Infected with ransomware and fsquirt/sftwed redirect

MrCharlie · March 30, 2013

Can you post a screen shot of what you're talking about.

MrC

adams2k5 · March 31, 2013

I have attached a screenshot for you.

MrCharlie · March 31, 2013

OK, I'll get back to you later, MrC

MrCharlie · March 31, 2013

For now, please do this:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
```
:filefind
*fsquirt*

:regfind
fsquirt
```
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

MrC

adams2k5 · April 1, 2013

Here is the SystemLook log:

SystemLook 30.07.11 by jpshortstuff

Log created at 14:27 on 01/04/2013 by Ben

Administrator - Elevation successful

========== filefind ==========

Searching for "*fsquirt*"

C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Recent\fsquirt.lnk --a---- 545 bytes [12:55 31/03/2013] [12:57 31/03/2013] EA6CCACBAC581A90EF62EC5A92FF5A8C

C:\Windows\System32\ar-SA\fsquirt.exe.mui --a---- 12288 bytes [06:49 17/03/2011] [01:45 14/07/2009] 1177AB3ED110D80AAB27271B7FBD1E06

C:\Windows\System32\cs-CZ\fsquirt.exe.mui --a---- 13824 bytes [06:26 17/03/2011] [01:40 14/07/2009] 5673C1FCD36E5A010410132595CDF4EA

C:\Windows\System32\da-DK\fsquirt.exe.mui --a---- 13312 bytes [19:07 17/03/2011] [01:39 14/07/2009] ECCA162B7ACA93CAB2D3D01358499593

C:\Windows\System32\de-DE\fsquirt.exe.mui --a---- 15360 bytes [18:31 17/03/2011] [01:41 14/07/2009] 20DE1674F21E1DAE97DF5E175A88A657

C:\Windows\System32\DriverStore\FileRepository\bth.inf_x86_neutral_2d4ce84c4a0b8470\fsquirt.exe --a---- 219648 bytes [08:31 17/03/2011] [12:17 20/11/2010] 368A5F0D5FD18CDBF25E98FB1BDF6DBB

C:\Windows\System32\DriverStore\FileRepository\bth.inf_x86_neutral_92c343c9dc681a74\fsquirt.exe --a---- 219648 bytes [08:31 17/03/2011] [12:17 20/11/2010] 368A5F0D5FD18CDBF25E98FB1BDF6DBB

C:\Windows\System32\DriverStore\FileRepository\bth.inf_x86_neutral_a6bf6d613b46f6a5\fsquirt.exe --a---- 219648 bytes [08:31 17/03/2011] [12:17 20/11/2010] 368A5F0D5FD18CDBF25E98FB1BDF6DBB

C:\Windows\System32\el-GR\fsquirt.exe.mui --a---- 14848 bytes [07:04 17/03/2011] [01:44 14/07/2009] D7EC28ADC0A3732F821DF2AA51353714

C:\Windows\System32\en-US\fsquirt.exe.mui --a---- 13312 bytes [04:54 14/07/2009] [02:03 14/07/2009] 53AFB2D9998BDB8273269AE30F19CFC6

C:\Windows\System32\es-ES\fsquirt.exe.mui --a---- 14336 bytes [18:59 17/03/2011] [01:47 14/07/2009] 5EEC5FC36255B32D7061168EC7B8D564

C:\Windows\System32\et-EE\fsquirt.exe.mui --a---- 12800 bytes [20:30 17/03/2011] [02:22 14/07/2009] E25C973CCA9A58C8B0139150445CA388

C:\Windows\System32\fi-FI\fsquirt.exe.mui --a---- 13312 bytes [19:49 17/03/2011] [01:45 14/07/2009] E2DCBC171B9D7A50B65A1D08557C01D8

C:\Windows\System32\fr-FR\fsquirt.exe.mui --a---- 14848 bytes [06:30 17/03/2011] [01:48 14/07/2009] 71C33167BCD5C9751ECA0768F19CF1E4

C:\Windows\System32\he-IL\fsquirt.exe.mui --a---- 11264 bytes [06:41 17/03/2011] [01:44 14/07/2009] FEBF0168AFF1EBA6C978806D81614FA9

C:\Windows\System32\hu-HU\fsquirt.exe.mui --a---- 13312 bytes [06:59 17/03/2011] [01:48 14/07/2009] 34B0442E4C87DE743E664B03CF2B3243

C:\Windows\System32\it-IT\fsquirt.exe.mui --a---- 14336 bytes [19:24 17/03/2011] [01:47 14/07/2009] 16EBC4EC4495AF389F1702853E940ABE

C:\Windows\System32\ja-JP\fsquirt.exe.mui --a---- 9216 bytes [19:59 17/03/2011] [03:42 14/07/2009] 3612CF748A84F9D16DD372A853D20A7C

C:\Windows\System32\lv-LV\fsquirt.exe.mui --a---- 13312 bytes [19:33 17/03/2011] [01:37 14/07/2009] BB4CF3C668028B7E12F420E5BBB02CCF

C:\Windows\System32\nb-NO\fsquirt.exe.mui --a---- 12800 bytes [01:08 17/03/2011] [01:38 14/07/2009] 7063D17B986CAE0F6641AF072B57A61A

C:\Windows\System32\nl-NL\fsquirt.exe.mui --a---- 14336 bytes [19:40 17/03/2011] [01:51 14/07/2009] 710734AA305A87ECC2889572D35E2F73

C:\Windows\System32\pt-BR\fsquirt.exe.mui --a---- 14336 bytes [18:43 17/03/2011] [01:44 14/07/2009] DA142098F74C9ADDDA0B8DAC41AF8739

C:\Windows\System32\pt-PT\fsquirt.exe.mui --a---- 14848 bytes [19:16 17/03/2011] [01:48 14/07/2009] E04C31933953B14C982DFC26645F3159

C:\Windows\System32\ru-RU\fsquirt.exe.mui --a---- 13824 bytes [18:51 17/03/2011] [01:48 14/07/2009] 59451F64546D8D4A4F90A3917F6EA131

C:\Windows\System32\sk-SK\fsquirt.exe.mui --a---- 13824 bytes [20:12 17/03/2011] [01:29 14/07/2009] D2E4835CA41C12BB495773D75902896A

C:\Windows\System32\sl-SI\fsquirt.exe.mui --a---- 13824 bytes [20:38 17/03/2011] [02:25 14/07/2009] 443FA05F2C6837E3266061F062B0E8D1

C:\Windows\System32\sv-SE\fsquirt.exe.mui --a---- 12800 bytes [06:54 17/03/2011] [01:49 14/07/2009] 6FF91DF66B11654929CA64DA4DB77E27

C:\Windows\System32\th-TH\fsquirt.exe.mui --a---- 12800 bytes [06:45 17/03/2011] [01:42 14/07/2009] 0B6A52B3679ACBE446967B7BF1B1FFEE

C:\Windows\System32\zh-CN\fsquirt.exe.mui --a---- 7680 bytes [08:55 17/03/2011] [02:54 14/07/2009] A6B6D0E416B3C3609AE3D8E8B6F891F5

C:\Windows\System32\zh-HK\fsquirt.exe.mui --a---- 7680 bytes [06:35 17/03/2011] [01:41 14/07/2009] A4C30CCAE4E4FB40F31C877B9F072AC5

C:\Windows\winsxs\x86_bth.inf.resources_31bf3856ad364e35_6.1.7600.16385_ar-sa_c3c264341607e4be\fsquirt.exe.mui --a---- 12288 bytes [06:49 17/03/2011] [01:45 14/07/2009] 1177AB3ED110D80AAB27271B7FBD1E06

C:\Windows\winsxs\x86_bth.inf.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_150bbc57f4101240\fsquirt.exe.mui --a---- 13824 bytes [06:26 17/03/2011] [01:40 14/07/2009] 5673C1FCD36E5A010410132595CDF4EA

C:\Windows\winsxs\x86_bth.inf.resources_31bf3856ad364e35_6.1.7600.16385_da-dk_b2459c7eea560e3f\fsquirt.exe.mui --a---- 13312 bytes [19:07 17/03/2011] [01:39 14/07/2009] ECCA162B7ACA93CAB2D3D01358499593

C:\Windows\winsxs\x86_bth.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_af7131baec2c62d9\fsquirt.exe.mui --a---- 15360 bytes [18:31 17/03/2011] [01:41 14/07/2009] 20DE1674F21E1DAE97DF5E175A88A657

C:\Windows\winsxs\x86_bth.inf.resources_31bf3856ad364e35_6.1.7600.16385_el-gr_58075f4ddb41cb67\fsquirt.exe.mui --a---- 14848 bytes [07:04 17/03/2011] [01:44 14/07/2009] D7EC28ADC0A3732F821DF2AA51353714

C:\Windows\winsxs\x86_bth.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_586207b3db0a6e9e\fsquirt.exe.mui --a---- 13312 bytes [04:54 14/07/2009] [02:03 14/07/2009] 53AFB2D9998BDB8273269AE30F19CFC6

C:\Windows\winsxs\x86_bth.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_582d6497db316043\fsquirt.exe.mui --a---- 14336 bytes [18:59 17/03/2011] [01:47 14/07/2009] 5EEC5FC36255B32D7061168EC7B8D564

C:\Windows\winsxs\x86_bth.inf.resources_31bf3856ad364e35_6.1.7600.16385_et-ee_51ed3027df373cd2\fsquirt.exe.mui --a---- 12800 bytes [20:30 17/03/2011] [02:22 14/07/2009] E25C973CCA9A58C8B0139150445CA388

C:\Windows\winsxs\x86_bth.inf.resources_31bf3856ad364e35_6.1.7600.16385_fi-fi_f7486944d04b526d\fsquirt.exe.mui --a---- 13312 bytes [19:49 17/03/2011] [01:45 14/07/2009] E2DCBC171B9D7A50B65A1D08557C01D8

C:\Windows\winsxs\x86_bth.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_fae4da96ce0376a5\fsquirt.exe.mui --a---- 14848 bytes [06:30 17/03/2011] [01:48 14/07/2009] 71C33167BCD5C9751ECA0768F19CF1E4

C:\Windows\winsxs\x86_bth.inf.resources_31bf3856ad364e35_6.1.7600.16385_he-il_3f048238b4727793\fsquirt.exe.mui --a---- 11264 bytes [06:41 17/03/2011] [01:44 14/07/2009] FEBF0168AFF1EBA6C978806D81614FA9

C:\Windows\winsxs\x86_bth.inf.resources_31bf3856ad364e35_6.1.7600.16385_hu-hu_42555adeb26345c1\fsquirt.exe.mui --a---- 13312 bytes [06:59 17/03/2011] [01:48 14/07/2009] 34B0442E4C87DE743E664B03CF2B3243

C:\Windows\winsxs\x86_bth.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_e50cd0dda5355c23\fsquirt.exe.mui --a---- 14336 bytes [19:24 17/03/2011] [01:47 14/07/2009] 16EBC4EC4495AF389F1702853E940ABE

C:\Windows\winsxs\x86_bth.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_87324fea98506dfe\fsquirt.exe.mui --a---- 9216 bytes [19:59 17/03/2011] [03:42 14/07/2009] 3612CF748A84F9D16DD372A853D20A7C

C:\Windows\winsxs\x86_bth.inf.resources_31bf3856ad364e35_6.1.7600.16385_lv-lv_cf34c7247c6741a1\fsquirt.exe.mui --a---- 13312 bytes [19:33 17/03/2011] [01:37 14/07/2009] BB4CF3C668028B7E12F420E5BBB02CCF

C:\Windows\winsxs\x86_bth.inf.resources_31bf3856ad364e35_6.1.7600.16385_nb-no_132eadd462e660d0\fsquirt.exe.mui --a---- 12800 bytes [01:08 17/03/2011] [01:38 14/07/2009] 7063D17B986CAE0F6641AF072B57A61A

C:\Windows\winsxs\x86_bth.inf.resources_31bf3856ad364e35_6.1.7600.16385_nl-nl_116df91264126aa5\fsquirt.exe.mui --a---- 14336 bytes [19:40 17/03/2011] [01:51 14/07/2009] 710734AA305A87ECC2889572D35E2F73

