globasearch - it just won't go away!

[SL8700]

OTL logfile created on: 25/01/2013 02:06:44 - Run 4

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sam\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.90 Gb Total Physical Memory | 3.42 Gb Available Physical Memory | 58.03% Memory free

11.79 Gb Paging File | 9.11 Gb Available in Paging File | 77.30% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 446.13 Gb Total Space | 38.58 Gb Free Space | 8.65% Space Free | Partition Type: NTFS

Drive D: | 465.76 Gb Total Space | 296.30 Gb Free Space | 63.62% Space Free | Partition Type: NTFS

Computer Name: SAM-LAPPY | User Name: Sam | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Sam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

PRC - C:\Users\Sam\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)

PRC - D:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe (IObit)

PRC - C:\Users\Sam\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)

PRC - D:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe (IObit)

PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()

PRC - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)

PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)

PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()

PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)

PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)

PRC - C:\Prey\platform\windows\cronsvc.exe (Fork Ltd.)

PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()

PRC - C:\Program Files (x86)\WordWeb\wweb32.exe (WordWeb Software)

PRC - C:\Program Files (x86)\Everything\Everything.exe ()

========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c9298c7ab70c4db2848fc747b7ea5c3\PresentationFramework.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()

MOD - C:\Program Files (x86)\Evernote\Evernote\libxml2.dll ()

MOD - C:\Program Files (x86)\Evernote\Evernote\libtidy.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll ()

MOD - C:\Windows\wweb32.dll ()

MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()

MOD - C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll ()

MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()

MOD - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()

MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()

MOD - C:\Program Files (x86)\Everything\Everything.exe ()

========== Services (SafeList) ==========

SRV:64bit: - (NitroReaderDriverReadSpool2) -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (Nitro PDF Software)

SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)

SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()

SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)

SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel® Corporation)

SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)

SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel® Corporation)

SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)

SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (AdvancedSystemCareService6) -- D:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe (IObit)

SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)

SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()

SRV - (Te.Service) -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe (Microsoft Corporation)

SRV - (fussvc) -- C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)

SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (Sony SCSI Helper Service) -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation)

SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)

SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)

SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)

SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)

SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)

SRV - (CronService) -- C:\Prey\platform\windows\cronsvc.exe (Fork Ltd.)

SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)

SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)

SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)

SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)

SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (WinVNC4) -- C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.)

========== Driver Services (SafeList) ==========

DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )

DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )

DRV:64bit: - (nvkflt) -- C:\Windows\SysNative\drivers\nvkflt.sys (NVIDIA Corporation)

DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)

DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)

DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)

DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)

DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)

DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows ® Win 7 DDK provider)

DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows ® Win 7 DDK provider)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)

DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)

DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)

DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)

DRV:64bit: - (RsFx0105) -- C:\Windows\SysNative\drivers\RsFx0105.sys (Microsoft Corporation)

DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)

DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)

DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )

DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation)

DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)

DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)

DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)

DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)

DRV:64bit: - (NvStUSB) -- C:\Windows\SysNative\drivers\nvstusb.sys ()

DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Accelern.sys (ST Microelectronics)

DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel® Corporation)

DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)

DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)

DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:64bit: - (stdcfltn) -- C:\Windows\SysNative\drivers\stdcfltn.sys (ST Microelectronics)

DRV:64bit: - (qicflt) -- C:\Windows\SysNative\drivers\qicflt.sys (Quanta Computer)

DRV:64bit: - (AVer7231_x64) -- C:\Windows\SysNative\drivers\AVer7231_x64.sys (AVerMedia TECHNOLOGIES, Inc.)

DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)

DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)

DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)

DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)

DRV - (VSPerfDrv110) -- D:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys (Microsoft Corporation)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-371144906-3944880737-2443039130-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

IE - HKU\S-1-5-21-371144906-3944880737-2443039130-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-371144906-3944880737-2443039130-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB

IE - HKU\S-1-5-21-371144906-3944880737-2443039130-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =

IE - HKU\S-1-5-21-371144906-3944880737-2443039130-1002\..\SearchScopes,DefaultScope = {4F5CDA54-9914-4166-A3E1-AD46355AAE49}

IE - HKU\S-1-5-21-371144906-3944880737-2443039130-1002\..\SearchScopes\{4F5CDA54-9914-4166-A3E1-AD46355AAE49}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

IE - HKU\S-1-5-21-371144906-3944880737-2443039130-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Sam\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Sam\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Sam\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sam\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sam\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Sam\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/25 00:34:26 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK

[2013/01/25 00:36:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sam\AppData\Roaming\Mozilla\Extensions

[2013/01/25 00:34:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2013/01/16 20:11:06 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2013/01/25 01:49:47 | 000,000,626 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

[2013/01/16 20:10:30 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2013/01/25 01:49:47 | 000,000,579 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\image.xml

[2013/01/16 20:10:30 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR - homepage: http://www.google.co.uk/

CHR - Extension: Docs = C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\

CHR - Extension: Google Drive = C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\

CHR - Extension: YouTube = C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Gmail = C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/01/19 23:51:03 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - D:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O4:64bit: - HKLM..\Run: [bTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)

O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [intelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)

O4:64bit: - HKLM..\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [Everything] C:\Program Files (x86)\Everything\Everything.exe ()

O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)

O4 - HKU\.DEFAULT..\Run: [Advanced SystemCare 6] D:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)

O4 - HKU\S-1-5-18..\Run: [Advanced SystemCare 6] D:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)

O4 - HKU\S-1-5-21-371144906-3944880737-2443039130-1002..\Run: [spotify Web Helper] C:\Users\Sam\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)

O4 - HKU\S-1-5-21-371144906-3944880737-2443039130-1002..\Run: [WordWeb] C:\Program Files (x86)\WordWeb\wweb32.exe (WordWeb Software)

O4 - Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Sam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O4 - Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk = File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-371144906-3944880737-2443039130-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-371144906-3944880737-2443039130-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)

O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)

O16 - DPF: {E34F52FE-7769-46CE-8F8B-5E8ABAD2E9FC} https://webmail-eu.towerswatson.com/CACHE/sdesktop/install/binaries/instweb.cab (CSD ActiveX Installer)

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4CB81583-68DC-40B1-ABA5-FD3EA5118C3B}: DhcpNameServer = 192.168.1.254 192.168.1.254

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found

O18:64bit: - Protocol\Filter\ica - No CLSID value found

O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)

O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - D:\Stardock\Fences\FencesMenu64.dll (Stardock)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/25 02:08:16 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\Old Firefox Data

[2013/01/25 00:36:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2013/01/25 00:34:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service

[2013/01/25 00:34:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2013/01/22 22:02:56 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2013/01/22 22:02:49 | 000,000,000 | ---D | C] -- C:\JRT

[2013/01/19 23:50:33 | 000,000,000 | ---D | C] -- C:\_OTL

[2013/01/19 14:06:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe

[2013/01/17 02:45:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013/01/17 02:40:37 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2013/01/14 02:30:41 | 000,000,000 | ---D | C] -- C:\MGtools

[2013/01/14 01:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro

[2013/01/14 01:06:17 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller

[2013/01/14 01:06:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group

[2013/01/14 00:58:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0

[2013/01/13 23:35:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2013/01/13 23:35:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013/01/13 23:35:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2013/01/13 23:35:48 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/01/13 23:35:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013/01/13 23:23:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2013/01/13 22:42:00 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\Fixing

[2013/01/13 22:15:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google

[2013/01/12 16:16:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy

[2013/01/12 16:16:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2013/01/12 16:16:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2013/01/12 16:07:31 | 000,000,000 | ---D | C] -- C:\Users\Sam\Documents\CC Reg Backups

[2013/01/12 16:04:01 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Greenshot

[2013/01/12 16:03:52 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\Greenshot

[2013/01/12 15:24:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NoteTab Light

[2013/01/12 15:24:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NoteTab Light

[2013/01/12 15:23:12 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView

[2013/01/12 15:23:11 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\IrfanView

[2013/01/12 15:23:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView

[2013/01/12 14:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenshot

[2013/01/12 14:57:15 | 000,000,000 | ---D | C] -- C:\Program Files\Greenshot

[2013/01/12 14:56:19 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET

[2013/01/12 14:56:07 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\Paint.NET

[2013/01/12 14:54:03 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prey

[2013/01/12 14:54:02 | 000,000,000 | ---D | C] -- C:\Prey

[2013/01/12 14:48:15 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything

[2013/01/12 14:48:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Everything

[2013/01/12 14:44:18 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat

[2013/01/12 14:44:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat

[2013/01/12 14:44:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinDirStat

[2013/01/11 01:50:31 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\AVG2013

[2013/01/11 01:29:58 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\TuneUp Software

[2013/01/11 01:29:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

[2013/01/11 01:29:10 | 000,000,000 | ---D | C] -- C:\$AVG

[2013/01/11 01:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013

[2013/01/11 01:28:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG

[2013/01/11 01:25:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files

[2013/01/11 01:25:20 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\MFAData

[2013/01/11 01:25:20 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData

[2013/01/11 01:25:20 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\Avg2013

[2013/01/05 18:55:36 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\ElevatedDiagnostics

[2012/12/28 11:52:37 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\Programs

========== Files - Modified Within 30 Days ==========

[2013/01/25 02:13:49 | 000,000,031 | ---- | M] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat

[2013/01/25 02:10:09 | 000,032,152 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys

[2013/01/25 02:07:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-371144906-3944880737-2443039130-1002UA.job

[2013/01/25 02:01:00 | 000,000,252 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job

[2013/01/25 01:56:56 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/01/25 01:56:56 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/01/25 01:51:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/01/25 01:49:12 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/01/25 01:49:02 | 000,000,542 | ---- | M] () -- C:\Windows\tasks\MATLAB R2012a Startup Accelerator.job

[2013/01/25 01:48:53 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job

[2013/01/25 01:48:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/01/25 01:48:06 | 453,640,191 | -HS- | M] () -- C:\hiberfil.sys

[2013/01/25 01:41:05 | 000,001,052 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2013/01/25 01:40:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/01/25 01:13:45 | 000,002,281 | ---- | M] () -- C:\Users\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2013/01/25 00:36:12 | 000,002,257 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013/01/25 00:34:48 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2013/01/24 23:29:25 | 000,001,216 | ---- | M] () -- C:\Users\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2013/01/23 05:49:53 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-371144906-3944880737-2443039130-1002Core.job

[2013/01/19 23:51:03 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts

[2013/01/19 14:06:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe

[2013/01/14 02:35:23 | 000,380,010 | ---- | M] () -- C:\MGlogs.zip

[2013/01/14 01:06:17 | 000,001,266 | ---- | M] () -- C:\Users\Sam\Desktop\Revo Uninstaller.lnk

[2013/01/14 01:01:38 | 000,859,272 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2013/01/14 01:01:38 | 000,719,824 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/01/14 01:01:38 | 000,147,058 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/01/14 01:01:32 | 000,859,272 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/01/13 23:49:49 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130114-005115.backup

[2013/01/12 17:54:21 | 000,048,301 | ---- | M] () -- C:\Users\Sam\Desktop\bookmarks_12_01_2013.html

[2013/01/12 16:16:56 | 000,001,284 | ---- | M] () -- C:\Users\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2013/01/12 16:09:01 | 000,001,092 | ---- | M] () -- C:\Users\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities.lnk

