bin

[2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_ca.bin

[2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_8a.bin

[2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_aa.bin

[2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_8a.bin

[2011/10/06 16:40:24 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03131461_8a.bin

[2011/10/06 16:40:24 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03031461_aa.bin

[2011/10/06 16:40:24 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_ca.bin

[2011/10/06 16:40:24 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_aa.bin

[2011/10/06 16:40:24 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_8a.bin

[2011/10/06 16:40:24 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_aa.bin

[2011/10/06 16:40:24 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_8a.bin

[2011/10/06 16:40:24 | 000,000,376 | ---- | C] () -- C:\Windows\11317231_03131461_aa.bin

[2011/10/06 16:38:25 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

[2011/10/06 16:38:22 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

[2011/10/06 16:38:20 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

[2011/02/10 16:10:51 | 000,859,272 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/02/10 04:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/01/11 01:50:31 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\AVG2013

[2011/10/10 19:05:40 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Blio

[2012/02/08 18:32:33 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Camfrog

[2012/03/09 11:17:01 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Cisco

[2012/08/23 01:04:45 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2013/01/19 23:55:07 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Dropbox

[2012/11/10 21:07:36 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\FileZilla

[2011/10/10 11:41:49 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Fingertapps

[2011/11/25 17:57:58 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\GFT Global Markets UK

[2013/01/12 16:08:59 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\GlarySoft

[2013/01/12 16:04:14 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Greenshot

[2012/12/01 14:32:06 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\ICAClient

[2012/11/27 21:39:46 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\IObit

[2013/01/12 15:23:11 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\IrfanView

[2012/12/12 20:21:07 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Kalypso Media

[2011/11/25 17:41:31 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\MetaQuotes

[2013/01/14 02:33:47 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Nitro PDF

[2012/08/22 23:58:09 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Notepad++

[2012/12/09 02:33:13 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Origin

[2012/03/04 19:19:23 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Pamela

[2011/10/10 13:09:15 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\PCDr

[2012/08/25 18:09:01 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\PDAppFlex

[2012/05/08 22:35:24 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\PrimoPDF

[2012/02/11 15:31:26 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Rainmeter

[2011/11/14 22:28:24 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Research In Motion

[2012/01/21 10:36:45 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\SoftGrid Client

[2011/10/17 03:28:57 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Sports Interactive

[2013/01/06 23:15:57 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Spotify

[2012/09/04 19:50:16 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2012/04/27 00:44:25 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Stardock

[2012/04/11 16:34:53 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\TeamViewer

[2011/10/22 21:42:29 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\The Creative Assembly

[2011/10/14 14:22:07 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\TP

[2012/10/30 22:44:37 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\TS3Client

[2013/01/11 01:29:58 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\TuneUp Software

[2012/07/31 19:55:56 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Unity

[2012/11/10 21:07:32 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\uTorrent

[2012/02/24 15:13:25 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\ZinioReader4

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Link to post
Share on other sites

<p>Here you go:</p>

<p> </p>

<p> </p>

<div>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</div>

<div>Junkware Removal Tool (JRT) by Thisisu</div>

<div>Version: 4.4.8 (01.21.2013:2)</div>

<div>OS: Windows 7 Home Premium x64</div>

<div>Ran by Sam on 22/01/2013 at 22:03:01.57</div>

<div>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</div>

<div> </div>

<div> </div>

<div> </div>

<div> </div>

<div>~~~ Services</div>

<div> </div>

<div> </div>

<div> </div>

<div>~~~ Registry Values</div>

<div> </div>

<div> </div>

<div> </div>

<div>~~~ Registry Keys</div>

<div> </div>

<div> </div>

<div> </div>

<div>~~~ Files</div>

<div> </div>

<div>Successfully deleted: [File] "C:\Windows\couponprinter.ocx"</div>

<div> </div>

<div> </div>

<div> </div>

<div>~~~ Folders</div>

<div> </div>

<div>Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"</div>

<div>Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"</div>

<div> </div>

<div> </div>

<div> </div>

<div>~~~ FireFox</div>

<div> </div>

<div>Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"</div>

<div>Successfully deleted the following from C:\Users\Sam\AppData\Roaming\mozilla\firefox\profiles\ectamm6u.default\prefs.js</div>

<div> </div>

<div>user_pref("browser.newtab.url", "http://www.globasearch.com/?serie=21&newtab");</div>

<div> </div>

<div> </div>

<div> </div>

<div>~~~ Event Viewer Logs were cleared</div>

<div> </div>

<div> </div>

<div> </div>

<div> </div>

<div> </div>

<div>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</div>

<div>Scan was completed on 22/01/2013 at 22:10:24.44</div>

<div>End of JRT log</div>

<div>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</div>

<div> </div>

Link to post
Share on other sites

Hi,

Run a new scan with OTL and post the new log.

This is a nightmare!!
Sometimes removing malware can be an undertaking and take some time. Babylon just is one of those that is particularly annoying. :)
Link to post
Share on other sites

I really do appreciate the help, massively!

It just seems whenever Firefox is reinstalled it pulls old extensions back... no clue how!

Out of interest, if I were to copy across pictures, documents, etc, would this malware attach itself to something? I.e. could I back up the stuff I want onto an external HD and completely reformat?

Logs below

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.