C:\Windows\winsxs\x86_bth.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_59fe3e3847be6c3d\fsquirt.exe.mui --a---- 14336 bytes [18:43 17/03/2011] [01:44 14/07/2009] DA142098F74C9ADDDA0B8DAC41AF8739

C:\Windows\winsxs\x86_bth.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-pt_5ae00da4472ddc19\fsquirt.exe.mui --a---- 14848 bytes [19:16 17/03/2011] [01:48 14/07/2009] E04C31933953B14C982DFC26645F3159

C:\Windows\winsxs\x86_bth.inf.resources_31bf3856ad364e35_6.1.7600.16385_ru-ru_a1831f682c0f6a45\fsquirt.exe.mui --a---- 13824 bytes [18:51 17/03/2011] [01:48 14/07/2009] 59451F64546D8D4A4F90A3917F6EA131

C:\Windows\winsxs\x86_bth.inf.resources_31bf3856ad364e35_6.1.7600.16385_sk-sk_409e241521295c6f\fsquirt.exe.mui --a---- 13824 bytes [20:12 17/03/2011] [01:29 14/07/2009] D2E4835CA41C12BB495773D75902896A

C:\Windows\winsxs\x86_bth.inf.resources_31bf3856ad364e35_6.1.7600.16385_sl-si_3fb045cd21c36f52\fsquirt.exe.mui --a---- 13824 bytes [20:38 17/03/2011] [02:25 14/07/2009] 443FA05F2C6837E3266061F062B0E8D1

C:\Windows\winsxs\x86_bth.inf.resources_31bf3856ad364e35_6.1.7600.16385_sv-se_3d7e09dd233874a0\fsquirt.exe.mui --a---- 12800 bytes [06:54 17/03/2011] [01:49 14/07/2009] 6FF91DF66B11654929CA64DA4DB77E27

C:\Windows\winsxs\x86_bth.inf.resources_31bf3856ad364e35_6.1.7600.16385_th-th_e2882b90147d31e1\fsquirt.exe.mui --a---- 12800 bytes [06:45 17/03/2011] [01:42 14/07/2009] 0B6A52B3679ACBE446967B7BF1B1FFEE

C:\Windows\winsxs\x86_bth.inf.resources_31bf3856ad364e35_6.1.7600.16385_zh-cn_b7e87221c22c48b0\fsquirt.exe.mui --a---- 7680 bytes [08:55 17/03/2011] [02:54 14/07/2009] A6B6D0E416B3C3609AE3D8E8B6F891F5

C:\Windows\winsxs\x86_bth.inf.resources_31bf3856ad364e35_6.1.7600.16385_zh-hk_b6936aafc307bb40\fsquirt.exe.mui --a---- 7680 bytes [06:35 17/03/2011] [01:41 14/07/2009] A4C30CCAE4E4FB40F31C877B9F072AC5

C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.1.7600.16385_none_721b1a5f1ce4cd06\fsquirt.exe --a---- 219648 bytes [23:51 13/07/2009] [01:14 14/07/2009] 63CE6CCFC133AC3C95AF9EF755A774C7

C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.1.7600.16805_none_7271a33d1ca3df41\fsquirt.exe --a---- 219648 bytes [23:51 13/07/2009] [01:14 14/07/2009] 63CE6CCFC133AC3C95AF9EF755A774C7

C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.1.7600.17058_none_723e6e871cc9e764\fsquirt.exe --a---- 219648 bytes [23:51 13/07/2009] [01:14 14/07/2009] 63CE6CCFC133AC3C95AF9EF755A774C7

C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.1.7600.20955_none_72c5306c35ea0ac0\fsquirt.exe --a---- 219648 bytes [23:51 13/07/2009] [01:14 14/07/2009] 63CE6CCFC133AC3C95AF9EF755A774C7

C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.1.7600.21259_none_72c90d8235e69dac\fsquirt.exe --a---- 219648 bytes [23:51 13/07/2009] [01:14 14/07/2009] 63CE6CCFC133AC3C95AF9EF755A774C7

C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.1.7601.17514_none_744c2e2719d350a0\fsquirt.exe --a---- 219648 bytes [08:31 17/03/2011] [12:17 20/11/2010] 368A5F0D5FD18CDBF25E98FB1BDF6DBB

C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.1.7601.17607_none_745a00d719c87ddb\fsquirt.exe --a---- 219648 bytes [08:31 17/03/2011] [12:17 20/11/2010] 368A5F0D5FD18CDBF25E98FB1BDF6DBB

C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.1.7601.17889_none_740585d71a078a5f\fsquirt.exe --a---- 219648 bytes [08:31 17/03/2011] [12:17 20/11/2010] 368A5F0D5FD18CDBF25E98FB1BDF6DBB

C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.1.7601.21716_none_74d7cd6c32ef203f\fsquirt.exe --a---- 219648 bytes [08:31 17/03/2011] [12:17 20/11/2010] 368A5F0D5FD18CDBF25E98FB1BDF6DBB

C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.1.7601.22046_none_74b739963307a1a2\fsquirt.exe --a---- 219648 bytes [08:31 17/03/2011] [12:17 20/11/2010] 368A5F0D5FD18CDBF25E98FB1BDF6DBB

========== regfind ==========

Searching for "fsquirt"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List]

"File1"="C:\Users\Ben\Desktop\fsquirt.jpg"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\Performance\Resolvers]

"SystemBinariesList"="win32k.sys:winlogon.exe:EXPLORER.EXE:CSRSS.Exe:dwm.exe:logon.scr:logonui.exe:lsass.exe:lsm.exe:ntkrpamp.exe:ntoskrnl.exe:RUNDLL32.EXE:services.exe:sppsvc.exe:smss.exe:spoolsv.exe:svchost.exe:taskeng.exe:WinInit.exe:WISPTIS.EXE:dllhost.exe:dllhst3g.exe:cscript.exe:mmc.exe:msiexec.exe:upnpcont.exe:wscript.exe:WUDFHost.exe:dfsvc.exe:dfsvc.exe:fdbs.exe:ntfsbs.exe:memdiag.exe:NETFXSBS10.exe:applaunch.exe:aspnet_compiler.exe:aspnet_regbrowsers.exe:aspnet_regiis.exe:aspnet_regsql.exe:aspnet_state.exe:aspnet_wp.exe:caspol.exe:csc.exe:CVTRES.EXE:dfsvc.exe:dw20.exe:IEExec.exe:ilasm.exe:InstallUtil.exe:jsc.exe:MSBuild.exe:mscorsvw.exe:ngen.exe:RegAsm.exe::RegSvcs.exe:vbc.exe:TrustedInstaller.exe:Aurora.scr:AutoChk.Exe:AUTOFMT.EXE:CHKDSK.EXE:CHKNTFS.EXE:consent.exe:PnPUnattend.exe:PnPutil.exe:RacAgent.exe:fsquirt.exe:Uninst.exe:updateWmc.exe:wmdc.exe:wmdsync.exe:mofcomp.exe:ScrCons.exe:smi2smir.exe:unse

[HKEY_USERS\S-1-5-21-956322425-969636760-2544637902-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List]

"File1"="C:\Users\Ben\Desktop\fsquirt.jpg"

-= EOF =-

MrCharlie · April 1, 2013

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.
AdwCleaner is a tool that deletes :
· Adwares (software ads)
· PUP/LPI (Potentially Undesirable Program)
· Toolbars
· Hijacker (Hijack of the browser's homepage)
It works with a Search and Deletion methode. It can be easily uninstalled using the "Uninstall" mode.

Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
Now click on the Search tab.
Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:

Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

MrC

adams2k5 · April 1, 2013

# AdwCleaner v2.115 - Logfile created 04/01/2013 at 16:51:05

# Updated 17/03/2013 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)

# User : Ben - BEN-PC

# Boot Mode : Normal

# Running from : C:\Users\Ben\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\cuoebtwm.default\searchplugins\Askcom.xml

File Found : C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\cuoebtwm.default\searchplugins\daemon-search.xml

File Found : C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\cuoebtwm.default\searchplugins\SweetIm.xml

Folder Found : C:\Program Files\DAEMON Tools Toolbar

Folder Found : C:\ProgramData\Ask

Folder Found : C:\ProgramData\boost_interprocess

Folder Found : C:\ProgramData\SweetIM

Folder Found : C:\Users\Ben\AppData\Local\APN

Folder Found : C:\Users\Ben\AppData\Local\PackageAware

Folder Found : C:\Users\Ben\AppData\Roaming\iWin

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\PriceGong

Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Found : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils

Key Found : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1

Key Found : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator

Key Found : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1

Key Found : HKLM\SOFTWARE\Classes\sim-packages

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16521

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (en-GB)

File : C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\cuoebtwm.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v26.0.1410.43

File : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [8292 octets] - [01/04/2013 16:49:27]

########## EOF - C:\AdwCleaner[R1].txt - [8283 octets] ##########

MrCharlie · April 1, 2013

Please create a new system restore point before continuing.

Lots of adware found....lets clear it out.....

Please re-run AdwCleaner
Click on Delete button.
Confirm each time with OK if asked.
Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

----------------------------------

Download aswMBR to your desktop.

http://public.avast.com/~gmerek/aswMBR.exe

Double click the aswMBR.exe to run it.

If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".

Click the "Scan" button to start scan.

On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

Please zip it up and attach it to your next post.

MrC

adams2k5 · April 1, 2013

Had a couple of issues, both programs crashed during their initial sweep or deletion runs. Ran it again and it seems to have worked. Here is the log:

# AdwCleaner v2.115 - Logfile created 04/01/2013 at 17:48:49

# Updated 17/03/2013 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)

# User : Ben - BEN-PC

# Boot Mode : Normal

# Running from : C:\Users\Ben\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\cuoebtwm.default\searchplugins\Askcom.xml

File Deleted : C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\cuoebtwm.default\searchplugins\daemon-search.xml

File Deleted : C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\cuoebtwm.default\searchplugins\SweetIm.xml

Folder Deleted : C:\Program Files\DAEMON Tools Toolbar

Folder Deleted : C:\ProgramData\Ask

Folder Deleted : C:\ProgramData\boost_interprocess

Folder Deleted : C:\ProgramData\SweetIM

Folder Deleted : C:\Users\Ben\AppData\Local\APN

Folder Deleted : C:\Users\Ben\AppData\Local\PackageAware

Folder Deleted : C:\Users\Ben\AppData\Roaming\iWin

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils

Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1

Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator

Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1

Key Deleted : HKLM\SOFTWARE\Classes\sim-packages

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16521

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (en-GB)

File : C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\cuoebtwm.default\prefs.js

C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\cuoebtwm.default\user.js ... Deleted !

[OK] File is clean.

-\\ Google Chrome v26.0.1410.43

File : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [8292 octets] - [01/04/2013 16:49:27]

AdwCleaner[s1].txt - [8696 octets] - [01/04/2013 17:48:49]

########## EOF - C:\AdwCleaner[s1].txt - [8756 octets] ##########

Ran aswMBR as well, it only seemed to pick up one service but it would always crash during the sweep.

MrCharlie · April 1, 2013

Is there any improvement???

-------------------------------------------------------------------

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Here's a video that explains how to run it if needed:

Please download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Put a checkmark beside loaded modules.
A reboot will be needed to apply the changes. Do it.
TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
Then click on Change parameters in TDSSKiller.
Check all boxes then click OK.
Click the Start Scan button.
The scan should take no longer than 2 minutes.
If a suspicious object is detected, the default action will be Skip, click on Continue.

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.
If in doubt about an entry....please ask or choose Skip
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

New window that comes up.

MrC

adams2k5 · April 1, 2013

fsquirt.exe is still popping up on boot. I've run TDSSKiller and attached the logs.