[2013/01/12 15:24:36 | 000,001,037 | ---- | M] () -- C:\Users\Sam\Desktop\NoteTab Light.lnk

[2013/01/12 14:56:34 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk

[2013/01/12 14:44:19 | 000,001,033 | ---- | M] () -- C:\Users\Sam\Desktop\WinDirStat.lnk

[2013/01/09 03:30:36 | 005,501,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/01/25 02:10:09 | 000,032,152 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys

[2013/01/25 00:36:12 | 000,002,281 | ---- | C] () -- C:\Users\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2013/01/25 00:36:12 | 000,002,257 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013/01/25 00:35:18 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/01/25 00:35:17 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/01/25 00:34:48 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2013/01/25 00:34:46 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2013/01/14 02:30:43 | 000,380,010 | ---- | C] () -- C:\MGlogs.zip

[2013/01/14 01:06:17 | 000,001,266 | ---- | C] () -- C:\Users\Sam\Desktop\Revo Uninstaller.lnk

[2013/01/13 23:35:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013/01/13 23:35:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013/01/13 23:35:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013/01/13 23:35:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013/01/13 23:35:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013/01/12 17:54:21 | 000,048,301 | ---- | C] () -- C:\Users\Sam\Desktop\bookmarks_12_01_2013.html

[2013/01/12 16:16:56 | 000,001,284 | ---- | C] () -- C:\Users\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2013/01/12 15:24:36 | 000,001,037 | ---- | C] () -- C:\Users\Sam\Desktop\NoteTab Light.lnk

[2013/01/12 14:56:34 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk

[2013/01/12 14:56:34 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk

[2013/01/12 14:54:48 | 000,000,031 | ---- | C] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat

[2013/01/12 14:44:19 | 000,001,033 | ---- | C] () -- C:\Users\Sam\Desktop\WinDirStat.lnk

[2012/11/21 20:00:52 | 000,003,500 | ---- | C] () -- C:\Users\Sam\AppData\Local\recently-used.xbel

[2012/09/22 01:49:06 | 003,360,624 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe

[2012/04/26 19:25:04 | 000,007,645 | ---- | C] () -- C:\Users\Sam\AppData\Local\Resmon.ResmonCfg

[2012/02/27 16:55:47 | 000,000,050 | ---- | C] () -- C:\Users\Sam\ewin30.tcl

[2012/02/27 16:55:47 | 000,000,031 | ---- | C] () -- C:\Users\Sam\eoffice30.tcl

[2011/12/19 23:33:43 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini

[2011/10/10 16:55:39 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011/10/10 16:55:23 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2011/10/10 15:17:35 | 002,212,096 | ---- | C] () -- C:\Windows\wweb32.dll

[2011/10/06 16:40:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_89001461_aa.bin

[2011/10/06 16:40:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_49001461_aa.bin

[2011/10/06 16:40:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_33011461_aa.bin

[2011/10/06 16:40:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_ca.bin

[2011/10/06 16:40:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_ca.bin

[2011/10/06 16:40:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_aa.bin

[2011/10/06 16:40:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_8a.bin

[2011/10/06 16:40:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_ca.bin

[2011/10/06 16:40:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_aa.bin

[2011/10/06 16:40:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_8a.bin

[2011/10/06 16:40:26 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_890F1461_ca.bin

[2011/10/06 16:40:26 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_2B0f1461_ca.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_aa.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_8a.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A0F1461_ca.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_ca.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_aa.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_8a.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_14001461_61.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_13011461_aa.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_ca.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_8a.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_aa.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_8a.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_ca.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_aa.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_8a.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A0F1461_ca.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_ca.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_aa.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_8a.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A031461_ca.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A031461_aa.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A011461_ca.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A011461_aa.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_09001461_aa.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_08071461_aa.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_060F1461_ca.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_aa.bin

[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_8a.bin

[2011/10/06 16:40:25 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_07031461_aa.bin

[2011/10/06 16:40:25 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_ca.bin

[2011/10/06 16:40:25 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_aa.bin

[2011/10/06 16:40:25 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_8a.bin

[2011/10/06 16:40:25 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_29001461_ca.bin

[2011/10/06 16:40:25 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_0B0f1461_ca.bin

[2011/10/06 16:40:25 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_090F1461_ca.bin

[2011/10/06 16:40:25 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_180F1461_ca.bin

[2011/10/06 16:40:25 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_18071461_aa.bin

[2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_aa.bin

[2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_8a.bin

[2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_aa.bin

[2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_8a.bin

[2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_ca.bin

[2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_8a.bin

[2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_aa.bin

[2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_8a.bin

[2011/10/06 16:40:24 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03131461_8a.bin

[2011/10/06 16:40:24 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03031461_aa.bin

[2011/10/06 16:40:24 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_ca.bin

[2011/10/06 16:40:24 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_aa.bin

[2011/10/06 16:40:24 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_8a.bin

[2011/10/06 16:40:24 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_aa.bin

[2011/10/06 16:40:24 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_8a.bin

[2011/10/06 16:40:24 | 000,000,376 | ---- | C] () -- C:\Windows\11317231_03131461_aa.bin

[2011/10/06 16:38:25 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

[2011/10/06 16:38:22 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

[2011/10/06 16:38:20 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

[2011/02/10 16:10:51 | 000,859,272 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/02/10 04:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/01/11 01:50:31 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\AVG2013

[2011/10/10 19:05:40 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Blio

[2012/02/08 18:32:33 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Camfrog

[2012/03/09 11:17:01 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Cisco

[2012/08/23 01:04:45 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2013/01/25 01:50:08 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Dropbox

[2012/11/10 21:07:36 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\FileZilla

[2011/10/10 11:41:49 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Fingertapps

[2011/11/25 17:57:58 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\GFT Global Markets UK

[2013/01/12 16:08:59 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\GlarySoft

[2013/01/12 16:04:14 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Greenshot

[2012/12/01 14:32:06 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\ICAClient

[2012/11/27 21:39:46 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\IObit

[2013/01/12 15:23:11 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\IrfanView

[2012/12/12 20:21:07 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Kalypso Media

[2011/11/25 17:41:31 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\MetaQuotes

[2013/01/14 02:33:47 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Nitro PDF

[2012/08/22 23:58:09 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Notepad++

[2012/12/09 02:33:13 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Origin

[2012/03/04 19:19:23 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Pamela

[2011/10/10 13:09:15 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\PCDr

[2012/08/25 18:09:01 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\PDAppFlex

[2012/05/08 22:35:24 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\PrimoPDF

[2012/02/11 15:31:26 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Rainmeter

[2011/11/14 22:28:24 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Research In Motion

[2012/01/21 10:36:45 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\SoftGrid Client

[2011/10/17 03:28:57 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Sports Interactive

[2013/01/06 23:15:57 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Spotify

[2012/09/04 19:50:16 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2012/04/27 00:44:25 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Stardock

[2012/04/11 16:34:53 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\TeamViewer

[2011/10/22 21:42:29 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\The Creative Assembly

[2011/10/14 14:22:07 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\TP

[2012/10/30 22:44:37 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\TS3Client

[2013/01/11 01:29:58 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\TuneUp Software

[2012/07/31 19:55:56 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Unity

[2012/11/10 21:07:32 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\uTorrent

[2012/02/24 15:13:25 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\ZinioReader4

========== Purity Check ==========

< End of report >

[SL8700]

Lastly, I can see that Babylon.xml is back in Program Files (x86)\Mozilla Firefox\searchplugins

[jeffce]

Hi,

Out of interest, if I were to copy across pictures, documents, etc, would this malware attach itself to something?

No this is not something that I have ever seen jump and attach itself.

could I back up the stuff I want onto an external HD and completely reformat?

Yes that is always an option. It would assure that there is nothing on your system and also have a fresh clean operating system running.

-----------

Let me know what you would like to do about your thoughts on formatting your system.

[SL8700]

I would rather just get it removed, tbh. If you can keep helping I would really really appreciate it.

[jeffce]

Hi,

I only see the one instance of Babylon...

Run OTL.exe

• Copy/paste the following text written inside of the quote box into the Custom Scans/Fixes box located at the bottom of OTL

  
  :Services
  :OTL
  IE - HKU\S-1-5-21-371144906-3944880737-2443039130-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
  [2013/01/25 01:49:47 | 000,000,626 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
  :Commands
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot when it is done
  
• Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
  

----------

Post the new OTL log and let me know how your system is running.

[SL8700]

<p> </p>

<div>OTL logfile created on: 28/01/2013 00:19:37 - Run 5</div>

<div>OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sam\Desktop</div>

<div>64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation</div>

<div>Internet Explorer (Version = 9.0.8112.16421)</div>

<div>Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy</div>

<div> </div>

<div>5.90 Gb Total Physical Memory | 3.34 Gb Available Physical Memory | 56.60% Memory free</div>

<div>11.79 Gb Paging File | 8.88 Gb Available in Paging File | 75.31% Paging File free</div>

<div>Paging file location(s): ?:\pagefile.sys [binary data]</div>

<div> </div>

<div>%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)</div>

<div>Drive C: | 446.13 Gb Total Space | 31.95 Gb Free Space | 7.16% Space Free | Partition Type: NTFS</div>

<div>Drive D: | 465.76 Gb Total Space | 168.56 Gb Free Space | 36.19% Space Free | Partition Type: NTFS</div>

<div> </div>

<div>Computer Name: SAM-LAPPY | User Name: Sam | Logged in as Administrator.</div>

<div>Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans</div>

<div>Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days</div>

<div> </div>

<div>========== Processes (SafeList) ==========</div>

<div> </div>

<div>PRC - C:\Users\Sam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)</div>

<div>PRC - C:\Users\Sam\Desktop\OTL.exe (OldTimer Tools)</div>

<div>PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)</div>

<div>PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)</div>

<div>PRC - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)</div>

<div>PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)</div>

<div>PRC - D:\Program Files (x86)\IObit\Advanced SystemCare 6\ASC.exe (IObit)</div>

<div>PRC - D:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe (IObit)</div>

<div>PRC - C:\Users\Sam\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)</div>

<div>PRC - D:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe (IObit)</div>

<div>PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)</div>

<div>PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)</div>

<div>PRC - D:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)</div>

<div>PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()</div>

<div>PRC - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)</div>

<div>PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)</div>

<div>PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)</div>

<div>PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)</div>

<div>PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()</div>

<div>PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)</div>

<div>PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)</div>

<div>PRC - C:\Prey\platform\windows\cronsvc.exe (Fork Ltd.)</div>

<div>PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)</div>

<div>PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)</div>

<div>PRC - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()</div>

<div>PRC - C:\Windows\SysWOW64\runonce.exe (Microsoft Corporation)</div>

<div>PRC - C:\Program Files (x86)\WordWeb\wweb32.exe (WordWeb Software)</div>

<div> </div>

<div> </div>

<div>========== Modules (No Company Name) ==========</div>

<div> </div>

<div>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll ()</div>

<div>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()</div>

<div>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c9298c7ab70c4db2848fc747b7ea5c3\PresentationFramework.ni.dll ()</div>

<div>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll ()</div>

<div>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()</div>

<div>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()</div>

<div>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()</div>

<div>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll ()</div>

<div>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()</div>

<div>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()</div>

<div>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()</div>

<div>MOD - D:\Program Files (x86)\IObit\Advanced SystemCare 6\madexcept_.bpl ()</div>

<div>MOD - D:\Program Files (x86)\IObit\Advanced SystemCare 6\maddisAsm_.bpl ()</div>

<div>MOD - D:\Program Files (x86)\IObit\Advanced SystemCare 6\madbasic_.bpl ()</div>

<div>MOD - D:\Program Files (x86)\IObit\Advanced SystemCare 6\Scan.dll ()</div>

<div>MOD - C:\Program Files (x86)\Evernote\Evernote\libxml2.dll ()</div>

<div>MOD - C:\Program Files (x86)\Evernote\Evernote\libtidy.dll ()</div>

<div>MOD - D:\Program Files (x86)\IObit\Advanced SystemCare 6\webres.dll ()</div>

<div>MOD - D:\Program Files (x86)\IObit\Advanced SystemCare 6\sqlite3.dll ()</div>

<div>MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll ()</div>

<div>MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll ()</div>

<div>MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll ()</div>

<div>MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll ()</div>

<div>MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll ()</div>

<div>MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll ()</div>

<div>MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll ()</div>

<div>MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll ()</div>

<div>MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll ()</div>

<div>MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll ()</div>

<div>MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll ()</div>

<div>MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll ()</div>

<div>MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll ()</div>

<div>MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll ()</div>

<div>MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll ()</div>

<div>MOD - C:\Windows\wweb32.dll ()</div>

<div>MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()</div>

<div>MOD - C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll ()</div>

<div>MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()</div>

<div>MOD - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()</div>

<div>MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()</div>

<div> </div>

<div> </div>

<div>========== Services (SafeList) ==========</div>

<div> </div>

<div>SRV:64bit: - (NitroReaderDriverReadSpool2) -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (Nitro PDF Software)</div>

<div>SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)</div>

<div>SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()</div>

<div>SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)</div>

<div>SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel® Corporation)</div>

<div>SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)</div>

<div>SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel® Corporation)</div>

<div>SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)</div>

<div>SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)</div>

<div>SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)</div>

<div>SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)</div>

<div>SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)</div>

<div>SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)</div>

<div>SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)</div>

<div>SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)</div>

<div>SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)</div>

<div>SRV - (AdvancedSystemCareService6) -- D:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe (IObit)</div>

<div>SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)</div>

<div>SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)</div>

<div>SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)</div>

<div>SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()</div>

<div>SRV - (Te.Service) -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe (Microsoft Corporation)</div>

<div>SRV - (fussvc) -- C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe (Microsoft Corporation)</div>

<div>SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)</div>

<div>SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)</div>

<div>SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)</div>

<div>SRV - (Sony SCSI Helper Service) -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation)</div>

<div>SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)</div>

<div>SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)</div>

<div>SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)</div>

<div>SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)</div>

<div>SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)</div>

<div>SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)</div>

<div>SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)</div>

<div>SRV - (CronService) -- C:\Prey\platform\windows\cronsvc.exe (Fork Ltd.)</div>

<div>SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)</div>

<div>SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)</div>

<div>SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)</div>

<div>SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)</div>

<div>SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)</div>

<div>SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)</div>

<div>SRV - (WinVNC4) -- C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.)</div>

<div> </div>

<div> </div>

<div>========== Driver Services (SafeList) ==========</div>

<div> </div>

<div>DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)</div>

<div>DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )</div>

<div>DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )</div>

<div>DRV:64bit: - (nvkflt) -- C:\Windows\SysNative\drivers\nvkflt.sys (NVIDIA Corporation)</div>

<div>DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)</div>

<div>DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)</div>

<div>DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)</div>

<div>DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)</div>

<div>DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)</div>

<div>DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)</div>

<div>DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)</div>

<div>DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)</div>

<div>DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)</div>

<div>DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)</div>

<div>DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)</div>

<div>DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)</div>

<div>DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)</div>

<div>DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)</div>

<div>DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)</div>

<div>DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows ® Win 7 DDK provider)</div>

<div>DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows ® Win 7 DDK provider)</div>

<div>DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)</div>

<div>DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)</div>

<div>DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)</div>

<div>DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)</div>

<div>DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)</div>

<div>DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)</div>

<div>DRV:64bit: - (RsFx0105) -- C:\Windows\SysNative\drivers\RsFx0105.sys (Microsoft Corporation)</div>

<div>DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)</div>

<div>DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)</div>

<div>DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.)</div>

<div>DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )</div>

<div>DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation)</div>

<div>DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)</div>

<div>DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)</div>

<div>DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)</div>

<div>DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)</div>

<div>DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)</div>

<div>DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)</div>

<div>DRV:64bit: - (NvStUSB) -- C:\Windows\SysNative\drivers\nvstusb.sys ()</div>

<div>DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)</div>

<div>DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)</div>

<div>DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Accelern.sys (ST Microelectronics)</div>

<div>DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel® Corporation)</div>

<div>DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)</div>

<div>DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)</div>

<div>DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)</div>

<div>DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)</div>

<div>DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)</div>

<div>DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)</div>

<div>DRV:64bit: - (stdcfltn) -- C:\Windows\SysNative\drivers\stdcfltn.sys (ST Microelectronics)</div>

<div>DRV:64bit: - (qicflt) -- C:\Windows\SysNative\drivers\qicflt.sys (Quanta Computer)</div>

<div>DRV:64bit: - (AVer7231_x64) -- C:\Windows\SysNative\drivers\AVer7231_x64.sys (AVerMedia TECHNOLOGIES, Inc.)</div>

<div>DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)</div>

<div>DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)</div>

<div>DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)</div>

<div>DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)</div>

<div>DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)</div>

<div>DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)</div>

<div>DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)</div>

<div>DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)</div>

<div>DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)</div>

<div>DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)</div>

<div>DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)</div>

<div>DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)</div>

<div>DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)</div>

<div>DRV - (VSPerfDrv110) -- D:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys (Microsoft Corporation)</div>

<div>DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)</div>

<div> </div>

<div> </div>

<div>========== Standard Registry (SafeList) ==========</div>

<div> </div>

<div> </div>

<div>========== Internet Explorer ==========</div>

<div> </div>

<div>IE:64bit: - HKLM\..\SearchScopes,DefaultScope = </div>

<div>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm</div>

<div>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/</div>

<div>IE - HKLM\..\SearchScopes,DefaultScope = </div>

<div> </div>

<div>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/</div>

<div>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp</div>

<div>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB</div>

<div>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = </div>

<div>IE - HKCU\..\SearchScopes,DefaultScope = {4F5CDA54-9914-4166-A3E1-AD46355AAE49}</div>

<div>IE - HKCU\..\SearchScopes\{4F5CDA54-9914-4166-A3E1-AD46355AAE49}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}</div>

<div>IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div>

<div> </div>

<div>========== FireFox ==========</div>

<div> </div>

<div>FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1</div>

<div>FF - user.js - File not found</div>

<div> </div>

<div>FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found</div>

<div>FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found</div>

<div>FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)</div>

<div>FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)</div>

<div>FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()</div>

<div>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found</div>

<div>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()</div>

<div>FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)</div>

<div>FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)</div>

<div>FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found</div>

<div>FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found</div>

<div>FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found</div>

<div>FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll (ESN Social Software AB)</div>

<div>FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)</div>

<div>FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)</div>

<div>FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)</div>

<div>FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found</div>

<div>FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)</div>

<div>FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)</div>

<div>FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)</div>

<div>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</div>

<div>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</div>

<div>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</div>

<div>FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )</div>

<div>FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)</div>

<div>FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)</div>

<div>FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()</div>

<div>FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)</div>

<div>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)</div>

<div>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)</div>

<div>FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)</div>

<div>FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</div>

<div>FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Sam\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found</div>

<div>FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Sam\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)</div>

<div>FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Sam\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()</div>

<div>FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sam\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)</div>

<div>FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sam\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)</div>

<div>FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Sam\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)</div>

<div> </div>

<div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/25 00:34:26 | 000,000,000 | ---D | M]</div>

<div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins</div>

<div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK</div>

<div> </div>

<div>[2013/01/25 00:36:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sam\AppData\Roaming\Mozilla\Extensions</div>

<div>[2013/01/25 00:34:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions</div>

<div>[2013/01/16 20:11:06 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll</div>

<div>[2013/01/28 00:11:21 | 000,000,626 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml</div>

<div>[2013/01/16 20:10:30 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml</div>

<div>[2013/01/28 00:11:21 | 000,000,579 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\image.xml</div>

<div>[2013/01/16 20:10:30 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml</div>

<div> </div>

<div>========== Chrome  ==========</div>

<div> </div>

<div>CHR - default_search_provider: Google (Enabled)</div>

<div>CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}</div>

<div>CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}</div>

<div>CHR - homepage: http://www.google.co.uk/</div>

<div>CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1386.0\PepperFlash\pepflashplayer.dll</div>

<div>CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer</div>

<div>CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1386.0\ppGoogleNaClPluginChrome.dll</div>

<div>CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1386.0\pdf.dll</div>

<div>CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll</div>

<div>CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll</div>

<div>CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll</div>

<div>CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll</div>

<div>CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll</div>

<div>CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll</div>

<div>CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll</div>

<div>CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll</div>

<div>CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Sam\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll</div>

<div>CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Sam\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll</div>

<div>CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL</div>

<div>CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL</div>

<div>CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll</div>

<div>CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll</div>

<div>CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll</div>

<div>CHR - plugin: Citrix ICA Client (Enabled) = C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll</div>

<div>CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll</div>

<div>CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll</div>

<div>CHR - plugin: Java Platform SE 7 U11 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll</div>

<div>CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll</div>

<div>CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll</div>

<div>CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll</div>

<div>CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll</div>

<div>CHR - plugin: Reader Application Detector (Enabled) = C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll</div>

<div>CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll</div>

<div>CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll</div>

<div>CHR - plugin: Unity Player (Enabled) = C:\Users\Sam\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll</div>

<div>CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll</div>

<div>CHR - plugin: Java Deployment Toolkit 7.0.110.21 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll</div>

<div>CHR - plugin: VLC Web Plugin (Enabled) = D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll</div>

<div>CHR - Extension: Google Docs = C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.4_0\</div>

<div>CHR - Extension: Google Drive = C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\</div>

<div>CHR - Extension: YouTube = C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\</div>

<div>CHR - Extension: Google Search = C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\</div>

<div>CHR - Extension: Gmail = C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\</div>

<div> </div>

<div>O1 HOSTS File: ([2013/01/19 23:51:03 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts</div>

<div>O1 - Hosts: 127.0.0.1       localhost</div>

<div>O1 - Hosts: ::1       localhost</div>

<div>O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.</div>

<div>O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)</div>

<div>O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - D:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)</div>

<div>O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)</div>

<div>O4:64bit: - HKLM..\Run: [bTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)</div>

<div>O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()</div>

<div>O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)</div>

<div>O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)</div>

<div>O4:64bit: - HKLM..\Run: [intelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)</div>

<div>O4:64bit: - HKLM..\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found</div>

<div>O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)</div>

<div>O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)</div>

<div>O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)</div>

<div>O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)</div>

<div>O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)</div>

<div>O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)</div>

<div>O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)</div>

<div>O4 - HKLM..\Run: [Everything] C:\Program Files (x86)\Everything\Everything.exe ()</div>

<div>O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)</div>

<div>O4 - HKCU..\Run: [spotify Web Helper] C:\Users\Sam\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)</div>