TDSSKiller.2.8.16.0_01.04.2013_21.22.37_log.txt

MrCharlie · April 1, 2013

OK, run me another scan with OTL and post the log (you will only get one)

MrC

adams2k5 · April 2, 2013

OTL logfile created on: 02/04/2013 18:21:41 - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ben\Desktop

Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16521)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.48 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 48.91% Memory free

6.96 Gb Paging File | 4.95 Gb Available in Paging File | 71.19% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 931.51 Gb Total Space | 21.55 Gb Free Space | 2.31% Space Free | Partition Type: NTFS

Drive D: | 39.52 Gb Total Space | 24.68 Gb Free Space | 62.44% Space Free | Partition Type: NTFS

Drive E: | 193.36 Gb Total Space | 191.21 Gb Free Space | 98.89% Space Free | Partition Type: NTFS

Drive F: | 612.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive J: | 304.29 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: BEN-PC | User Name: Ben | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/02 18:21:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ben\Desktop\OTL.exe

PRC - [2013/04/02 16:08:21 | 000,640,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.147.833.0.exe

PRC - [2013/04/02 11:33:22 | 000,237,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

PRC - [2013/03/12 08:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe

PRC - [2013/01/27 12:11:46 | 000,284,304 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MpCmdRun.exe

PRC - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe

PRC - [2013/01/27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2013/01/18 15:21:02 | 000,873,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

PRC - [2013/01/18 15:21:00 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

PRC - [2013/01/18 09:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/12/10 18:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe

PRC - [2012/12/10 18:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

PRC - [2012/11/30 03:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2012/08/25 12:40:56 | 000,112,640 | ---- | M] (AddGadgets) -- C:\Users\Ben\Downloads\PCMeter\PCMeter\PCMeterV0.3.exe

PRC - [2012/08/21 10:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2012/08/21 10:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2012/03/08 20:12:02 | 000,281,880 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

PRC - [2012/01/27 10:40:44 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

PRC - [2011/12/16 14:08:32 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2011/09/01 11:08:24 | 006,705,152 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\PCE-N15 WLAN Card Utilities\RtWLan.exe

PRC - [2011/06/23 16:04:14 | 000,036,864 | ---- | M] (Realtek) -- C:\Program Files\ASUS\PCE-N15 WLAN Card Utilities\RtlService.exe

PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010/12/20 19:18:48 | 000,230,240 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files\UltraMon\UltraMonUiAcc.exe

PRC - [2010/12/20 19:10:14 | 000,352,256 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files\UltraMon\UltraMonTaskbar.exe

PRC - [2010/12/20 19:09:52 | 000,505,856 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files\UltraMon\UltraMon.exe

PRC - [2010/12/08 16:59:22 | 002,901,320 | ---- | M] (O&O Software GmbH) -- C:\Program Files\OO Software\CleverCache\ooccctrl.exe

PRC - [2010/12/08 16:59:20 | 000,705,864 | ---- | M] (O&O Software GmbH) -- C:\Program Files\OO Software\CleverCache\ooccag.exe

PRC - [2010/11/15 12:21:56 | 000,841,544 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe

========== Modules (No Company Name) ==========

MOD - [2013/02/13 19:45:24 | 000,141,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\1ea01658676f73cf48ebde8e904a0464\System.Configuration.Install.ni.dll

MOD - [2013/02/13 19:45:07 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll

MOD - [2013/01/09 09:14:25 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll

MOD - [2013/01/09 08:36:24 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll

MOD - [2013/01/09 08:35:50 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\520a80ddcdd1084993516f4d42a73e05\System.Xml.ni.dll

MOD - [2013/01/09 08:35:46 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll

MOD - [2013/01/09 08:35:44 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll

MOD - [2013/01/09 08:34:09 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll

MOD - [2012/12/23 18:35:38 | 000,008,704 | ---- | M] () -- C:\Users\Ben\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.5.gadget\GetCoreTempInfoNET.dll

MOD - [2012/12/23 18:35:38 | 000,007,680 | ---- | M] () -- C:\Users\Ben\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.5.gadget\SystemInfo.dll

MOD - [2012/12/23 18:35:38 | 000,006,144 | ---- | M] () -- C:\Users\Ben\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.5.gadget\CoreTempReader.dll

MOD - [2012/11/29 22:59:32 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll

MOD - [2012/03/08 20:11:36 | 000,070,424 | ---- | M] () -- C:\Program Files\TortoiseSVN\bin\libsasl32.dll

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)

SRV - [2013/03/13 01:04:25 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/02/16 20:07:48 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\BattlEye\BEService.exe -- (BEService)

SRV - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2013/01/18 09:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/12/30 05:37:07 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/12/10 18:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)

SRV - [2012/12/03 16:39:40 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012/10/05 18:09:17 | 000,529,744 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/08/21 10:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2012/03/19 12:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)

SRV - [2012/03/15 06:20:30 | 000,370,504 | ---- | M] (Splashtop Inc.) [Disabled | Stopped] -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)

SRV - [2012/01/30 13:58:42 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files\Common Files\Desura\desura_service.exe -- (Desura Install Service)

SRV - [2012/01/17 11:24:10 | 000,055,296 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\ASGT.exe -- (ASGT)

SRV - [2011/12/16 14:08:32 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2011/09/07 13:20:04 | 001,244,936 | ---- | M] (Raxco Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)

SRV - [2011/09/07 13:19:58 | 002,117,384 | ---- | M] (Raxco Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe -- (PDEngine)

SRV - [2011/08/30 15:55:54 | 000,160,256 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)

SRV - [2011/06/23 16:04:14 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files\ASUS\PCE-N15 WLAN Card Utilities\RtlService.exe -- (AsusSE)

SRV - [2011/06/06 17:36:00 | 004,005,936 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)

SRV - [2011/03/25 22:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)

SRV - [2010/12/08 16:59:20 | 000,705,864 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\CleverCache\ooccag.exe -- (OOCleverCache)

SRV - [2010/11/15 12:21:54 | 000,477,000 | ---- | M] (Splashtop Inc.) [Disabled | Stopped] -- C:\Program Files\Splashtop\Splashtop Connect\BackService.exe -- (SCBackService)

SRV - [2010/04/06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\AppleChargerSrv.exe -- (AppleChargerSrv)

SRV - [2010/01/21 18:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)

SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/02/06 17:47:12 | 000,105,248 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\logishrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)

SRV - [2007/02/06 17:45:26 | 000,109,344 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- c:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- C:\Users\Ben\AppData\Local\Temp\tmp1479.tmp -- (WinRing0_1_2_0)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Ben\AppData\Local\Temp\catchme.sys -- (catchme)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Ben\AppData\Local\Temp\bDMusicb.sys -- (bDMusicb)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\AmdLLD.sys -- (AmdLLD)

DRV - [2013/02/26 01:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2013/01/20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2012/10/11 16:57:42 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)

DRV - [2012/08/21 10:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012/08/21 10:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012/08/21 10:13:14 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2012/08/21 10:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2012/07/17 19:12:08 | 000,055,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI)

DRV - [2012/07/03 16:25:17 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)

DRV - [2012/01/27 10:39:34 | 000,791,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\iusb3xhc.sys -- (iusb3xhc)

DRV - [2012/01/27 10:39:34 | 000,348,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\iusb3hub.sys -- (iusb3hub)

DRV - [2012/01/27 10:39:34 | 000,013,592 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\iusb3hcs.sys -- (iusb3hcs)

DRV - [2011/11/02 10:48:36 | 000,019,056 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AppleCharger.sys -- (AppleCharger)

DRV - [2011/09/22 18:10:34 | 000,238,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0105.sys -- (RsFx0105)

DRV - [2011/09/21 10:25:34 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)

DRV - [2011/09/07 15:48:36 | 000,066,832 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PDFsFilter.sys -- (PDFSFilter)

DRV - [2011/08/04 15:16:16 | 000,138,768 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DefragFs.sys -- (DefragFS)

DRV - [2011/06/29 06:45:11 | 001,037,416 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192ce.sys -- (RTL8192Ce)

DRV - [2011/03/25 22:27:32 | 000,032,368 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)

DRV - [2011/03/24 08:53:02 | 000,168,448 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juwwanecm.sys -- (huawei_wwanecm)

DRV - [2011/03/24 08:53:02 | 000,085,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)

DRV - [2011/03/24 08:53:02 | 000,072,832 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)

DRV - [2011/03/24 08:53:02 | 000,026,496 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)

DRV - [2011/03/24 08:53:00 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)

DRV - [2010/11/20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)

DRV - [2010/11/20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

DRV - [2010/11/20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)

DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010/11/20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010/11/20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2010/11/20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)

DRV - [2010/11/11 11:04:54 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmusb.sys -- (vmusb)

DRV - [2010/08/19 14:56:38 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)

DRV - [2010/03/05 10:49:58 | 000,033,280 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IOMap.sys -- (IOMap)

DRV - [2009/09/28 17:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)

DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)

DRV - [2009/02/25 02:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)

DRV - [2008/11/14 03:11:30 | 000,017,184 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys -- (UltraMonUtility)

DRV - [2007/06/02 22:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)

DRV - [2007/02/06 17:45:04 | 000,025,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)

DRV - [2007/02/06 17:44:36 | 001,964,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)

DRV - [2007/02/06 17:42:40 | 001,691,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)

DRV - [2007/02/03 18:32:36 | 000,041,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)

DRV - [2007/02/03 18:25:56 | 001,075,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Camdrl.sys -- (CamDrL)

DRV - [2001/07/13 13:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SBKUPNT.SYS -- (SBKUPNT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C 81 20 29 37 E4 CB 01 [binary data]

IE - HKCU\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files\Splashtop\Splashtop Connect IE\AddressBarSearch.dll (Splashtop Inc.)

IE - HKCU\..\SearchScopes,DefaultScope = {4E38E9E7-1452-4fff-B85D-4E75C4456A13}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR

IE - HKCU\..\SearchScopes\{0990C061-9F14-42AC-B29C-01EEB98DC13F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH

IE - HKCU\..\SearchScopes\{4E38E9E7-1452-4fff-B85D-4E75C4456A13}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{CF285E56-5626-419b-8BB2-B620F6B551BB}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV

IE - HKCU\..\SearchScopes\{EE30F140-AFEC-44C0-AD4B-FAD74A6700B7}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U4&apn_dtid=OSJ000YYUK&apn_uid=96EE8A84-3F71-4E17-83AE-D74B2408EA2E&apn_sauid=BBFB5497-237A-4C80-910D-57FCE37DB766

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox"

FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1466

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.order.1: "Google"

FF - prefs.js..browser.search.defaultengine: "Google"

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=utf-8&q="

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@comrade.gamespy.com/comrade: C:\Program Files\GameSpy\Comrade\npcomrade.dll (IGN Entertainment)

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ben\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ben\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ben\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKCU\Software\MozillaPlugins\BYOND: C:\Program Files\BYOND\bin\npbyond.dll (BYOND)

FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}: C:\Program Files\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}: C:\Program Files\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/03/26 21:34:23 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/30 05:37:08 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/20 19:39:12 | 000,000,000 | ---D | M]

[2011/03/17 00:57:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ben\AppData\Roaming\Mozilla\Extensions

[2013/03/29 16:08:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\cuoebtwm.default\extensions

[2012/12/30 05:38:06 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\cuoebtwm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2012/12/30 05:37:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/09/27 17:47:56 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012/12/30 05:37:07 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2008/07/08 22:07:06 | 000,040,960 | ---- | M] (BYOND) -- C:\Program Files\mozilla firefox\plugins\npbyond.dll

[2011/07/11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

[2012/12/30 05:37:05 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml

[2012/12/30 05:37:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/12/30 05:37:05 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml

[2012/12/30 05:37:05 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml

[2012/12/30 05:37:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

[2012/12/30 05:37:05 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ben\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Ben\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ben\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll

CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\npSkypeChromePlugin.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: BYOND stub plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npbyond.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL

CHR - plugin: Comrade Plugin (Enabled) = C:\Program Files\GameSpy\Comrade\npcomrade.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Unity Player (Enabled) = C:\Users\Ben\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll

CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll

CHR - Extension: AdBlock = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\

CHR - Extension: avast! WebRep = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\

CHR - Extension: Skype Click to Call = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\

CHR - Extension: AdBlock = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\

CHR - Extension: avast! WebRep = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\

CHR - Extension: Skype Click to Call = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\

O1 HOSTS File: ([2013/03/30 14:59:27 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [iMSS] C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)

O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [OOCCCTRL.EXE] C:\Program Files\OO Software\CleverCache\ooccctrl.exe (O&O Software GmbH)

O4 - HKLM..\Run: [sTCAgent] C:\Program Files\Splashtop\Splashtop Connect IE\STCAgent.exe (Splashtop Inc.)

O4 - HKLM..\Run: [uSB3MON] C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)

O4 - HKLM..\Run: [ZyngaGamesAgent] C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Splashtop Inc.)

O4 - Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab (IGDTester Class)

O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.17.2)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553560000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab (SysInfo Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95BB9700-9CD0-4DE7-81EA-337B02928608}: DhcpNameServer = 62.253.162.232 194.168.4.37

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B17150D-CA52-4BED-8BF0-4FA9459FE804}: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2003/08/08 15:45:58 | 000,000,043 | R--- | M] () - F:\AutoRun.inf -- [ CDFS ]

O32 - AutoRun File - [2003/08/08 16:04:18 | 000,190,234 | R--- | M] () - F:\autoplay.exe -- [ CDFS ]

O32 - AutoRun File - [1995/07/21 16:05:00 | 000,025,600 | R--- | M] () - J:\AUTOPLAY.EXE -- [ CDFS ]

O32 - AutoRun File - [1994/04/26 12:23:48 | 000,000,766 | R--- | M] () - J:\AUTOPLAY.ICO -- [ CDFS ]

O32 - AutoRun File - [1995/07/21 15:55:00 | 000,000,322 | R--- | M] () - J:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (PDBoot.exe)

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/02 18:21:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ben\Desktop\OTL.exe

[2013/04/01 21:22:30 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ben\Desktop\tdsskiller.exe

[2013/03/30 14:59:41 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2013/03/30 14:55:01 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2013/03/30 14:25:33 | 000,000,000 | ---D | C] -- C:\ComboFix

[2013/03/29 01:45:32 | 000,000,000 | ---D | C] -- C:\_OTL

[2013/03/28 09:20:22 | 000,000,000 | ---D | C] -- C:\FRST

[2013/03/28 03:06:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2013/03/28 03:06:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013/03/28 03:06:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2013/03/28 03:03:56 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/03/28 03:03:19 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013/03/27 00:29:39 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\Programs

[2013/03/24 23:45:27 | 000,000,000 | ---D | C] -- C:\Users\Ben\Desktop\Phantom Zombie Pack

[2013/03/24 23:45:21 | 000,000,000 | ---D | C] -- C:\Users\Ben\Desktop\TheStrain

[2013/03/20 22:46:45 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{BE57DB55-B053-42F4-B6AE-7EB9F87ED960}

[2013/03/18 21:49:59 | 000,000,000 | ---D | C] -- C:\Users\Ben\Documents\IAmAlive

[2013/03/17 16:22:37 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\EVE-Central MarketUploader

[2013/03/17 16:22:32 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVE-Central.com

[2013/03/17 16:22:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EVE-Central.com

[2013/03/17 16:22:15 | 000,000,000 | ---D | C] -- C:\Program Files\EVE-Central Contribtastic

[2013/03/15 22:51:02 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Little Inferno

[2013/03/14 00:01:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra

[2013/03/13 23:56:04 | 000,000,000 | ---D | C] -- C:\Program Files\Sierra

[2013/03/13 21:13:37 | 000,000,000 | ---D | C] -- C:\Users\Ben\Shores of Hazeron

[2013/03/10 19:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft

[2013/03/10 19:25:23 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft

[2013/03/09 20:10:48 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Sword of the Stars - The Pit

[2013/03/05 20:24:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft

[7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/02 18:21:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ben\Desktop\OTL.exe

[2013/04/02 18:18:52 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/04/02 18:18:47 | 000,000,308 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job

[2013/04/02 18:12:53 | 000,014,336 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/04/02 18:12:53 | 000,014,336 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/04/02 18:05:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/04/02 18:04:58 | 2802,507,776 | -HS- | M] () -- C:\hiberfil.sys

[2013/04/02 01:04:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/04/02 01:00:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-956322425-969636760-2544637902-1000UA.job

[2013/04/02 00:57:01 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/04/01 21:22:30 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ben\Desktop\tdsskiller.exe

[2013/04/01 21:00:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-956322425-969636760-2544637902-1000Core.job

[2013/04/01 17:57:38 | 000,827,748 | ---- | M] () -- C:\Windows\System32\perfh00C.dat

[2013/04/01 17:57:38 | 000,827,580 | ---- | M] () -- C:\Windows\System32\perfh00A.dat

[2013/04/01 17:57:38 | 000,825,712 | ---- | M] () -- C:\Windows\System32\perfh013.dat

[2013/04/01 17:57:38 | 000,822,656 | ---- | M] () -- C:\Windows\System32\perfh010.dat

[2013/04/01 17:57:38 | 000,810,730 | ---- | M] () -- C:\Windows\System32\prfh0816.dat

[2013/04/01 17:57:38 | 000,806,128 | ---- | M] () -- C:\Windows\System32\perfh019.dat

[2013/04/01 17:57:38 | 000,795,714 | ---- | M] () -- C:\Windows\System32\prfh0416.dat

[2013/04/01 17:57:38 | 000,779,648 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2013/04/01 17:57:38 | 000,766,232 | ---- | M] () -- C:\Windows\System32\perfh00E.dat

[2013/04/01 17:57:38 | 000,749,630 | ---- | M] () -- C:\Windows\System32\perfh005.dat

[2013/04/01 17:57:38 | 000,744,606 | ---- | M] () -- C:\Windows\System32\perfh01D.dat

[2013/04/01 17:57:38 | 000,743,556 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013/04/01 17:57:38 | 000,690,424 | ---- | M] () -- C:\Windows\System32\perfh008.dat

[2013/04/01 17:57:38 | 000,590,454 | ---- | M] () -- C:\Windows\System32\perfh006.dat

[2013/04/01 17:57:38 | 000,575,306 | ---- | M] () -- C:\Windows\System32\perfh014.dat

[2013/04/01 17:57:38 | 000,562,768 | ---- | M] () -- C:\Windows\System32\perfh00B.dat

[2013/04/01 17:57:38 | 000,560,170 | ---- | M] () -- C:\Windows\System32\perfh001.dat

[2013/04/01 17:57:38 | 000,494,688 | ---- | M] () -- C:\Windows\System32\perfh011.dat

[2013/04/01 17:57:38 | 000,478,180 | ---- | M] () -- C:\Windows\System32\prfh0404.dat

[2013/04/01 17:57:38 | 000,472,594 | ---- | M] () -- C:\Windows\System32\perfh00D.dat

[2013/04/01 17:57:38 | 000,460,878 | ---- | M] () -- C:\Windows\System32\prfh0804.dat

[2013/04/01 17:57:38 | 000,209,270 | ---- | M] () -- C:\Windows\System32\perfc00E.dat

[2013/04/01 17:57:38 | 000,196,126 | ---- | M] () -- C:\Windows\System32\perfc00A.dat

[2013/04/01 17:57:38 | 000,190,064 | ---- | M] () -- C:\Windows\System32\perfc013.dat

[2013/04/01 17:57:38 | 000,189,946 | ---- | M] () -- C:\Windows\System32\prfc0816.dat

[2013/04/01 17:57:38 | 000,187,488 | ---- | M] () -- C:\Windows\System32\perfc019.dat

[2013/04/01 17:57:38 | 000,186,382 | ---- | M] () -- C:\Windows\System32\perfc00C.dat

[2013/04/01 17:57:38 | 000,185,774 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2013/04/01 17:57:38 | 000,184,748 | ---- | M] () -- C:\Windows\System32\prfc0416.dat

[2013/04/01 17:57:38 | 000,184,064 | ---- | M] () -- C:\Windows\System32\perfc010.dat

[2013/04/01 17:57:38 | 000,179,226 | ---- | M] () -- C:\Windows\System32\perfc01D.dat

[2013/04/01 17:57:38 | 000,178,276 | ---- | M] () -- C:\Windows\System32\perfc005.dat

[2013/04/01 17:57:38 | 000,158,448 | ---- | M] () -- C:\Windows\System32\perfc011.dat

[2013/04/01 17:57:38 | 000,158,448 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013/04/01 17:57:38 | 000,156,308 | ---- | M] () -- C:\Windows\System32\prfc0804.dat

[2013/04/01 17:57:38 | 000,151,394 | ---- | M] () -- C:\Windows\System32\prfc0404.dat

[2013/04/01 17:57:38 | 000,148,936 | ---- | M] () -- C:\Windows\System32\perfc008.dat

[2013/04/01 17:57:38 | 000,138,468 | ---- | M] () -- C:\Windows\System32\perfc00B.dat

[2013/04/01 17:57:38 | 000,135,672 | ---- | M] () -- C:\Windows\System32\perfc006.dat

[2013/04/01 17:57:38 | 000,131,830 | ---- | M] () -- C:\Windows\System32\perfc014.dat

[2013/04/01 17:57:38 | 000,131,044 | ---- | M] () -- C:\Windows\System32\perfc001.dat

[2013/04/01 17:57:38 | 000,121,154 | ---- | M] () -- C:\Windows\System32\perfc00D.dat

[2013/03/30 14:59:27 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2013/03/29 16:21:00 | 039,777,624 | ---- | M] () -- C:\Users\Ben\Desktop\SWTOR_setup.exe

[2013/03/29 02:35:07 | 000,001,049 | ---- | M] () -- C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2013/03/24 15:07:33 | 009,998,094 | ---- | M] () -- C:\Users\Ben\Desktop\wing_commander_reference_cards.zip

[2013/03/24 15:07:23 | 002,735,435 | ---- | M] () -- C:\Users\Ben\Desktop\wing_commander_manual.zip

[2013/03/15 02:53:04 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf

[2013/03/14 21:58:18 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll

[2013/03/13 22:33:13 | 000,001,020 | ---- | M] () -- C:\Users\Ben\Desktop\Shores of Hazeron.lnk

[7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/29 16:20:34 | 039,777,624 | ---- | C] () -- C:\Users\Ben\Desktop\SWTOR_setup.exe

[2013/03/28 03:06:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013/03/28 03:06:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013/03/28 03:06:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013/03/28 03:06:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013/03/28 03:06:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013/03/24 15:07:31 | 009,998,094 | ---- | C] () -- C:\Users\Ben\Desktop\wing_commander_reference_cards.zip

[2013/03/24 15:07:22 | 002,735,435 | ---- | C] () -- C:\Users\Ben\Desktop\wing_commander_manual.zip

[2013/03/15 02:53:04 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf

[2013/03/14 02:47:41 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll

[2013/03/13 22:33:13 | 000,001,020 | ---- | C] () -- C:\Users\Ben\Desktop\Shores of Hazeron.lnk

[2012/12/01 16:43:04 | 000,056,320 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

[2012/11/30 01:58:07 | 000,007,200 | ---- | C] () -- C:\Windows\OUTHELP.DLL

[2012/10/31 19:24:21 | 000,000,459 | ---- | C] () -- C:\Users\Ben\AppData\Roaming\Drives Meter_Settings.ini

[2012/10/11 14:43:46 | 000,000,440 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2012/09/29 15:20:54 | 000,000,381 | ---- | C] () -- C:\Users\Ben\AppData\Roaming\Network Meter_Settings.ini

[2012/09/26 20:38:14 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe

[2012/09/23 20:11:55 | 000,014,976 | ---- | C] () -- C:\Windows\System32\drivers\SBKUPNT.SYS

[2012/09/23 20:11:55 | 000,013,312 | ---- | C] () -- C:\Windows\System32\DEVLOAD.EXE

[2012/09/23 20:11:39 | 000,002,799 | ---- | C] () -- C:\Windows\SKLANG.INI

[2012/09/08 16:11:22 | 000,024,944 | ---- | C] () -- C:\Windows\System32\drivers\GVTDrv.sys

[2012/09/08 15:53:50 | 000,031,272 | ---- | C] () -- C:\Windows\System32\AppleChargerSrv.exe

[2012/09/08 15:53:50 | 000,019,056 | ---- | C] () -- C:\Windows\System32\drivers\AppleCharger.sys

[2012/09/08 15:51:37 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

[2012/09/08 15:48:23 | 000,215,644 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT

[2012/09/08 15:44:07 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

[2012/09/08 15:35:14 | 002,953,448 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin

[2012/04/19 17:23:34 | 000,000,600 | ---- | C] () -- C:\Users\Ben\AppData\Roaming\winscp.rnd

[2012/03/25 05:03:50 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll

[2012/03/25 05:03:50 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll

[2012/03/25 05:03:50 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll

[2012/03/06 21:55:56 | 000,187,996 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat

[2012/02/29 00:41:06 | 000,137,636 | ---- | C] () -- C:\Windows\HPHins15.dat

[2012/01/28 13:14:48 | 000,000,455 | ---- | C] () -- C:\Windows\SIERRA.INI

[2012/01/17 11:24:10 | 000,055,296 | ---- | C] () -- C:\Windows\System32\ASGT.exe

[2011/11/30 20:53:34 | 000,171,008 | ---- | C] () -- C:\Windows\System32\libbluray.dll

[2011/11/30 20:53:26 | 006,244,574 | ---- | C] () -- C:\Windows\System32\avcodec-lav-53.dll

[2011/11/30 20:53:26 | 000,957,031 | ---- | C] () -- C:\Windows\System32\avformat-lav-53.dll

[2011/11/30 20:53:26 | 000,337,369 | ---- | C] () -- C:\Windows\System32\swscale-lav-2.dll

[2011/11/30 20:53:26 | 000,197,696 | ---- | C] () -- C:\Windows\System32\avutil-lav-51.dll

[2011/11/30 20:53:26 | 000,127,340 | ---- | C] () -- C:\Windows\System32\avfilter-lav-2.dll

[2011/11/24 21:22:32 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe

[2011/11/20 12:34:48 | 003,900,928 | ---- | C] () -- C:\Windows\System32\ffmpeg.dll

[2011/11/20 12:09:44 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2011/11/20 12:07:24 | 000,259,584 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll

[2011/11/20 12:07:06 | 000,133,632 | ---- | C] () -- C:\Windows\System32\IntelQuickSyncDecoder.dll

[2011/11/20 12:07:04 | 000,158,720 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll

[2011/11/20 12:07:04 | 000,097,280 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll

[2011/11/20 12:07:02 | 001,524,224 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll

[2011/11/20 12:07:02 | 000,211,456 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll

[2011/11/20 12:07:02 | 000,145,920 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll

[2011/11/20 12:07:02 | 000,113,664 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll

[2011/11/20 12:07:00 | 000,327,680 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll

[2011/11/20 12:06:58 | 000,136,704 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll

[2011/10/26 03:28:09 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini

[2011/10/26 02:08:27 | 000,053,248 | ---- | C] () -- C:\Windows\System32\zlib.dll

[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

[2011/08/14 18:03:49 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini

[2011/08/12 05:32:30 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat

[2011/06/16 00:00:27 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat

[2011/05/30 14:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2011/05/23 08:46:30 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2011/05/22 18:46:01 | 000,000,055 | ---- | C] () -- C:\Windows\SpeedGear.INI

[2011/05/17 20:57:50 | 000,000,017 | ---- | C] () -- C:\Windows\popcinfo.dat

[2011/05/16 21:36:23 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys

[2011/05/16 21:36:23 | 000,022,328 | ---- | C] () -- C:\Users\Ben\AppData\Roaming\PnkBstrK.sys

[2011/05/16 21:35:28 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe

[2011/05/16 21:35:20 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe

[2011/05/16 21:35:18 | 002,506,752 | ---- | C] () -- C:\Windows\System32\pbsvc_new_5-9-08.exe

[2011/03/17 00:45:55 | 000,007,602 | ---- | C] () -- C:\Users\Ben\AppData\Local\resmon.resmoncfg

========== ZeroAccess Check ==========

[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

[2013/01/11 20:56:41 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\.minecraft

[2012/12/08 15:01:58 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\.mono

[2013/01/28 20:01:37 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\.techniclauncher

[2012/05/02 22:27:29 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\8-Bit Commando

[2012/01/15 13:47:40 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\ArmA II Launcher

[2011/03/17 09:57:45 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\AtomZombieData

[2011/03/17 08:07:32 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\AtomZombieDemoData

[2012/11/24 19:54:12 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Audacity

[2011/12/27 06:28:28 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Beat Hazard

[2012/04/29 15:22:56 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\BigHugeEngine

[2012/05/05 20:12:19 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\BoneCraft

[2011/03/17 00:57:13 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\BoneTown

[2012/11/18 02:48:22 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Carbon

[2011/03/31 21:57:31 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\com.gog.downloader.87F90EC6C28C7E479115BE2E026DB87A08BC420D.1

[2011/07/15 09:48:26 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\DAEMON Tools Lite

[2011/03/17 00:57:13 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\DriverFinder

[2013/04/02 18:19:18 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Dropbox

[2012/11/13 22:01:21 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Dwarfs

[2013/02/25 02:23:35 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\EVEMon

[2012/04/11 01:40:13 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\EvoSettings

[2013/03/19 00:59:10 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\FileZilla

[2011/10/31 01:31:41 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\GameRanger

[2011/05/28 01:18:44 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Gearbox Software

[2012/12/22 18:18:46 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\GlarySoft

[2011/10/19 00:16:27 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Kalypso Media

[2013/03/17 16:06:24 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Little Inferno

[2011/08/12 05:32:51 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\MinMaxGames

[2011/07/08 01:02:49 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Mount&Blade Warband

[2012/01/07 06:16:40 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Mumble

[2012/01/14 19:05:42 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\NationRed

[2012/11/15 20:44:29 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Natural Selection 2

[2011/07/21 17:57:38 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Notepad++

[2013/03/05 01:17:51 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Origin

[2011/03/21 19:34:27 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Petroglyph

[2012/04/07 04:12:06 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\PFStaticIP

[2012/01/30 20:54:53 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\PlayFirst

[2011/12/29 21:06:12 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Polynomial

[2011/06/18 04:58:09 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\PunkBuster

[2011/03/17 00:57:49 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Registry Mechanic

[2011/03/18 00:54:02 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\runic games

[2012/05/26 00:56:24 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\six-updater

[2012/03/06 23:26:53 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\six-zsync

[2011/03/22 07:25:06 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\SoftMaker

[2012/05/28 21:34:58 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Spirited Machine

[2012/09/08 15:45:43 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Splashtop

[2011/03/17 00:58:05 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Stardock

[2011/03/17 00:58:05 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Subversion

[2013/03/09 20:59:49 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Sword of the Stars - The Pit

[2012/01/02 01:35:56 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\System

[2011/07/24 21:17:23 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\TeamViewer

[2011/10/28 07:27:03 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\The Creative Assembly

[2012/11/29 22:23:49 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Tropico 3

[2013/04/01 20:29:59 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\TS3Client

[2011/09/24 22:31:42 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\ts3overlay

[2013/01/21 19:49:50 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Ubisoft

[2011/03/17 00:58:05 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Unity

[2011/11/07 18:33:04 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\uqm

[2013/02/16 19:29:12 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\uTorrent

[2012/07/15 19:05:52 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\VenusHostage

[2012/07/30 23:13:25 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Vodafone

[2012/04/23 18:33:46 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Windows Live Writer

[2012/01/02 01:37:31 | 000,000,000 | -HSD | M] -- C:\Users\Ben\AppData\Roaming\wyUpdate AU

[2012/11/10 14:35:12 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Zeal Game Studio

[2012/10/27 16:14:20 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\ZombieDriver

[2013/02/07 10:57:37 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\{AFB0853A-ABDB-4D0B-8D48-E38A88EA82B1}

[2013/02/15 18:42:24 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\{BF856AA5-057D-4E15-BC18-DE728948B560}

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:13A59596

< End of report >

MrCharlie · April 3, 2013

Do you recognize this file:

C:\Windows\OUTHELP.DLL

If not please upload it to VirusTotal for a free scan, let me know the results. (just copy back the url)

http://www.virustotal.com/

-----------------------------

Please do this:

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in bold:

:OTL

DRV - File not found [Kernel | On_Demand | Running] -- C:\Users\Ben\AppData\Local\Temp\tmp1479.tmp -- (WinRing0_1_2_0)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Ben\AppData\Local\Temp\catchme.sys -- (catchme)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Ben\AppData\Local\Temp\bDMusicb.sys -- (bDMusicb)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\AmdLLD.sys -- (AmdLLD)

IE - HKCU\..\SearchScopes\{EE30F140-AFEC-44C0-AD4B-FAD74A6700B7}: "URL" = http://websearch.ask...0D-57FCE37DB766

:Commands

[EMPTYJAVA]

[emptytemp]

[EMPTYFLASH]

[*]Then click the Run Fix button at the top

[*]Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"

[*]Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

-----------------------

Next...........

Please download and run DrWeb Cure-It as outlined in the link below:

http://forums.malwar...ndpost&p=663593

Let me know.......MrC

adams2k5 · April 3, 2013

I ran the fix as instructed, however the program crashed whilst running it. Here is the log after reboot

All processes killed

========== OTL ==========

Service WinRing0_1_2_0 stopped successfully!

Service WinRing0_1_2_0 deleted successfully!

File C:\Users\Ben\AppData\Local\Temp\tmp1479.tmp not found.

Service VMnetAdapter stopped successfully!

Service VMnetAdapter deleted successfully!

File system32\DRIVERS\vmnetadapter.sys not found.

Service VGPU stopped successfully!

Service VGPU deleted successfully!

File System32\drivers\rdvgkmd.sys not found.

Service tsusbhub stopped successfully!

Service tsusbhub deleted successfully!

File system32\drivers\tsusbhub.sys not found.

Service Synth3dVsc stopped successfully!

Service Synth3dVsc deleted successfully!

File System32\drivers\synth3dvsc.sys not found.

Service catchme stopped successfully!

Service catchme deleted successfully!

File C:\Users\Ben\AppData\Local\Temp\catchme.sys not found.

Service bDMusicb stopped successfully!

Service bDMusicb deleted successfully!

File C:\Users\Ben\AppData\Local\Temp\bDMusicb.sys not found.

Service AmdLLD stopped successfully!

Service AmdLLD deleted successfully!

File system32\DRIVERS\AmdLLD.sys not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EE30F140-AFEC-44C0-AD4B-FAD74A6700B7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE30F140-AFEC-44C0-AD4B-FAD74A6700B7}\ not found.

File PTYJAVA] not found.

File ptytemp] not found.

File PTYFLASH] not found.

OTL by OldTimer - Version 3.2.69.0 log created on 04032013_194227

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Also ran DrWebCureit and nothing was found.

fsquirt is still popping up on boot however.

MrCharlie · April 3, 2013

Are you using a router??

------------------------

Reset IE & Firefox back to defaults:

http://www.mostiwant...7-8-9-settings/ <----IE reset

http://support.mozil...x-most-problems <---reset FF

MrC

adams2k5 · April 4, 2013

Oh, forgot to upload the link.

https://www.virustotal.com/en/file/d24af9b0461a0b132544e278cbaf1642e58aba27d2fb19cddf74af299bd5bf60/analysis/

MrCharlie · April 4, 2013

OK, clean. Did you see my post above yours? MrC

adams2k5 · April 4, 2013

Yes I am using a router.

I have reset both browsers and tried to change my default one. fsquirt.exe still appears when the machine boots

MrCharlie · April 4, 2013

How about re-installing Chrome.

Let me know...MrC

adams2k5 · April 4, 2013

Uninstalled Chrome, however fsquirt is still popping up in IE as my new default browser

MrCharlie · April 5, 2013

Can you by-pass the router or reset it?? MrC

adams2k5 · April 6, 2013

I cant bypass the router, but I have tried to reset it both through the control panel and a hard reset. That hasn't stopped fsquirt popping up however.

MrCharlie · April 7, 2013

I'm running out of options.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

--------------------------------

Then..........

Download and run silent runners, use the default setting:

http://www.silentrun...r_download.html

Post the log.