<div>O4 - HKCU..\Run: [WordWeb] C:\Program Files (x86)\WordWeb\wweb32.exe (WordWeb Software)</div>

<div>O4 - Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Sam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)</div>

<div>O4 - Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)</div>

<div>O4 - Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk =  File not found</div>

<div>O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present</div>

<div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0</div>

<div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5</div>

<div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3</div>

<div>O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div>

<div>O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0</div>

<div>O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)</div>

<div>O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)</div>

<div>O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)</div>

<div>O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)</div>

<div>O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)</div>

<div>O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)</div>

<div>O13 - gopher Prefix: missing</div>

<div>O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)</div>

<div>O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)</div>

<div>O16 - DPF: {E34F52FE-7769-46CE-8F8B-5E8ABAD2E9FC} https://webmail-eu.towerswatson.com/CACHE/sdesktop/install/binaries/instweb.cab (CSD ActiveX Installer)</div>

<div>O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)</div>

<div>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254</div>

<div>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4CB81583-68DC-40B1-ABA5-FD3EA5118C3B}: DhcpNameServer = 192.168.1.254 192.168.1.254</div>

<div>O18:64bit: - Protocol\Handler\livecall - No CLSID value found</div>

<div>O18:64bit: - Protocol\Handler\ms-help - No CLSID value found</div>

<div>O18:64bit: - Protocol\Handler\msnim - No CLSID value found</div>

<div>O18:64bit: - Protocol\Handler\skype4com - No CLSID value found</div>

<div>O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found</div>

<div>O18:64bit: - Protocol\Handler\wlpg - No CLSID value found</div>

<div>O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)</div>

<div>O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found</div>

<div>O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found</div>

<div>O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found</div>

<div>O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found</div>

<div>O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found</div>

<div>O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found</div>

<div>O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found</div>

<div>O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found</div>

<div>O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found</div>

<div>O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found</div>

<div>O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found</div>

<div>O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found</div>

<div>O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found</div>

<div>O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found</div>

<div>O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found</div>

<div>O18:64bit: - Protocol\Filter\ica - No CLSID value found</div>

<div>O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</div>

<div>O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</div>

<div>O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</div>

<div>O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</div>

<div>O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</div>

<div>O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</div>

<div>O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</div>

<div>O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</div>

<div>O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</div>

<div>O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</div>

<div>O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</div>

<div>O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</div>

<div>O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</div>

<div>O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</div>

<div>O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</div>

<div>O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</div>

<div>O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)</div>

<div>O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)</div>

<div>O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)</div>

<div>O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)</div>

<div>O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)</div>

<div>O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)</div>

<div>O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)</div>

<div>O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)</div>

<div>O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.</div>

<div>O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.</div>

<div>O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - D:\Stardock\Fences\FencesMenu64.dll (Stardock)</div>

<div>O32 - HKLM CDRom: AutoRun - 1</div>

<div>O34 - HKLM BootExecute: (autocheck autochk *)</div>

<div>O35:64bit: - HKLM\..comfile [open] -- "%1" %*</div>

<div>O35:64bit: - HKLM\..exefile [open] -- "%1" %*</div>

<div>O35 - HKLM\..comfile [open] -- "%1" %*</div>

<div>O35 - HKLM\..exefile [open] -- "%1" %*</div>

<div>O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*</div>

<div>O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*</div>

<div>O37 - HKLM\...com [@ = ComFile] -- "%1" %*</div>

<div>O37 - HKLM\...exe [@ = exefile] -- "%1" %*</div>

<div>O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)</div>

<div>O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)</div>

<div>O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)</div>

<div> </div>

<div>========== Files/Folders - Created Within 30 Days ==========</div>

<div> </div>

<div>[2013/01/27 23:57:52 | 000,000,000 | ---D | C] -- C:\Users\Sam\Two Worlds II - GotY Bonus</div>

<div>[2013/01/27 23:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reality Pump</div>

<div>[2013/01/27 21:44:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cyanide</div>

<div>[2013/01/27 21:43:42 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\Qawra Palace in Qawra, Malta   On the Beach_files</div>

<div>[2013/01/27 21:22:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ</div>

<div>[2013/01/27 21:22:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\THQ</div>

<div>[2013/01/27 15:06:52 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\BigHugeEngine</div>

<div>[2013/01/27 08:20:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingdoms of Amalur Reckoning</div>

<div>[2013/01/27 03:37:44 | 000,000,000 | ---D | C] -- C:\Users\Sam\Documents\FIFA MANAGER 12</div>

<div>[2013/01/26 20:46:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WB Games</div>

<div>[2013/01/26 20:33:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD</div>

<div>[2013/01/26 20:29:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive</div>

<div>[2013/01/26 20:29:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace</div>

<div>[2013/01/26 20:29:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE</div>

<div>[2013/01/26 20:26:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1C Company</div>

<div>[2013/01/26 04:02:40 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\DCS</div>

<div>[2013/01/26 04:01:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eagle Dynamics</div>

<div>[2013/01/25 02:33:56 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe</div>

<div>[2013/01/25 00:36:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome</div>

<div>[2013/01/25 00:34:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service</div>

<div>[2013/01/25 00:34:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox</div>

<div>[2013/01/22 22:02:56 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT</div>

<div>[2013/01/22 22:02:49 | 000,000,000 | ---D | C] -- C:\JRT</div>

<div>[2013/01/19 23:50:33 | 000,000,000 | ---D | C] -- C:\_OTL</div>

<div>[2013/01/19 14:06:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe</div>

<div>[2013/01/17 02:45:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN</div>

<div>[2013/01/17 02:40:37 | 000,000,000 | ---D | C] -- C:\Windows\temp</div>

<div>[2013/01/14 02:30:41 | 000,000,000 | ---D | C] -- C:\MGtools</div>

<div>[2013/01/14 01:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro</div>

<div>[2013/01/14 01:06:17 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller</div>

<div>[2013/01/14 01:06:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group</div>

<div>[2013/01/14 00:58:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0</div>

<div>[2013/01/13 23:35:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe</div>

<div>[2013/01/13 23:35:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe</div>

<div>[2013/01/13 23:35:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe</div>

<div>[2013/01/13 23:35:48 | 000,000,000 | ---D | C] -- C:\Qoobox</div>

<div>[2013/01/13 23:35:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt</div>

<div>[2013/01/13 23:23:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java</div>

<div>[2013/01/13 22:42:00 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\Fixing</div>

<div>[2013/01/13 22:15:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google</div>

<div>[2013/01/12 16:16:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy</div>

<div>[2013/01/12 16:16:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy</div>

<div>[2013/01/12 16:16:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy</div>

<div>[2013/01/12 16:07:31 | 000,000,000 | ---D | C] -- C:\Users\Sam\Documents\CC Reg Backups</div>

<div>[2013/01/12 16:04:01 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Greenshot</div>

<div>[2013/01/12 16:03:52 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\Greenshot</div>

<div>[2013/01/12 15:24:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NoteTab Light</div>

<div>[2013/01/12 15:24:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NoteTab Light</div>

<div>[2013/01/12 15:23:12 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView</div>

<div>[2013/01/12 15:23:11 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\IrfanView</div>

<div>[2013/01/12 15:23:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView</div>

<div>[2013/01/12 14:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenshot</div>

<div>[2013/01/12 14:57:15 | 000,000,000 | ---D | C] -- C:\Program Files\Greenshot</div>

<div>[2013/01/12 14:56:19 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET</div>

<div>[2013/01/12 14:56:07 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\Paint.NET</div>

<div>[2013/01/12 14:54:03 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prey</div>

<div>[2013/01/12 14:54:02 | 000,000,000 | ---D | C] -- C:\Prey</div>

<div>[2013/01/12 14:48:15 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything</div>

<div>[2013/01/12 14:48:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Everything</div>

<div>[2013/01/12 14:44:18 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat</div>

<div>[2013/01/12 14:44:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat</div>

<div>[2013/01/12 14:44:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinDirStat</div>

<div>[2013/01/11 01:50:31 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\AVG2013</div>

<div>[2013/01/11 01:29:58 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\TuneUp Software</div>

<div>[2013/01/11 01:29:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG</div>

<div>[2013/01/11 01:29:10 | 000,000,000 | ---D | C] -- C:\$AVG</div>

<div>[2013/01/11 01:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013</div>

<div>[2013/01/11 01:28:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG</div>

<div>[2013/01/11 01:25:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files</div>

<div>[2013/01/11 01:25:20 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\MFAData</div>

<div>[2013/01/11 01:25:20 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData</div>

<div>[2013/01/11 01:25:20 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\Avg2013</div>

<div>[2013/01/05 18:55:36 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\ElevatedDiagnostics</div>

<div> </div>

<div>========== Files - Modified Within 30 Days ==========</div>

<div> </div>

<div>[2013/01/28 00:18:38 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</div>

<div>[2013/01/28 00:18:38 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</div>

<div>[2013/01/28 00:11:17 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job</div>

<div>[2013/01/28 00:11:13 | 000,000,542 | ---- | M] () -- C:\Windows\tasks\MATLAB R2012a Startup Accelerator.job</div>

<div>[2013/01/28 00:11:09 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job</div>

<div>[2013/01/28 00:10:49 | 000,000,031 | ---- | M] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat</div>

<div>[2013/01/28 00:09:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat</div>

<div>[2013/01/28 00:09:05 | 453,640,191 | -HS- | M] () -- C:\hiberfil.sys</div>

<div>[2013/01/28 00:07:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-371144906-3944880737-2443039130-1002UA.job</div>

<div>[2013/01/28 00:01:00 | 000,000,252 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job</div>

<div>[2013/01/27 23:51:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job</div>

<div>[2013/01/27 23:40:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job</div>

<div>[2013/01/27 21:44:34 | 000,795,069 | ---- | M] () -- C:\Users\Sam\Desktop\Holiday.png</div>

<div>[2013/01/27 21:43:42 | 000,048,806 | ---- | M] () -- C:\Users\Sam\Desktop\Qawra Palace in Qawra, Malta   On the Beach.htm</div>

<div>[2013/01/27 04:07:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-371144906-3944880737-2443039130-1002Core.job</div>

<div>[2013/01/25 02:33:56 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe</div>

<div>[2013/01/25 01:41:05 | 000,001,052 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk</div>

<div>[2013/01/25 01:13:45 | 000,002,281 | ---- | M] () -- C:\Users\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk</div>

<div>[2013/01/25 00:36:12 | 000,002,257 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk</div>

<div>[2013/01/25 00:34:48 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk</div>

<div>[2013/01/24 23:29:25 | 000,001,216 | ---- | M] () -- C:\Users\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk</div>

<div>[2013/01/19 23:51:03 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts</div>

<div>[2013/01/19 14:06:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe</div>

<div>[2013/01/14 02:35:23 | 000,380,010 | ---- | M] () -- C:\MGlogs.zip</div>

<div>[2013/01/14 01:06:17 | 000,001,266 | ---- | M] () -- C:\Users\Sam\Desktop\Revo Uninstaller.lnk</div>

<div>[2013/01/14 01:01:38 | 000,859,272 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI</div>

<div>[2013/01/14 01:01:38 | 000,719,824 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat</div>

<div>[2013/01/14 01:01:38 | 000,147,058 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat</div>

<div>[2013/01/14 01:01:32 | 000,859,272 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI</div>

<div>[2013/01/13 23:49:49 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130114-005115.backup</div>

<div>[2013/01/12 17:54:21 | 000,048,301 | ---- | M] () -- C:\Users\Sam\Desktop\bookmarks_12_01_2013.html</div>

<div>[2013/01/12 16:16:56 | 000,001,284 | ---- | M] () -- C:\Users\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk</div>

<div>[2013/01/12 16:09:01 | 000,001,092 | ---- | M] () -- C:\Users\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities.lnk</div>

<div>[2013/01/12 15:24:36 | 000,001,037 | ---- | M] () -- C:\Users\Sam\Desktop\NoteTab Light.lnk</div>

<div>[2013/01/12 14:56:34 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk</div>

<div>[2013/01/12 14:44:19 | 000,001,033 | ---- | M] () -- C:\Users\Sam\Desktop\WinDirStat.lnk</div>

<div>[2013/01/09 03:30:36 | 005,501,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT</div>

<div> </div>

<div>========== Files Created - No Company Name ==========</div>

<div> </div>

<div>[2013/01/27 21:44:34 | 000,795,069 | ---- | C] () -- C:\Users\Sam\Desktop\Holiday.png</div>

<div>[2013/01/27 21:43:41 | 000,048,806 | ---- | C] () -- C:\Users\Sam\Desktop\Qawra Palace in Qawra, Malta   On the Beach.htm</div>

<div>[2013/01/25 00:36:12 | 000,002,281 | ---- | C] () -- C:\Users\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk</div>

<div>[2013/01/25 00:36:12 | 000,002,257 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk</div>

<div>[2013/01/25 00:35:18 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job</div>

<div>[2013/01/25 00:35:17 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job</div>

<div>[2013/01/25 00:34:48 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk</div>

<div>[2013/01/25 00:34:46 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk</div>

<div>[2013/01/14 02:30:43 | 000,380,010 | ---- | C] () -- C:\MGlogs.zip</div>

<div>[2013/01/14 01:06:17 | 000,001,266 | ---- | C] () -- C:\Users\Sam\Desktop\Revo Uninstaller.lnk</div>

<div>[2013/01/13 23:35:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe</div>

<div>[2013/01/13 23:35:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe</div>

<div>[2013/01/13 23:35:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe</div>

<div>[2013/01/13 23:35:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe</div>

<div>[2013/01/13 23:35:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe</div>

<div>[2013/01/12 17:54:21 | 000,048,301 | ---- | C] () -- C:\Users\Sam\Desktop\bookmarks_12_01_2013.html</div>

<div>[2013/01/12 16:16:56 | 000,001,284 | ---- | C] () -- C:\Users\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk</div>

<div>[2013/01/12 15:24:36 | 000,001,037 | ---- | C] () -- C:\Users\Sam\Desktop\NoteTab Light.lnk</div>

<div>[2013/01/12 14:56:34 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk</div>

<div>[2013/01/12 14:56:34 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk</div>

<div>[2013/01/12 14:54:48 | 000,000,031 | ---- | C] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat</div>

<div>[2013/01/12 14:44:19 | 000,001,033 | ---- | C] () -- C:\Users\Sam\Desktop\WinDirStat.lnk</div>

<div>[2012/11/21 20:00:52 | 000,003,500 | ---- | C] () -- C:\Users\Sam\AppData\Local\recently-used.xbel</div>

<div>[2012/09/22 01:49:06 | 003,360,624 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe</div>

<div>[2012/04/26 19:25:04 | 000,007,645 | ---- | C] () -- C:\Users\Sam\AppData\Local\Resmon.ResmonCfg</div>

<div>[2012/02/27 16:55:47 | 000,000,050 | ---- | C] () -- C:\Users\Sam\ewin30.tcl</div>

<div>[2012/02/27 16:55:47 | 000,000,031 | ---- | C] () -- C:\Users\Sam\eoffice30.tcl</div>

<div>[2011/12/19 23:33:43 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini</div>

<div>[2011/10/10 16:55:39 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe</div>

<div>[2011/10/10 16:55:23 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe</div>

<div>[2011/10/10 15:17:35 | 002,212,096 | ---- | C] () -- C:\Windows\wweb32.dll</div>

<div>[2011/10/06 16:40:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_89001461_aa.bin</div>

<div>[2011/10/06 16:40:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_49001461_aa.bin</div>

<div>[2011/10/06 16:40:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_33011461_aa.bin</div>

<div>[2011/10/06 16:40:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_ca.bin</div>

<div>[2011/10/06 16:40:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_ca.bin</div>

<div>[2011/10/06 16:40:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_aa.bin</div>

<div>[2011/10/06 16:40:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_8a.bin</div>

<div>[2011/10/06 16:40:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_ca.bin</div>

<div>[2011/10/06 16:40:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_aa.bin</div>

<div>[2011/10/06 16:40:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_8a.bin</div>

<div>[2011/10/06 16:40:26 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_890F1461_ca.bin</div>

<div>[2011/10/06 16:40:26 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_2B0f1461_ca.bin</div>

<div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_aa.bin</div>

<div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_8a.bin</div>

<div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A0F1461_ca.bin</div>

<div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_ca.bin</div>

<div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_aa.bin</div>

<div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_8a.bin</div>

<div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_14001461_61.bin</div>

<div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_13011461_aa.bin</div>

<div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_ca.bin</div>

<div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_8a.bin</div>

<div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_aa.bin</div>

<div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_8a.bin</div>

<div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_ca.bin</div>

<div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_aa.bin</div>

<div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_8a.bin</div>

<div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A0F1461_ca.bin</div>

<div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_ca.bin</div>

<div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_aa.bin</div>

<div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_8a.bin</div>

<div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A031461_ca.bin</div>

<div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A031461_aa.bin</div>

<div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A011461_ca.bin</div>

<div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A011461_aa.bin</div>

<div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_09001461_aa.bin</div>

<div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_08071461_aa.bin</div>

<div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_060F1461_ca.bin</div>

<div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_aa.bin</div>

<div>[2011/10/06 16:40:25 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_8a.bin</div>

<div>[2011/10/06 16:40:25 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_07031461_aa.bin</div>

<div>[2011/10/06 16:40:25 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_ca.bin</div>

<div>[2011/10/06 16:40:25 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_aa.bin</div>

<div>[2011/10/06 16:40:25 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_8a.bin</div>

<div>[2011/10/06 16:40:25 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_29001461_ca.bin</div>

<div>[2011/10/06 16:40:25 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_0B0f1461_ca.bin</div>

<div>[2011/10/06 16:40:25 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_090F1461_ca.bin</div>

<div>[2011/10/06 16:40:25 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_180F1461_ca.bin</div>

<div>[2011/10/06 16:40:25 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_18071461_aa.bin</div>

<div>[2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_aa.bin</div>

<div>[2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_8a.bin</div>

<div>[2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_aa.bin</div>

<div>[2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_8a.bin</div>

<div>[2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_ca.bin</div>

<div>[2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_8a.bin</div>

<div>[2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_aa.bin</div>

<div>[2011/10/06 16:40:24 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_8a.bin</div>

<div>[2011/10/06 16:40:24 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03131461_8a.bin</div>

<div>[2011/10/06 16:40:24 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03031461_aa.bin</div>

<div>[2011/10/06 16:40:24 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_ca.bin</div>

<div>[2011/10/06 16:40:24 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_aa.bin</div>

<div>[2011/10/06 16:40:24 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_8a.bin</div>

<div>[2011/10/06 16:40:24 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_aa.bin</div>

<div>[2011/10/06 16:40:24 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_8a.bin</div>

<div>[2011/10/06 16:40:24 | 000,000,376 | ---- | C] () -- C:\Windows\11317231_03131461_aa.bin</div>

<div>[2011/10/06 16:38:25 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin</div>

<div>[2011/10/06 16:38:22 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin</div>

<div>[2011/10/06 16:38:20 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin</div>

<div>[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat</div>

<div>[2011/02/10 16:10:51 | 000,859,272 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI</div>

<div>[2011/02/10 04:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini</div>

<div> </div>

<div>========== ZeroAccess Check ==========</div>

<div> </div>

<div>[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini</div>

<div> </div>

<div>[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64</div>

<div> </div>

<div>[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</div>

<div> </div>

<div>[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64</div>

<div> </div>

<div>[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]</div>

<div> </div>

<div>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64</div>

<div>"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)</div>

<div>"ThreadingModel" = Apartment</div>

<div> </div>

<div>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</div>

<div>"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)</div>

<div>"ThreadingModel" = Apartment</div>

<div> </div>

<div>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64</div>

<div>"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)</div>

<div>"ThreadingModel" = Free</div>

<div> </div>

<div>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]</div>

<div>"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)</div>

<div>"ThreadingModel" = Free</div>

<div> </div>

<div>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64</div>

<div>"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)</div>

<div>"ThreadingModel" = Both</div>

<div> </div>

<div>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]</div>

<div> </div>

<div>========== LOP Check ==========</div>

<div> </div>

<div>[2013/01/11 01:50:31 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\AVG2013</div>

<div>[2011/10/10 19:05:40 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Blio</div>

<div>[2012/02/08 18:32:33 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Camfrog</div>

<div>[2012/03/09 11:17:01 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Cisco</div>

<div>[2012/08/23 01:04:45 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant</div>

<div>[2013/01/28 00:13:29 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Dropbox</div>

<div>[2012/11/10 21:07:36 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\FileZilla</div>

<div>[2011/10/10 11:41:49 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Fingertapps</div>

<div>[2011/11/25 17:57:58 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\GFT Global Markets UK</div>

<div>[2013/01/12 16:08:59 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\GlarySoft</div>

<div>[2013/01/12 16:04:14 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Greenshot</div>

<div>[2012/12/01 14:32:06 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\ICAClient</div>

<div>[2012/11/27 21:39:46 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\IObit</div>

<div>[2013/01/12 15:23:11 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\IrfanView</div>

<div>[2012/12/12 20:21:07 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Kalypso Media</div>

<div>[2011/11/25 17:41:31 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\MetaQuotes</div>

<div>[2013/01/14 02:33:47 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Nitro PDF</div>

<div>[2012/08/22 23:58:09 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Notepad++</div>

<div>[2012/12/09 02:33:13 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Origin</div>

<div>[2012/03/04 19:19:23 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Pamela</div>

<div>[2011/10/10 13:09:15 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\PCDr</div>

<div>[2012/08/25 18:09:01 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\PDAppFlex</div>

<div>[2012/05/08 22:35:24 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\PrimoPDF</div>

<div>[2012/02/11 15:31:26 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Rainmeter</div>

<div>[2011/11/14 22:28:24 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Research In Motion</div>

<div>[2012/01/21 10:36:45 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\SoftGrid Client</div>

<div>[2011/10/17 03:28:57 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Sports Interactive</div>

<div>[2013/01/06 23:15:57 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Spotify</div>

<div>[2012/09/04 19:50:16 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1</div>

<div>[2012/04/27 00:44:25 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Stardock</div>

<div>[2012/04/11 16:34:53 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\TeamViewer</div>

<div>[2011/10/22 21:42:29 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\The Creative Assembly</div>

<div>[2011/10/14 14:22:07 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\TP</div>

<div>[2012/10/30 22:44:37 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\TS3Client</div>

<div>[2013/01/11 01:29:58 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\TuneUp Software</div>

<div>[2012/07/31 19:55:56 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Unity</div>

<div>[2012/11/10 21:07:32 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\uTorrent</div>

<div>[2012/02/24 15:13:25 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\ZinioReader4</div>

<div> </div>

<div>========== Purity Check ==========</div>

<div> </div>

<div> </div>

<div> </div>

<div>< End of report ></div>

<div> </div>

[SL8700]

On restart it appears to just kept coming back!!!