MrC

adams2k5 · April 8, 2013

Ran both programs. Here iss the junkware log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.8.3 (04.05.2013:1)

OS: Windows 7 Ultimate x86

Ran by Ben on 08/04/2013 at 20:17:56.79

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\sweetim

~~~ Files

Successfully deleted: [File] C:\eula.1028.txt

Successfully deleted: [File] C:\eula.1031.txt

Successfully deleted: [File] C:\eula.1033.txt

Successfully deleted: [File] C:\eula.1036.txt

Successfully deleted: [File] C:\eula.1040.txt

Successfully deleted: [File] C:\eula.1041.txt

Successfully deleted: [File] C:\eula.1042.txt

Successfully deleted: [File] C:\eula.1049.txt

Successfully deleted: [File] C:\eula.2052.txt

Successfully deleted: [File] C:\install.res.1028.dll

Successfully deleted: [File] C:\install.res.1031.dll

Successfully deleted: [File] C:\install.res.1033.dll

Successfully deleted: [File] C:\install.res.1036.dll

Successfully deleted: [File] C:\install.res.1040.dll

Successfully deleted: [File] C:\install.res.1041.dll

Successfully deleted: [File] C:\install.res.1042.dll

Successfully deleted: [File] C:\install.res.1049.dll

Successfully deleted: [File] C:\install.res.2052.dll

Successfully deleted: [File] C:\install.res.3082.dll

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\splashtop"

Successfully deleted: [Folder] "C:\Users\Ben\AppData\Roaming\registry mechanic"

Successfully deleted: [Folder] "C:\Users\Ben\AppData\Roaming\splashtop"

Successfully deleted: [Folder] "C:\Program Files\registry mechanic"

Failed to delete: [Folder] "C:\Program Files\splashtop"

Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{00231083-8B04-49AE-982D-EE05F03835FF}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{02FCFBFD-E366-42F0-B15B-17422C7CF25E}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{08FF7F6D-F8FE-4E1C-B004-A4F0E187585F}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{15E6D560-B449-47A3-ACAA-4916666D5EC2}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{18DA4B29-19EA-4569-B6B1-BDEEB24477FD}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{19CCA94A-E34B-4648-8C5D-F84947D0A6A5}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{1C0E44AD-7A02-4050-801D-9B53F2292F22}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{1C43243C-2BA0-49B2-AF21-724BEF31FF94}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{1E813953-989A-4888-91A7-E9D31A14ED51}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{1F15C6C9-3380-45BB-AEAD-3B44F6E916C6}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{2081F4DB-9C8A-4F7F-804E-BEFC6C64D8F8}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{210CEEF1-B795-43B5-89FD-7A3786B2993D}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{218D105B-DC8A-4593-9DD7-52711B81DCD5}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{255007C0-C457-435C-8860-90AE3AF808E4}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{27D20322-B7C5-4A2B-9878-AB335EE84963}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{28D98152-8A74-448E-900A-A6ACA900FDF3}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{29356733-1956-4DBF-A815-8B91A17171CE}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{29CAC40F-5915-4068-9224-670075434FCF}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{29CAF4AF-100A-4E51-9F12-60833C53A54D}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{2B1F9CD0-1E1A-4EC6-B30B-4DCB811165B7}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{2C60532F-8701-4D96-8CE3-4490E140D1C1}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{31B94184-3DFA-4906-AD73-53222F4062EF}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{31D1F21C-0B3D-416F-9D22-8C14165BA507}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{3241F387-A423-4F0B-819F-25047C7E7DF5}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{346707E3-95C2-4DFD-9BED-A8B0BF28F1A7}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{3640DAE6-DFD3-453F-B7CD-6D5C521AA6E3}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{3DC3D08B-2AB0-4BEC-BD8D-E41B33030090}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{3E6E2C4D-7412-4499-94ED-9F68E911D974}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{3F9201EF-46F9-4662-A6ED-632490C35934}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{43AB9B5D-F177-4206-8B32-0D4658B5A787}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{48A6B970-5078-4EA6-9342-8D7E7309D3E4}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{4AB73D57-10D9-464D-88D5-621ADDBFABAF}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{50859089-011C-4E09-95AB-2FFDC4668667}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{58C34592-8E85-4974-9791-46CCE1A4DC5D}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{5902D625-CBE1-4966-8D54-3F32B3679AE3}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{5AF4AE7B-60AD-46BF-A731-02034465312C}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{5CE06111-DD05-4C7B-AF71-99AB10B0EF75}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{5D10569A-27B9-4798-B1DF-E2C8ABF50606}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{5DD3AD5D-E700-4E65-9B38-1EBDFFB4470C}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{65C2114B-561E-49F3-A0B0-C1040E6C7E83}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{6843A471-6AE0-4184-8489-46610DDC0B63}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{6849F106-2AA5-4900-9354-786787BE3AE9}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{6A3C826D-E65B-4BD2-82DC-728F25892358}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{738305AA-F73C-4BCB-B928-1674DA445F2C}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{761D5C26-CB45-48DF-9CFB-C233C27BDCBD}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{7627718A-9F27-470D-ACAA-ACFB836C27EB}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{78DD88DB-3475-474B-B93A-E4A13581B0C4}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{7F4CD4D7-039C-46A9-8FF6-A4A9416A4389}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{7F5F30CE-E441-4FFD-BF6C-2AFB71B07D8F}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{8878E495-8AAE-4C8B-8FA3-76370780E248}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{88E7FBCA-A854-4933-8E46-44F74BF5CC9E}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{8932C8F0-82D9-4527-AFCE-27CFD7CEB4DD}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{8DC7BBEA-7D25-4744-83CD-9BA814588277}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{8DED0608-01F5-402A-9598-CC94F855E587}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{8F5A5C07-1278-41EF-922E-3F810955E928}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{90E94C9F-D558-4691-8502-215224EC3B3A}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{90F16C90-DBAD-42B3-8C39-6B27BC6E570E}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{91D49FB4-CED2-4DCD-8194-5C3EBDF4F8B6}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{95BF9945-C7F2-4EE8-A2B8-46813B5DFF3C}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{96B76296-73D8-4C3F-89F1-B1EAB3425CFA}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{982AB706-8D1C-49AD-AB9F-5589AC6CD540}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{994B6AE1-E435-4077-83F2-3ACC5CA39CCB}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{9982BF65-F885-4558-9F0A-6B6C0CD34B3B}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{9A337FB7-0E3A-44DD-B0D5-7D731DD9EB53}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{9A4104B2-F5EF-4A59-A0FB-BCD4B99B2A73}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{9B057429-B679-4695-933C-BCE536333D42}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{9F135E2D-D1AC-4ACD-BBD4-60E2A3CE37D9}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{A5240D5D-2777-4F01-8BFF-09D09FF5406E}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{A6C34005-7205-4CAD-AFBE-D204C6293FBA}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{ADF93548-69AA-440C-99FD-91FEEA0E1A5B}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{AFDA4028-02D2-4BC0-9710-190577AFB464}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{AFF15226-D833-4299-B1DF-8EEB5F148356}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{B07F820A-4138-41D1-A43A-CCDC28316A5B}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{B7F0A1A4-BA71-4F11-A26C-F53A139A6533}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{BA0F843E-DA49-41F3-BABE-B6B0C1F14A71}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{BC179B2C-39DC-4387-B3A8-4DA2446D9A60}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{BE57DB55-B053-42F4-B6AE-7EB9F87ED960}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{C01119D7-85D3-4D70-9512-7692F7D6B711}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{C07BD448-A410-4AE6-AE9E-7A673853BBD6}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{CC4373A3-D294-40EC-AC3E-BCF975F549E5}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{CD7B5315-3BD9-4BD7-98AD-F4CC63F1FB00}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{D16119AC-8371-47C8-8921-1C18936909A2}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{D3208576-512A-48FD-B837-620395EC526D}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{D4B873DF-B8E2-48E8-BBA1-3C85A4AB525C}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{D6D597E0-9C63-461C-B895-DCB25E193C2C}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{DA64D1DA-B894-45A5-823A-1BF3BAA60A65}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{DFD888C2-41B9-4099-815B-E44FEA3C8875}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{E2182604-8006-4A90-A692-183C147052FB}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{E38744DC-BEF3-4EE8-8B64-3938F15444EB}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{E512F0AC-4F64-4676-A80C-E1D2EC29E45A}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{E6D0A015-AD1F-4633-8A97-8AF9EBE61997}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{E9A6780D-E2C2-4CDF-917A-4B097CD3E55E}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{EB73650B-1FBA-4328-8CD9-6DE0130C593F}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{ED34105C-92EB-47B2-970B-25BD55D4DBA7}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{EEEE5956-5BC2-4437-ACEE-92EF7FF4DB4E}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{F06B6F82-2A78-4FED-97EB-D6AE622ACF93}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{F575347A-BB94-4023-B163-4E3CD3D01528}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{FB1BF308-1FF1-4DA7-ABBE-940086F9D016}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{FBDC19E0-AB62-4EE3-8EE9-FCAACDB879B4}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{FE0CA585-E8F8-4F59-B1FF-A26A82475F36}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{FE1F671B-B6B2-4AFC-BBD5-5EE27194A437}

Successfully deleted: [Empty Folder] C:\Users\Ben\appdata\local\{FFFA11C8-453D-4E24-8122-3A1459E73636}

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 08/04/2013 at 20:20:04.03

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Followed by the Silent Runners log:

"Silent Runners.vbs", revision 69, http://www.silentrunners.org/

Operating System: Microsoft Windows 7 Ultimate Service Pack 1 (32-bit)

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

APSDaemon = "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [Apple Inc.]

RTHDVCPL = C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [Realtek Semiconductor]

ZyngaGamesAgent = "C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [splashtop Inc.]

STCAgent = "C:\Program Files\Splashtop\Splashtop Connect IE\STCAgent.exe" [file not found]

IMSS = "C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [intel Corporation]

USB3MON = "C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [intel Corporation]

MSC = "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [MS]

avast = "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [AVAST Software]

QuickTime Task = "C:\Program Files\QuickTime\QTTask.exe" -atboottime [Apple Inc.]

Adobe ARM = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated]

LogMeIn Hamachi Ui = "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [LogMeIn Inc.]

OOCCCTRL.EXE = "C:\Program Files\OO Software\CleverCache\ooccctrl.exe" /tasktray [O&O Software GmbH]

iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe" [Apple Inc.]

SunJavaUpdateSched = "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [sun Microsystems, Inc.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = AcroIEHelperStub

-> {HKLM…CLSID} = Adobe PDF Link Helper

\InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe Systems Incorporated]

{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)

-> {HKLM…CLSID} = Groove GFS Browser Helper

\InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [MS]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

-> {HKLM…CLSID} = Java Plug-In SSV Helper

\InProcServer32\(Default) = C:\Program Files\Java\jre7\bin\ssv.dll [Oracle Corporation]

{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\(Default) = (no title provided)

-> {HKLM…CLSID} = avast! WebRep

\InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [AVAST Software]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)

-> {HKLM…CLSID} = Windows Live ID Sign-in Helper

\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]

{9FDDE16B-836F-4806-AB1F-1455CBEFF289}\(Default) = (no title provided)

-> {HKLM…CLSID} = Windows Live Messenger Companion Helper

\InProcServer32\(Default) = C:\Program Files\Windows Live\Companion\companioncore.dll [MS]

{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\(Default) = SkypeIEPluginBHO