[2013/01/28 00:11:21 | 000,000,626 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

[jeffce]

Please download SystemLook from one of the links below and save it to your Desktop.

Link 1

Link 2

• Right-click and Run as Administrator SystemLook.exe to run it.
  

Copy the content within the following codebox into the main textfield:

:filefind
*babylon*

:regfind
babylon

:folderfind
*babylon

• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

[SL8700]

<p> </p>

<div>SystemLook 30.07.11 by jpshortstuff</div>

<div>Log created at 01:21 on 28/01/2013 by Sam</div>

<div>Administrator - Elevation successful</div>

<div> </div>

<div>========== filefind ==========</div>

<div> </div>

<div>Searching for "*babylon*"</div>

<div>C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 626 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[00:47 28/01/2013]<span class="Apple-tab-span" style="white-space:pre"> </span>[01:07 28/01/2013] 43BF6841BDB625ED76293F6523B2A53C</div>

<div>C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\art\ArtCivBabylonian.bar<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 67208628 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[18:35 07/09/2012]<span class="Apple-tab-span" style="white-space:pre"> </span>[18:52 04/11/2012] 88A4B9EC1561C3BBFD9A313140DCAEBA</div>

<div>C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\sound\SoundCivBabylonian.bar<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 89637288 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[18:35 07/09/2012]<span class="Apple-tab-span" style="white-space:pre"> </span>[18:33 23/10/2012] 4AA0457BE93EA60D7AEDBC2CB21527B8</div>

<div>C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\sound\SoundLocBabylonian-de-DE.bar<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 22915364 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[18:35 07/09/2012]<span class="Apple-tab-span" style="white-space:pre"> </span>[18:56 07/09/2012] 6F9B1D51B0424B448FE68A2AC11F8055</div>

<div>C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\sound\SoundLocBabylonian-en-US.bar<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 21848532 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[18:35 07/09/2012]<span class="Apple-tab-span" style="white-space:pre"> </span>[18:36 23/10/2012] ACBFFB190BB092BCFCD7A19ED89D0866</div>

<div>C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\sound\SoundLocBabylonian-es-ES.bar<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 23133748 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[18:35 07/09/2012]<span class="Apple-tab-span" style="white-space:pre"> </span>[18:56 07/09/2012] 18548FABCCDB335BC65840CB9B5A0DAC</div>

<div>C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\sound\SoundLocBabylonian-fr-FR.bar<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 21645988 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[18:35 07/09/2012]<span class="Apple-tab-span" style="white-space:pre"> </span>[18:56 07/09/2012] 32E57F051C14ABFAEEECC136427853AB</div>

<div>C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\sound\SoundLocBabylonian-it-IT.bar<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 22535728 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[18:35 07/09/2012]<span class="Apple-tab-span" style="white-space:pre"> </span>[18:56 07/09/2012] 499E031E15F4E7F17DC665A5E64669DD</div>

<div>C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\sound\SoundLocBabylonian-zh-CHT.bar<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 22884972 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[18:35 07/09/2012]<span class="Apple-tab-span" style="white-space:pre"> </span>[18:56 07/09/2012] BBB28AA0B586F7981EB68E214C4C6A10</div>

<div>C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\sound\music\Babylonians\Capital\Babylon_CapCity_1.mp3<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 2520610 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[18:35 07/09/2012]<span class="Apple-tab-span" style="white-space:pre"> </span>[18:54 07/09/2012] B3A8ED7F65F1272E6ACF3C3EDDA889CC</div>

<div>C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\sound\music\Babylonians\Capital\Babylon_CapCity_2.mp3<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 2520610 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[18:35 07/09/2012]<span class="Apple-tab-span" style="white-space:pre"> </span>[18:54 07/09/2012] B3A8ED7F65F1272E6ACF3C3EDDA889CC</div>

<div>C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\sound\music\Babylonians\Quest\Babylon_BeginQuest_1.mp3<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 1076143 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[18:35 07/09/2012]<span class="Apple-tab-span" style="white-space:pre"> </span>[18:48 07/09/2012] BB063792F11D1D291D77BEA9AD1DD122</div>

<div>C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\sound\music\Babylonians\Quest\Babylon_BeginQuest_2.mp3<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 742612 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[18:35 07/09/2012]<span class="Apple-tab-span" style="white-space:pre"> </span>[18:48 07/09/2012] 52E5B1BE6FF0B41B7C74BE879903D0E3</div>

<div>C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\sound\music\Babylonians\Quest\Babylon_BeginQuest_3.mp3<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 1326083 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[18:35 07/09/2012]<span class="Apple-tab-span" style="white-space:pre"> </span>[18:49 07/09/2012] A9772C8277EC4D8980BAB5F942B3D3F2</div>

<div>C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\sound\music\Babylonians\Quest\Babylon_BeginQuest_4.mp3<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 2067542 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[18:35 07/09/2012]<span class="Apple-tab-span" style="white-space:pre"> </span>[18:48 07/09/2012] 92202F987A913869472761A51B9D204B</div>

<div>C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\sound\music\Babylonians\Quest\Babylon_Quest_1.mp3<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 3186101 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[18:35 07/09/2012]<span class="Apple-tab-span" style="white-space:pre"> </span>[18:54 07/09/2012] 7D81F47D9DD4A900CAC5FD564E76E862</div>

<div>C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\sound\music\Babylonians\Quest\Babylon_Quest_2.mp3<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 3163532 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[18:35 07/09/2012]<span class="Apple-tab-span" style="white-space:pre"> </span>[18:54 07/09/2012] B008776C2F04E2EE1FE2F1ADE37EBE19</div>

<div>C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\sound\music\Babylonians\Quest\Babylon_Quest_3.mp3<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 2224377 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[18:35 07/09/2012]<span class="Apple-tab-span" style="white-space:pre"> </span>[18:50 07/09/2012] FF54B7D4520AA19BC1F46E0DCAE5FA29</div>

<div>C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\sound\music\Babylonians\Quest\Babylon_Quest_4.mp3<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 1693569 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[18:35 07/09/2012]<span class="Apple-tab-span" style="white-space:pre"> </span>[18:48 07/09/2012] BB553037025C1C53DFFD7EC56FD18B39</div>

<div>C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\sound\music\Babylonians\Quest\Babylon_Quest_5.mp3<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 2734706 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[18:35 07/09/2012]<span class="Apple-tab-span" style="white-space:pre"> </span>[18:48 07/09/2012] C55A4DB1D81EA3853828DE4EC69FE18F</div>

<div>C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\sound\music\Babylonians\Quest\Babylon_Quest_Lose.mp3<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 1281779 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[18:35 07/09/2012]<span class="Apple-tab-span" style="white-space:pre"> </span>[18:48 07/09/2012] 95FD222EBEC6007ECA5908D1985545DD</div>

<div>C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\sound\music\Babylonians\Quest\Babylon_Quest_Win.mp3<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 1281779 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[18:35 07/09/2012]<span class="Apple-tab-span" style="white-space:pre"> </span>[18:50 07/09/2012] F34EEF47A1EC29EBE5F8CC5444497D0F</div>

<div>C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\sound\SoundSets\Bldg_Babylon.xml<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 9651 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[18:53 07/09/2012]<span class="Apple-tab-span" style="white-space:pre"> </span>[18:53 07/09/2012] ADAA6199222E286D1C777B80D15EC118</div>

<div>C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\sound\SoundSets\Civ_Babylon.xml<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 16629 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[18:56 07/09/2012]<span class="Apple-tab-span" style="white-space:pre"> </span>[18:56 07/09/2012] 77C24A13830707571E25335D97803EBF</div>

<div>C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\sound\SoundSets\Vox_Babylon.xml<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 124459 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[18:55 07/09/2012]<span class="Apple-tab-span" style="white-space:pre"> </span>[18:55 07/09/2012] A6D41239F5AA2A1D025D417F85BC73F3</div>

<div>C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar.zip<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 789 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[17:11 12/01/2013]<span class="Apple-tab-span" style="white-space:pre"> </span>[17:11 12/01/2013] BFFC6CD0F0D451EC4B8D3F5D05EC2201</div>

<div>C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar1.zip<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 790 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[16:44 13/01/2013]<span class="Apple-tab-span" style="white-space:pre"> </span>[16:44 13/01/2013] 4B4C8B67DE44BEFD87934B126F9D129A</div>

<div>C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 789 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[01:12 14/01/2013]<span class="Apple-tab-span" style="white-space:pre"> </span>[01:12 14/01/2013] CC6FDAC5A379F91FEC475B3586429040</div>

<div>C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar3.zip<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 790 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[19:03 14/01/2013]<span class="Apple-tab-span" style="white-space:pre"> </span>[19:03 14/01/2013] 597DA18D0D7F370162345ED8921D8191</div>

<div>C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar.zip<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 789 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[17:11 12/01/2013]<span class="Apple-tab-span" style="white-space:pre"> </span>[17:11 12/01/2013] BFFC6CD0F0D451EC4B8D3F5D05EC2201</div>

<div>C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar1.zip<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 790 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[16:44 13/01/2013]<span class="Apple-tab-span" style="white-space:pre"> </span>[16:44 13/01/2013] 4B4C8B67DE44BEFD87934B126F9D129A</div>

<div>C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 789 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[01:12 14/01/2013]<span class="Apple-tab-span" style="white-space:pre"> </span>[01:12 14/01/2013] CC6FDAC5A379F91FEC475B3586429040</div>

<div>C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar3.zip<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 790 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[19:03 14/01/2013]<span class="Apple-tab-span" style="white-space:pre"> </span>[19:03 14/01/2013] 597DA18D0D7F370162345ED8921D8191</div>

<div>C:\_OTL\MovedFiles\01192013_235033\C_Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 626 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[01:31 16/01/2013]<span class="Apple-tab-span" style="white-space:pre"> </span>[03:14 17/01/2013] 43BF6841BDB625ED76293F6523B2A53C</div>

<div>C:\_OTL\MovedFiles\01282013_000739\C_Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml<span class="Apple-tab-span" style="white-space:pre"> </span>--a---- 626 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>[00:04 28/01/2013]<span class="Apple-tab-span" style="white-space:pre"> </span>[00:04 28/01/2013] 43BF6841BDB625ED76293F6523B2A53C</div>

<div> </div>

<div>========== regfind ==========</div>

<div> </div>

<div>Searching for "babylon"</div>

<div>No data found.</div>

<div> </div>

<div>========== folderfind ==========</div>

<div> </div>

<div>Searching for "*babylon"</div>

<div>No folders found.</div>

<div> </div>

<div>-= EOF =-</div>

[jeffce]

I am having a hard time reading that....could you attach the log that was created please?

[SL8700]

There you go :-)

SystemLook.txt

[jeffce]

Please delete the current version of Combofix.exe from your desktop and download a new version from here to your desktop.

Disable your AntiVirus and AntiSpyware applications.

• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

  
  ClearJavaCache::
  File::
  C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
  C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar.zip
  C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar1.zip
  C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip
  C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar3.zip
  

• Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
  
  
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  
• ComboFix may request an update; please allow it.
  