-> {HKLM…CLSID} = Skype Browser Helper

\InProcServer32\(Default) = C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [skype Technologies S.A.]

{B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO

-> {HKLM…CLSID} = Office Document Cache Handler

\InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL [MS]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)

-> {HKLM…CLSID} = Java Plug-In 2 SSV Helper

\InProcServer32\(Default) = C:\Program Files\Java\jre7\bin\jp2ssv.dll [Oracle Corporation]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

00avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}

-> {HKLM…CLSID} = avast

\InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software]

1TortoiseNormal\(Default) = {C5994560-53D9-4125-87C9-F193FC689CB2}

-> {HKLM…CLSID} = TortoiseSVN

\InProcServer32\(Default) = C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [http://tortoisesvn.net]

2TortoiseModified\(Default) = {C5994561-53D9-4125-87C9-F193FC689CB2}

-> {HKLM…CLSID} = TortoiseSVN

\InProcServer32\(Default) = C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [http://tortoisesvn.net]

3TortoiseConflict\(Default) = {C5994562-53D9-4125-87C9-F193FC689CB2}

-> {HKLM…CLSID} = TortoiseSVN

\InProcServer32\(Default) = C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [http://tortoisesvn.net]

4TortoiseLocked\(Default) = {C5994563-53D9-4125-87C9-F193FC689CB2}

-> {HKLM…CLSID} = TortoiseSVN

\InProcServer32\(Default) = C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [http://tortoisesvn.net]

5TortoiseReadOnly\(Default) = {C5994564-53D9-4125-87C9-F193FC689CB2}

-> {HKLM…CLSID} = TortoiseSVN

\InProcServer32\(Default) = C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [http://tortoisesvn.net]

6TortoiseDeleted\(Default) = {C5994565-53D9-4125-87C9-F193FC689CB2}

-> {HKLM…CLSID} = TortoiseSVN

\InProcServer32\(Default) = C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [http://tortoisesvn.net]

7TortoiseAdded\(Default) = {C5994566-53D9-4125-87C9-F193FC689CB2}

-> {HKLM…CLSID} = TortoiseSVN

\InProcServer32\(Default) = C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [http://tortoisesvn.net]

8TortoiseIgnored\(Default) = {C5994567-53D9-4125-87C9-F193FC689CB2}

-> {HKLM…CLSID} = TortoiseSVN

\InProcServer32\(Default) = C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [http://tortoisesvn.net]

9TortoiseUnversioned\(Default) = {C5994568-53D9-4125-87C9-F193FC689CB2}

-> {HKLM…CLSID} = TortoiseSVN

\InProcServer32\(Default) = C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [http://tortoisesvn.net]

DropboxExt1\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}

-> {HKCU…CLSID} = DropboxExt

\InProcServer32\(Default) = C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.]

DropboxExt2\(Default) = {FB314EDA-A251-47B7-93E1-CDD82E34AF8B}

-> {HKCU…CLSID} = DropboxExt

\InProcServer32\(Default) = C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.]

DropboxExt3\(Default) = {FB314EDB-A251-47B7-93E1-CDD82E34AF8B}

-> {HKCU…CLSID} = DropboxExt

\InProcServer32\(Default) = C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.]

DropboxExt4\(Default) = {FB314EDC-A251-47B7-93E1-CDD82E34AF8B}

-> {HKCU…CLSID} = DropboxExt

\InProcServer32\(Default) = C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.]

Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = {99FD978C-D287-4F50-827F-B2C658EDA8E7}

-> {HKLM…CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)

\InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [MS]

Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}

-> {HKLM…CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub)

\InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [MS]

Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = {920E6DB1-9907-4370-B3A0-BAFC03D81399}

-> {HKLM…CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)

\InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [MS]

Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = {16F3DD56-1AF5-4347-846D-7C10C4192619}

-> {HKLM…CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder)

\InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [MS]

Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = {2916C86E-86A6-43FE-8112-43ABE6BF8DCC}

-> {HKLM…CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)

\InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [MS]

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt

-> {HKCU…CLSID} = DropboxExt

\InProcServer32\(Default) = C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.]

{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt

-> {HKCU…CLSID} = DropboxExt

\InProcServer32\(Default) = C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.]

{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt

-> {HKCU…CLSID} = DropboxExt

\InProcServer32\(Default) = C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.]

{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt

-> {HKCU…CLSID} = DropboxExt

\InProcServer32\(Default) = C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided)

-> {HKLM…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim

\InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim

-> {HKLM…CLSID} = Windows Live Photo Gallery Viewer Shim

\InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim

-> {HKLM…CLSID} = Windows Live Photo Gallery Editor Shim

\InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim

-> {HKLM…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim

\InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{A70C977A-BF00-412C-90B7-034C51DA2439} = NvCpl DesktopContext Class

-> {HKLM…CLSID} = DesktopContext Class

\InProcServer32\(Default) = C:\Program Files\NVIDIA Corporation\Display\nvui.dll [NVIDIA Corporation]

{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} = NVIDIA Play On My TV Context Menu Extension

-> {HKLM…CLSID} = NVIDIA CPL Context Menu Extension

\InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation]

{B41DB860-8EE4-11D2-9906-E49FADC173CA} = WinRAR shell extension

-> {HKLM…CLSID} = WinRAR

\InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

{72923739-5A47-40A3-9895-25AF0DFBB9E4} = Glary Utilities Context Menu Shell Extension

-> {HKLM…CLSID} = Glary Utilities Context Menu Shell Extension

\InProcServer32\(Default) = C:\PROGRA~1\GLARYU~1\CONTEX~1.DLL [Glarysoft Ltd]

{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler

-> {HKLM…CLSID} = (no title provided)

\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\msohevi.dll [MS]

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler

-> {HKLM…CLSID} = Microsoft Office Metadata Handler

\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler

-> {HKLM…CLSID} = Microsoft Office Thumbnail Handler

\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]

{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} = Groove Namespace Extension

-> {HKLM…CLSID} = Workspaces

\InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [MS]

{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search

-> {HKLM…CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search

\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL [MS]

{506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0}

-> {HKLM…CLSID} = ImageExtractorShellExt Class

\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS]

{D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF}

-> {HKLM…CLSID} = CInfoTipShellExt Class

\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS]

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} = Groove GFS Browser Helper

-> {HKLM…CLSID} = Groove GFS Browser Helper

\InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [MS]

{6C467336-8281-4E60-8204-430CED96822D} = Groove GFS Context Menu Handler

-> {HKLM…CLSID} = Groove GFS Context Menu Handler

\InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [MS]

{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} = Groove GFS Explorer Bar

-> {HKLM…CLSID} = Groove Folder Synchronization

\InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [MS]

{16F3DD56-1AF5-4347-846D-7C10C4192619} = Groove Explorer Icon Overlay 3 (GFS Folder)

-> {HKLM…CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder)

\InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [MS]

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook

-> {HKLM…CLSID} = Groove GFS Stub Execution Hook

\InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [MS]

{A449600E-1DC6-4232-B948-9BD794D62056} = Groove GFS Stub Icon Handler

-> {HKLM…CLSID} = Groove GFS Stub Icon Handler

\InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [MS]

{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} = Groove Explorer Icon Overlay 2 (GFS Stub)

-> {HKLM…CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub)

\InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [MS]

{920E6DB1-9907-4370-B3A0-BAFC03D81399} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)

-> {HKLM…CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)

\InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [MS]

{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)

-> {HKLM…CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)

\InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [MS]

{99FD978C-D287-4F50-827F-B2C658EDA8E7} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)

-> {HKLM…CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)

\InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [MS]

{387E725D-DC16-4D76-B310-2C93ED4752A0} = Groove XML Icon Handler

-> {HKLM…CLSID} = Groove XML Icon Handler

\InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [MS]

{00020D75-0000-0000-C000-000000000046} = Microsoft Outlook Desktop Icon Handler

-> {HKLM…CLSID} = Microsoft Outlook

\InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\MLSHEXT.DLL [MS]

{0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler

-> {HKLM…CLSID} = Outlook File Icon Extension

\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL [MS]

{30351348-7B7D-4FCC-81B4-1E394CA267EB} = TortoiseSVN

-> {HKLM…CLSID} = TortoiseSVN

\InProcServer32\(Default) = C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll [http://tortoisesvn.net]

{30351347-7B7D-4FCC-81B4-1E394CA267EB} = TortoiseSVN

-> {HKLM…CLSID} = TortoiseSVN

\InProcServer32\(Default) = C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll [http://tortoisesvn.net]

{3035134A-7B7D-4FCC-81B4-1E394CA267EB} = TortoiseSVN

-> {HKLM…CLSID} = TortoiseSVN

\InProcServer32\(Default) = C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll [http://tortoisesvn.net]

{3035134C-7B7D-4FCC-81B4-1E394CA267EB} = TortoiseSVN

-> {HKLM…CLSID} = TortoiseSVN

\InProcServer32\(Default) = C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll [http://tortoisesvn.net]

{30351346-7B7D-4FCC-81B4-1E394CA267EB} = TortoiseSVN

-> {HKLM…CLSID} = TortoiseSVN

\InProcServer32\(Default) = C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll [http://tortoisesvn.net]

{30351349-7B7D-4FCC-81B4-1E394CA267EB} = TortoiseSVN

-> {HKLM…CLSID} = TortoiseSVN

\InProcServer32\(Default) = C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll [http://tortoisesvn.net]

{3035134B-7B7D-4FCC-81B4-1E394CA267EB} = TortoiseSVN

-> {HKLM…CLSID} = TortoiseSVN

\InProcServer32\(Default) = C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll [http://tortoisesvn.net]

{3035134D-7B7D-4FCC-81B4-1E394CA267EB} = TortoiseSVN

-> {HKLM…CLSID} = TortoiseSVN

\InProcServer32\(Default) = C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll [http://tortoisesvn.net]

{3035134E-7B7D-4FCC-81B4-1E394CA267EB} = TortoiseSVN

-> {HKLM…CLSID} = TortoiseSVN

\InProcServer32\(Default) = C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll [http://tortoisesvn.net]

{3035134F-7B7D-4FCC-81B4-1E394CA267EB} = TortoiseSVN

-> {HKLM…CLSID} = TortoiseSVN

\InProcServer32\(Default) = C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll [http://tortoisesvn.net]

{30351350-7B7D-4FCC-81B4-1E394CA267EB} = TortoiseSVN

-> {HKLM…CLSID} = TortoiseSVN

\InProcServer32\(Default) = C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll [http://tortoisesvn.net]

{C5994560-53D9-4125-87C9-F193FC689CB2} = TortoiseOverlays

-> {HKLM…CLSID} = TortoiseSVN

\InProcServer32\(Default) = C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [http://tortoisesvn.net]

{C5994561-53D9-4125-87C9-F193FC689CB2} = TortoiseOverlays

-> {HKLM…CLSID} = TortoiseSVN

\InProcServer32\(Default) = C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [http://tortoisesvn.net]

{C5994562-53D9-4125-87C9-F193FC689CB2} = TortoiseOverlays

-> {HKLM…CLSID} = TortoiseSVN

\InProcServer32\(Default) = C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [http://tortoisesvn.net]

{C5994563-53D9-4125-87C9-F193FC689CB2} = TortoiseOverlays

-> {HKLM…CLSID} = TortoiseSVN

\InProcServer32\(Default) = C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [http://tortoisesvn.net]

{C5994564-53D9-4125-87C9-F193FC689CB2} = TortoiseOverlays

-> {HKLM…CLSID} = TortoiseSVN

\InProcServer32\(Default) = C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [http://tortoisesvn.net]

{C5994565-53D9-4125-87C9-F193FC689CB2} = TortoiseOverlays

-> {HKLM…CLSID} = TortoiseSVN

\InProcServer32\(Default) = C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [http://tortoisesvn.net]

{C5994566-53D9-4125-87C9-F193FC689CB2} = TortoiseOverlays

-> {HKLM…CLSID} = TortoiseSVN

\InProcServer32\(Default) = C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [http://tortoisesvn.net]