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  
• When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
  

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

----------

Post the new ComboFix log and let me know how things are running now.

[SL8700]

ComboFix 13-01-28.02 - Sam 28/01/2013 22:33:38.3.8 - x64

Running from: c:\users\Sam\Desktop\ComboFix.exe

Command switches used :: c:\users\Sam\Desktop\CFScript.txt

.

FILE ::

"c:\program files (x86)\Mozilla Firefox\searchplugins\babylon.xml"

"c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar.zip"

"c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar1.zip"

"c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip"

"c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar3.zip"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Mozilla Firefox\searchplugins\babylon.xml

c:\programdata\PCDr\6032\AddOnDownloaded\18d25bc5-acbb-424f-a6c6-d04a97765094.dll

c:\programdata\PCDr\6032\AddOnDownloaded\2141cd58-3a24-481f-8ca2-8b466c9b797f.dll

c:\programdata\PCDr\6032\AddOnDownloaded\2d2ff7e2-f0f8-4f32-a28e-e44234dd3300.dll

c:\programdata\PCDr\6032\AddOnDownloaded\3e137363-345c-454a-a474-2da300d9297a.dll

c:\programdata\PCDr\6032\AddOnDownloaded\4011a5cd-1208-467b-b149-4c0534295875.dll

c:\programdata\PCDr\6032\AddOnDownloaded\489a0734-0bcc-462a-8a9c-29a40f0007b9.dll

c:\programdata\PCDr\6032\AddOnDownloaded\59abf7b9-a4a7-4d76-9ad6-13c7bb2f4d0b.dll

c:\programdata\PCDr\6032\AddOnDownloaded\5f996ddf-fafd-4f93-b623-a362758305b9.dll

c:\programdata\PCDr\6032\AddOnDownloaded\65a823a3-a5fc-440a-b276-153555251042.dll

c:\programdata\PCDr\6032\AddOnDownloaded\918ee45c-eb0a-4e61-97ad-c1849c2623ee.dll

c:\programdata\PCDr\6032\AddOnDownloaded\b0654984-096d-4244-a127-3364577b6279.dll

c:\programdata\PCDr\6032\AddOnDownloaded\b967e9c4-897a-42c8-96d2-4ceb543f8cdb.dll

c:\programdata\PCDr\6032\AddOnDownloaded\e3146f6d-11b3-4a00-a026-1ba8b4bb00ff.dll

c:\programdata\PCDr\6032\AddOnDownloaded\ea058b56-dc30-479c-af0f-bcf27aed08df.dll

c:\programdata\PCDr\6032\AddOnDownloaded\f4d48f15-9f33-4b3f-a84f-bc8b2800e772.dll

c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar.zip

c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar1.zip

c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip

c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar3.zip

.

.

((((((((((((((((((((((((( Files Created from 2012-12-28 to 2013-01-28 )))))))))))))))))))))))))))))))

.

.

2013-01-28 22:39 . 2013-01-28 22:39 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-01-28 22:39 . 2013-01-28 22:39 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-28 01:17 . 2013-01-28 01:17 -------- d-----w- c:\users\Sam\AppData\Roaming\Safer Networking

2013-01-28 01:16 . 2013-01-28 01:16 -------- d-----w- c:\program files (x86)\Safer Networking

2013-01-27 23:57 . 2013-01-28 00:00 -------- d-----w- c:\users\Sam\Two Worlds II - GotY Bonus

2013-01-27 21:22 . 2013-01-27 21:22 -------- d-----w- c:\program files (x86)\THQ

2013-01-27 15:06 . 2013-01-27 15:06 -------- d-----w- c:\users\Sam\AppData\Local\BigHugeEngine

2013-01-27 03:38 . 2008-07-12 08:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll

2013-01-26 20:33 . 2013-01-26 20:33 -------- d-----w- c:\program files (x86)\AMD

2013-01-26 20:29 . 2013-01-26 20:29 -------- d-----w- c:\windows\SysWow64\xlive

2013-01-26 20:29 . 2013-01-26 20:29 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE

2013-01-26 04:02 . 2013-01-26 04:02 -------- d-----w- c:\users\Sam\AppData\Local\DCS

2013-01-25 02:33 . 2013-01-25 02:33 12872 ----a-w- c:\windows\system32\bootdelete.exe

2013-01-25 00:34 . 2013-01-25 00:34 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2013-01-22 22:02 . 2013-01-22 22:02 -------- d-----w- c:\windows\ERUNT

2013-01-22 22:02 . 2013-01-22 22:02 -------- d-----w- C:\JRT

2013-01-19 23:50 . 2013-01-19 23:50 -------- d-----w- C:\_OTL

2013-01-14 02:30 . 2013-01-14 02:35 -------- d-----w- C:\MGtools

2013-01-14 01:58 . 2013-01-25 02:33 -------- d-----w- c:\programdata\HitmanPro

2013-01-14 01:06 . 2013-01-14 01:06 -------- d-----w- c:\program files (x86)\VS Revo Group

2013-01-14 00:59 . 2011-09-22 21:06 109416 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll

2013-01-14 00:59 . 2011-09-22 17:18 73064 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll

2013-01-14 00:59 . 2011-09-22 21:07 105832 ----a-w- c:\windows\system32\SQSRVRES.DLL

2013-01-14 00:58 . 2013-01-14 00:58 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0

2013-01-14 00:54 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll

2013-01-14 00:54 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll

2013-01-14 00:54 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2013-01-14 00:54 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys

2013-01-14 00:54 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll

2013-01-14 00:54 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2013-01-14 00:54 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2013-01-13 23:23 . 2013-01-13 23:23 -------- d-----w- c:\program files (x86)\Common Files\Java

2013-01-13 23:23 . 2013-01-13 23:23 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-01-13 22:15 . 2013-01-25 00:35 -------- d-----w- c:\program files (x86)\Google

2013-01-12 16:16 . 2013-01-28 01:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2013-01-12 16:16 . 2013-01-12 16:17 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2013-01-12 16:04 . 2013-01-12 16:04 -------- d-----w- c:\users\Sam\AppData\Roaming\Greenshot

2013-01-12 16:03 . 2013-01-12 16:03 -------- d-----w- c:\users\Sam\AppData\Local\Greenshot

2013-01-12 15:24 . 2013-01-12 15:24 -------- d-----w- c:\program files (x86)\NoteTab Light

2013-01-12 15:23 . 2013-01-12 15:23 -------- d-----w- c:\users\Sam\AppData\Roaming\IrfanView

2013-01-12 15:23 . 2013-01-12 15:23 -------- d-----w- c:\program files (x86)\IrfanView

2013-01-12 14:57 . 2013-01-12 14:57 -------- d-----w- c:\program files\Greenshot

2013-01-12 14:56 . 2013-01-12 14:56 -------- d-----w- c:\program files\Paint.NET

2013-01-12 14:56 . 2013-01-12 17:53 -------- d-----w- c:\users\Sam\AppData\Local\Paint.NET

2013-01-12 14:54 . 2013-01-28 22:29 31 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat

2013-01-12 14:54 . 2013-01-12 14:54 -------- d-----w- C:\Prey

2013-01-12 14:48 . 2013-01-28 01:20 -------- d-----w- c:\program files (x86)\Everything

2013-01-12 14:44 . 2013-01-12 14:44 -------- d-----w- c:\program files (x86)\WinDirStat

2013-01-11 01:50 . 2013-01-11 01:50 -------- d-----w- c:\users\Sam\AppData\Roaming\AVG2013

2013-01-11 01:29 . 2013-01-11 01:29 -------- d-----w- c:\users\Sam\AppData\Roaming\TuneUp Software

2013-01-11 01:29 . 2013-01-11 01:29 -------- d-----w- C:\$AVG

2013-01-11 01:29 . 2013-01-11 01:30 -------- d-----w- c:\programdata\AVG2013

2013-01-11 01:28 . 2013-01-11 01:28 -------- d-----w- c:\program files (x86)\AVG

2013-01-11 01:26 . 2012-11-19 01:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{52D74735-1440-4D79-91D6-3313E0B1BFBE}\mpengine.dll

2013-01-11 01:25 . 2013-01-27 17:58 -------- d-----w- c:\programdata\MFAData

2013-01-11 01:25 . 2013-01-12 14:47 -------- d-----w- c:\users\Sam\AppData\Local\Avg2013

2013-01-11 01:25 . 2013-01-11 01:25 -------- d--h--w- c:\programdata\Common Files

2013-01-11 01:25 . 2013-01-11 01:25 -------- d-----w- c:\users\Sam\AppData\Local\MFAData

2013-01-09 01:09 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll

2013-01-09 01:08 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe

2013-01-09 01:08 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-14 02:35 . 2013-01-14 02:30 380010 ----a-w- C:\MGlogs.zip

2013-01-13 23:23 . 2012-10-10 09:30 859552 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2013-01-13 23:23 . 2011-10-06 15:26 780192 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-01-09 03:03 . 2011-10-11 06:21 67599240 ----a-w- c:\windows\system32\MRT.exe

2013-01-08 23:51 . 2012-04-30 03:18 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-01-08 23:51 . 2011-10-06 15:18 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-16 17:11 . 2012-12-22 03:00 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-16 14:45 . 2012-12-22 03:00 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-16 14:13 . 2012-12-22 03:00 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-16 14:13 . 2012-12-22 03:00 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-14 22:02 . 2011-12-17 02:04 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-12-14 22:02 . 2011-10-10 16:55 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-12-14 22:02 . 2011-10-10 16:55 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-12-14 16:49 . 2012-02-06 00:11 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-13 03:11 . 2012-11-29 01:04 2549120 ----a-w- c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll

2012-11-30 04:45 . 2013-01-09 01:09 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-11-29 19:06 . 2012-11-29 19:06 119808 ----a-r- c:\users\Sam\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe

2012-11-29 01:02 . 2012-09-27 19:56 90976 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll

2012-11-15 23:33 . 2012-11-15 23:33 111968 ----a-w- c:\windows\system32\drivers\avgmfx64.sys

2012-11-14 07:06 . 2012-12-13 03:02 17811968 ----a-w- c:\windows\system32\mshtml.dll

2012-11-14 06:32 . 2012-12-13 03:02 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-11-14 06:11 . 2012-12-13 03:02 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-11-14 06:04 . 2012-12-13 03:02 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-11-14 06:04 . 2012-12-13 03:02 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-11-14 06:02 . 2012-12-13 03:02 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-14 06:02 . 2012-12-13 03:02 237056 ----a-w- c:\windows\system32\url.dll

2012-11-14 05:59 . 2012-12-13 03:02 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-11-14 05:58 . 2012-12-13 03:02 816640 ----a-w- c:\windows\system32\jscript.dll

2012-11-14 05:57 . 2012-12-13 03:02 599040 ----a-w- c:\windows\system32\vbscript.dll

2012-11-14 05:57 . 2012-12-13 03:02 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-11-14 05:55 . 2012-12-13 03:02 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-11-14 05:55 . 2012-12-13 03:02 729088 ----a-w- c:\windows\system32\msfeeds.dll

2012-11-14 05:53 . 2012-12-13 03:02 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-11-14 05:52 . 2012-12-13 03:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-11-14 05:46 . 2012-12-13 03:02 248320 ----a-w- c:\windows\system32\ieui.dll

2012-11-14 02:09 . 2012-12-13 03:02 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-11-14 01:58 . 2012-12-13 03:02 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-11-14 01:57 . 2012-12-13 03:02 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-11-14 01:49 . 2012-12-13 03:02 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-11-14 01:48 . 2012-12-13 03:02 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-11-14 01:44 . 2012-12-13 03:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-11-09 05:45 . 2012-12-12 21:58 2048 ----a-w- c:\windows\system32\tzres.dll

2012-11-09 04:42 . 2012-12-12 21:58 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-11-02 05:59 . 2012-12-12 21:56 478208 ----a-w- c:\windows\system32\dpnet.dll

2012-11-02 05:11 . 2012-12-12 21:56 376832 ----a-w- c:\windows\SysWow64\dpnet.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WordWeb"="c:\program files (x86)\WordWeb\wweb32.exe" [2009-11-08 65216]

"Spotify Web Helper"="c:\users\Sam\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-30 1199576]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"Reader Application Helper"="c:\program files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe" [2012-01-31 892928]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]

"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]

"Everything"="c:\program files (x86)\Everything\Everything.exe" [2009-03-13 602624]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Advanced SystemCare 6"="d:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-24 490880]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"

"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe

"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

"Dell DataSafe Online"=c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe

"Aeria Ignite"="c:\program files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent

.

R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]

R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-10-19 195072]

R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [x]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-11-11 172632]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-01 340240]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-02 22528]

R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [2011-01-31 121960]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-07-25 126976]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-11 1255736]

R4 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]

R4 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]

R4 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]

R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-22 311144]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 431464]

R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]

S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]

S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-15 111968]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-10-02 30056]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]

S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2011-06-29 91864]

S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2012-10-02 284008]

S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;d:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-10-31 464256]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]

S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440]

S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-02-15 19968]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-09-23 641832]

S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-02-08 343032]

S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-07-08 1692480]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760]

S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-10-19 195072]

S3 AVer7231_x64;AVerMedia 7231 capture service;c:\windows\system32\DRIVERS\AVer7231_x64.sys [2010-06-11 1799808]

S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-08-29 53760]

S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-15 327168]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]

S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-09 60416]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-16 317440]

S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-05-17 25496]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]

S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [2010-07-13 29288]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2011-05-17 42392]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-01-25 00:36 1630672 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1386.0\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-28 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 23:51]

.

2013-01-28 c:\windows\Tasks\GlaryInitialize.job

- c:\program files (x86)\Glary Utilities\initialize.exe [2012-02-11 00:26]

.

2013-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-25 00:35]

.

2013-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-25 00:35]

.

2013-01-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-371144906-3944880737-2443039130-1002Core.job

- c:\users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-10 11:45]

.

2013-01-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-371144906-3944880737-2443039130-1002UA.job

- c:\users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-10 11:45]

.

2013-01-28 c:\windows\Tasks\HP Photo Creations Messager.job

- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]

.

2013-01-28 c:\windows\Tasks\MATLAB R2012a Startup Accelerator.job

- d:\program files\MATLAB\R2012a\bin\win64\MATLABStartupAccelerator.exe [2012-07-31 02:29]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-12 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-12 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-12 418840]

"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-11-01 1935120]

"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-10-18 10357008]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "d:\stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.co.uk/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.254 192.168.1.254

DPF: {E34F52FE-7769-46CE-8F8B-5E8ABAD2E9FC} - hxxps://webmail-eu.towerswatson.com/CACHE/sdesktop/install/binaries/instweb.cab

FF - ProfilePath - c:\users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\wcjolaku.default-1359079694328\

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{27B4851A-3207-45A2-B947-BE8AFE6163AB}"=hex:51,66,7a,6c,4c,1d,38,12,74,86,a7,

23,35,7c,cc,00,c6,51,fd,ca,fb,3f,27,bf

"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,

76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1,

79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,

aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83

"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,

b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,

2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:cf,6a,0e,6b,af,67,cd,01

.

[HKEY_USERS\S-1-5-21-371144906-3944880737-2443039130-1002\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-01-28 22:41:37

ComboFix-quarantined-files.txt 2013-01-28 22:41

ComboFix2.txt 2013-01-17 02:40

ComboFix3.txt 2013-01-14 01:27

.

Pre-Run: 32,870,944,768 bytes free

Post-Run: 32,775,274,496 bytes free

.

- - End Of File - - BDC796F8ACCD270445D3E759F232B873

[jeffce]

How is your system running?

[jeffce]

In addition to my previous post, I would also like for you to do the following:

Go to your Desktop and delete your ComboFix icon by dragging it to the Recycle Bin.

Once done, please Empty Your Recycle Bin.

Let me know when this is done.

[SL8700]

Done, but whatever we are doing isn't working. Babylon.xml is back in the Firefox folder. I am going to uninstall Firefox.

Please can you continue to assist? It appears to be Firefox related now. Very time the computer restarts, it reappears!

[SL8700]

Ok... on deleting and totally removing all Firefox components, it looks like babylon.xml has gone.

The only place it remains is in various quarantines... what is the best way to clean these up too?

It appears that I am just going to have to avoid Firefox...

[jeffce]

Well that is just odd.

Java

Please go to Start > Control Panel > Programs and Features > uninstall all the Java Programs you see.

----------

Malwarebytes

Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.

----------

ESET Online Scanner

Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

• Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  
• Turn off the real time scanner of any existing antivirus program while performing the online scan
  
• Tick the box next to YES, I accept the Terms of Use.
  
• Click Start
  
• When asked, allow the activex control to install
  
• Click Start
  
• Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  
• Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  
• Click Scan
  
• Wait for the scan to finish
  
• When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  
• Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  
• Close the ESET online scan, and let me know how things are now.
  

----------

[SL8700]

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.01.24.11

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Sam :: SAM-LAPPY [administrator]

30/01/2013 17:53:00

mbam-log-2013-01-30 (17-53-00).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 241386

Time elapsed: 5 minute(s), 25 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[SL8700]

C:\MGtools\Process.exe Win32/PrcView application

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application

C:\Users\Sam\Downloads\cbsidlm-tr1_10a-Everything-ORG-10890746.exe Win32/DownloadAdmin.G application

C:\Users\Sam\Downloads\cbsidlm-tr1_10a-NoteTab_Light-ORG-10008280.exe Win32/DownloadAdmin.G application

C:\Users\Sam\Downloads\cbsidlm-tr1_10a-Prey_AntiTheft-ORG-75812037.exe Win32/DownloadAdmin.G application

C:\Users\Sam\Downloads\FreeYouTubeDownloaderInstaller.exe a variant of Win32/Somoto.A application

D:\Downloads\Move - Oct 2012\asc-setup.exe a variant of Win32/ELEX application

D:\Downloads\Move - Oct 2012\cnet2_installspeedfan445_exe.exe a variant of Win32/InstallCore.D application

D:\Downloads\Move - Oct 2012\cnet2_Relaxing_Nature_Animated_Wallpaper_exe.exe a variant of Win32/InstallCore.D application

D:\Downloads\Move - Oct 2012\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask application

D:\Downloads\Move - Oct 2012\InternationalPrimoPDF.exe Win32/OpenCandy application

D:\Downloads\Move - Oct 2012\PamelaSetup_Basic.exe a variant of Win32/Bundled.Toolbar.Ask application

D:\Downloads\Move - Oct 2012\SopCast.zip a variant of Win32/Bundled.Toolbar.Ask application

D:\Downloads\cbsidlm-tr1_7-DeadLine-ORG2-10489854.exe Win32/DownloadAdmin.D application

D:\Downloads\cbsidlm-tr1_7-Graph-ORG2-10063417.exe Win32/DownloadAdmin.D application

D:\Downloads\cbsidlm-tr1_7-Graphing_Calculator_3D-ORG2-10725117.exe Win32/DownloadAdmin.D application

D:\Downloads\cbsidlm-tr1_7-Kindle_for_PC-ORG2-75185974.exe Win32/DownloadAdmin.D application

D:\Downloads\cbsidlm-tr1_7-Programming_C-ORG2-10174971.exe Win32/DownloadAdmin.D application

D:\Downloads\cbsidlm-tr1_7-Programming_in_C_in_7_days-ORG2-10063731.exe Win32/DownloadAdmin.D application

D:\Downloads\cbsidlm-tr1_7-Web_Design_in_Seven_Days-ORG2-10054352.exe Win32/DownloadAdmin.D application

D:\Downloads\xwidget_setup173.exe Win32/InstallMonetizer.AF application

You should note that almost all of those downloads was from CNET (www.downloads.com) which is the very same place where the babylon malware came from!

[jeffce]

Run OTL.exe

• Copy/paste the following text written inside of the quote box into the Custom Scans/Fixes box located at the bottom of OTL

  
  :Services
  :Files
  C:\Users\Sam\Downloads\cbsidlm-tr1_10a-Everything-ORG-10890746.exe
  C:\Users\Sam\Downloads\cbsidlm-tr1_10a-NoteTab_Light-ORG-10008280.exe
  C:\Users\Sam\Downloads\cbsidlm-tr1_10a-Prey_AntiTheft-ORG-75812037.exe
  C:\Users\Sam\Downloads\FreeYouTubeDownloaderInstaller.exe
  D:\Downloads\Move - Oct 2012\asc-setup.exe
  D:\Downloads\Move - Oct 2012\cnet2_installspeedfan445_exe.exe
  D:\Downloads\Move - Oct 2012\cnet2_Relaxing_Nature_Animated_Wallpaper_exe.exe
  D:\Downloads\Move - Oct 2012\CuteWriter.exe
  D:\Downloads\Move - Oct 2012\InternationalPrimoPDF.exe
  D:\Downloads\Move - Oct 2012\PamelaSetup_Basic.exe
  D:\Downloads\Move - Oct 2012\SopCast.zip
  D:\Downloads\cbsidlm-tr1_7-DeadLine-ORG2-10489854.exe
  D:\Downloads\cbsidlm-tr1_7-Graph-ORG2-10063417.exe
  D:\Downloads\cbsidlm-tr1_7-Graphing_Calculator_3D-ORG2-10725117.exe
  D:\Downloads\cbsidlm-tr1_7-Kindle_for_PC-ORG2-75185974.exe
  D:\Downloads\cbsidlm-tr1_7-Programming_C-ORG2-10174971.exe
  D:\Downloads\cbsidlm-tr1_7-Programming_in_C_in_7_days-ORG2-10063731.exe
  D:\Downloads\cbsidlm-tr1_7-Web_Design_in_Seven_Days-ORG2-10054352.exe
  D:\Downloads\xwidget_setup173.exe Win32/InstallMonetizer.AF application
  :Commands
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot when it is done
  
• Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
  

----------

Post the new logs made by OTL and let me know how things are running.

[SL8700]

Done as requested, but on reboot it is not happy at all! Its been trying to load for the last 10 minutes (usually up within 10-20 seconds).

Start button shows zero programs, my "fences" have been deleted, it won't connect to wi fi and its "stuck".

[SL8700]

Managed to sort it - just forced a restart!

Annoyingly the Firefox bits are back when I was positive they were removed. No babylon.xml as yet!

Please see attached for new OTL report.

OTL5.Txt

[jeffce]

Annoyingly the Firefox bits are back when I was positive they were removed.

How is everything else running?

[SL8700]

So far so good thanks Jeff. Booting quickly again, although like I said, worrying some of the Firefox stuff is back when the program has been completely removed.

Do I need to run any other tests to double check the system is clean?

Thanks again for all your help with this!