{C5994567-53D9-4125-87C9-F193FC689CB2} = TortoiseOverlays

-> {HKLM…CLSID} = TortoiseSVN

\InProcServer32\(Default) = C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [http://tortoisesvn.net]

{C5994568-53D9-4125-87C9-F193FC689CB2} = TortoiseOverlays

-> {HKLM…CLSID} = TortoiseSVN

\InProcServer32\(Default) = C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [http://tortoisesvn.net]

{09A47860-11B0-4DA5-AFA5-26D86198A780} = EPP

-> {HKLM…CLSID} = (no title provided)

\InProcServer32\(Default) = C:\PROGRA~1\MI8079~1\shellext.dll [MS]

{472083B0-C522-11CF-8763-00608CC02F24} = avast

-> {HKLM…CLSID} = avast

\InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software]

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes

-> {HKLM…CLSID} = iTunes

\InProcServer32\(Default) = C:\Program Files\iTunes\iTunesMiniPlayer.dll [Apple Inc.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<<!>> {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook

-> {HKLM…CLSID} = Groove GFS Stub Execution Hook

\InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [MS]

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\

<<!>> BootExecute = PDBoot.exe [Raxco Software, Inc.]|autocheck autochk *

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = {807573E5-5146-11D5-A672-00B0D022E945}

-> {HKLM…CLSID} = Microsoft Office InfoPath XML Mime Filter

\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

<<!>> livecall\CLSID = {828030A1-22C1-4009-854F-8E305202313F}

-> {HKLM…CLSID} = (no title provided)

\InProcServer32\(Default) = C:\Program Files\Windows Live\Messenger\msgrapp.dll [MS]

<<!>> ms-help\CLSID = {314111c7-a502-11d2-bbca-00c04f8ec294}

-> {HKLM…CLSID} = HxProtocol Class

\InProcServer32\(Default) = c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [MS]

<<!>> msnim\CLSID = {828030A1-22C1-4009-854F-8E305202313F}

-> {HKLM…CLSID} = (no title provided)

\InProcServer32\(Default) = C:\Program Files\Windows Live\Messenger\msgrapp.dll [MS]

<<!>> skype-ie-addon-data\CLSID = {91774881-D725-4E58-B298-07617B9B86A8}

-> {HKLM…CLSID} = Skype IE add-on Pluggable Protocol

\InProcServer32\(Default) = C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [skype Technologies S.A.]

<<!>> skype4com\CLSID = {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}

-> {HKLM…CLSID} = IEProtocolHandler Class

\InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL [skype Technologies]

<<!>> wlmailhtml\CLSID = {03C514A3-1EFB-4856-9F99-10D7BE1653C0}

-> {HKLM…CLSID} = Windows Live Mail HTML Asynchronous Pluggable Protocol Handler

\InProcServer32\(Default) = C:\Program Files\Windows Live\Mail\mailcomm.dll [MS]

<<!>> wlpg\CLSID = {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}

-> {HKLM…CLSID} = Album Download IE Asynchronous Pluggable Protocol Interface

\InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll [MS]

HKCU\Software\Classes\*\shellex\ContextMenuHandlers\

DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}

-> {HKCU…CLSID} = DropboxExt

\InProcServer32\(Default) = C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}

-> {HKLM…CLSID} = avast

\InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software]

EPP\(Default) = {09A47860-11B0-4DA5-AFA5-26D86198A780}

-> {HKLM…CLSID} = (no title provided)

\InProcServer32\(Default) = C:\PROGRA~1\MI8079~1\shellext.dll [MS]

Glary Utilities\(Default) = {72923739-5A47-40A3-9895-25AF0DFBB9E4}

-> {HKLM…CLSID} = Glary Utilities Context Menu Shell Extension

\InProcServer32\(Default) = C:\PROGRA~1\GLARYU~1\CONTEX~1.DLL [Glarysoft Ltd]

Notepad++\(Default) = {00F3C2EC-A6EE-11DE-A03A-EF8F55D89593}

-> {HKLM…CLSID} = Notepad++

\InProcServer32\(Default) = C:\Program Files\Notepad++\NppShell_04.dll [null data]

PhotoStreamsExt\(Default) = {89D984B3-813B-406A-8298-118AFA3A22AE}

-> {HKLM…CLSID} = ContextMenuHandler Class

\InProcServer32\(Default) = C:\Program Files\Common Files\Apple\Internet Services\ShellStreams.dll [Apple Inc.]

TortoiseSVN\(Default) = {30351349-7B7D-4FCC-81B4-1E394CA267EB}

-> {HKLM…CLSID} = TortoiseSVN

\InProcServer32\(Default) = C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll [http://tortoisesvn.net]

WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}

-> {HKLM…CLSID} = WinRAR

\InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}

-> {HKLM…CLSID} = Groove GFS Context Menu Handler

\InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [MS]

HKLM\SOFTWARE\Classes\*\shellex\PropertySheetHandlers\

TortoiseSVN\(Default) = {30351349-7B7D-4FCC-81B4-1E394CA267EB}

-> {HKLM…CLSID} = TortoiseSVN

\InProcServer32\(Default) = C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll [http://tortoisesvn.net]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

00avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}

-> {HKLM…CLSID} = avast

\InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software]

MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

-> {HKLM…CLSID} = MBAMShlExt Class

\InProcServer32\(Default) = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]

XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}

-> {HKLM…CLSID} = Groove GFS Context Menu Handler

\InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [MS]

HKCU\Software\Classes\Directory\shellex\ContextMenuHandlers\

DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}

-> {HKCU…CLSID} = DropboxExt

\InProcServer32\(Default) = C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

EPP\(Default) = {09A47860-11B0-4DA5-AFA5-26D86198A780}

-> {HKLM…CLSID} = (no title provided)

\InProcServer32\(Default) = C:\PROGRA~1\MI8079~1\shellext.dll [MS]

TortoiseSVN\(Default) = {30351349-7B7D-4FCC-81B4-1E394CA267EB}

-> {HKLM…CLSID} = TortoiseSVN

\InProcServer32\(Default) = C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll [http://tortoisesvn.net]

WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}

-> {HKLM…CLSID} = WinRAR

\InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}

-> {HKLM…CLSID} = Groove GFS Context Menu Handler

\InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [MS]

HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\

FileZilla3CopyHook\(Default) = {DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}

-> {HKLM…CLSID} = FileZilla 3 Shell Extension

\InProcServer32\(Default) = C:\Program Files\FileZilla FTP Client\fzshellext.dll [null data]

TortoiseSVN\(Default) = {30351349-7B7D-4FCC-81B4-1E394CA267EB}

-> {HKLM…CLSID} = TortoiseSVN

\InProcServer32\(Default) = C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll [http://tortoisesvn.net]

WinSCPCopyHook\(Default) = {E15E1D68-0D1C-49F7-BEB8-812B1E00FA60}

-> {HKLM…CLSID} = WinSCP Shell Extension

\InProcServer32\(Default) = C:\Program Files\WinSCP\DragExt.dll [Martin Prikryl]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

TortoiseSVN\(Default) = {3035134A-7B7D-4FCC-81B4-1E394CA267EB}

-> {HKLM…CLSID} = TortoiseSVN

\InProcServer32\(Default) = C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll [http://tortoisesvn.net]

WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}

-> {HKLM…CLSID} = WinRAR

\InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

HKLM\SOFTWARE\Classes\Directory\shellex\PropertySheetHandlers\

TortoiseSVN\(Default) = {30351349-7B7D-4FCC-81B4-1E394CA267EB}

-> {HKLM…CLSID} = TortoiseSVN

\InProcServer32\(Default) = C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll [http://tortoisesvn.net]

HKCU\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\

DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}

-> {HKCU…CLSID} = DropboxExt

\InProcServer32\(Default) = C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

NvCplDesktopContext\(Default) = {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9}

-> {HKLM…CLSID} = NVIDIA CPL Context Menu Extension

\InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation]

TortoiseSVN\(Default) = {30351349-7B7D-4FCC-81B4-1E394CA267EB}

-> {HKLM…CLSID} = TortoiseSVN

\InProcServer32\(Default) = C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll [http://tortoisesvn.net]

XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}

-> {HKLM…CLSID} = Groove GFS Context Menu Handler

\InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{30351349-7B7D-4FCC-81B4-1E394CA267EB}\(Default) = (no title provided)

-> {HKLM…CLSID} = TortoiseSVN

\InProcServer32\(Default) = C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll [http://tortoisesvn.net]

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info

-> {HKLM…CLSID} = PDF Shell Extension

\InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}

-> {HKLM…CLSID} = avast

\InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software]

Glary Utilities\(Default) = {72923739-5A47-40A3-9895-25AF0DFBB9E4}

-> {HKLM…CLSID} = Glary Utilities Context Menu Shell Extension

\InProcServer32\(Default) = C:\PROGRA~1\GLARYU~1\CONTEX~1.DLL [Glarysoft Ltd]

MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

-> {HKLM…CLSID} = MBAMShlExt Class

\InProcServer32\(Default) = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]

TortoiseSVN\(Default) = {30351349-7B7D-4FCC-81B4-1E394CA267EB}

-> {HKLM…CLSID} = TortoiseSVN

\InProcServer32\(Default) = C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll [http://tortoisesvn.net]

WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}

-> {HKLM…CLSID} = WinRAR

\InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}

-> {HKLM…CLSID} = Groove GFS Context Menu Handler

\InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

TortoiseSVN\(Default) = {3035134A-7B7D-4FCC-81B4-1E394CA267EB}

-> {HKLM…CLSID} = TortoiseSVN

\InProcServer32\(Default) = C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll [http://tortoisesvn.net]

WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}

-> {HKLM…CLSID} = WinRAR

\InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

{E5BA42A9-BF3F-40B3-978A-CCD306F381A7}\(Default) = (no title provided)

-> {HKLM…CLSID} = Compressed (LZH) Folder Right Drag Handler

\InProcServer32\(Default) = C:\Windows\system32\lzhfldr2.dll [MS]

Default executables:

--------------------

.bat

HKCU\Software\Classes\.bat\(Default) = batfile

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\

NoChangingWallpaper = (REG_DWORD) dword:0x00000000

{User Configuration|Administrative Templates|Control Panel|Display|

Disable changing wallpaper}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoDrives = (REG_DWORD) dword:0x00000000

{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoDrives = (REG_DWORD) dword:0x00000000

{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

DisableRegistryTools = (REG_DWORD) dword:0x00000000

{User Configuration|Administrative Templates|System|

Prevent access to registry editing tools}

DisableTaskMgr = (REG_DWORD) dword:0x00000000

{unrecognized setting}

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\

HomePage = (REG_SZ) 1

{Computer Configuration|Administrative Templates|Windows Components|Internet Explorer|

Disable changing home page settings}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

ConsentPromptBehaviorAdmin = (REG_DWORD) dword:0x00000000

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}

EnableLUA = (REG_DWORD) dword:0x00000000

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Run All Administrators In Admin Approval Mode}

PromptOnSecureDesktop = (REG_DWORD) dword:0x00000000

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Switch to the secure desktop when prompting for elevation}

DisableRegistryTools = (REG_DWORD) dword:0x00000000

{unrecognized setting}

Active Desktop and Wallpaper:

-----------------------------

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

Wallpaper = C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

Enabled Screen Saver:

---------------------

HKCU\Control Panel\Desktop\

SCRNSAVE.EXE = C:\Windows\system32\logon.scr [file not found]

Windows Portable Device AutoPlay Handlers

-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

HPAutoplayPSE\

Provider = HP Photosmart Essential 2.01

InvokeProgID = HpqPSApl.Autoplay

InvokeVerb = Play

HKLM\SOFTWARE\Classes\HpqPSApl.Autoplay\shell\Play\DropTarget\CLSID = {A6873065-D632-4615-A3A9-C5F05EE109C1}

-> {HKLM…CLSID} = (no title provided)

\LocalServer32\(Default) = C:\Program Files\HP\Digital Imaging\bin\HpqPsApl.exe [Hewlett-Packard]

iTunesBurnCDOnArrival\

Provider = iTunes

InvokeProgID = iTunes.BurnCD

InvokeVerb = burn

HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L" [Apple Inc.]

iTunesImportSongsOnArrival\

Provider = iTunes

InvokeProgID = iTunes.ImportSongsOnCD

InvokeVerb = import

HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L" [Apple Inc.]

iTunesPlaySongsOnArrival\

Provider = iTunes

InvokeProgID = iTunes.PlaySongsOnCD

InvokeVerb = play

HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /playCD "%L" [Apple Inc.]

iTunesShowSongsOnArrival\

Provider = iTunes

InvokeProgID = iTunes.ShowSongsOnCD

InvokeVerb = showsongs

HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L" [Apple Inc.]

MSLivePhotoAcqHWEventHandler\

Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10

ProgID = Microsoft.LivePhotoAcqHWEventHandler

HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqHWEventHandler\CLSID\(Default) = {3BD0ACD1-71CA-4475-92CC-E0AA0AAF843F}

-> {HKLM…CLSID} = (no title provided)

\LocalServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [MS]

MSLivePhotoAcquireDropHandler\

Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10

InvokeProgID = Microsoft.LivePhotoAcqDTShim.1

InvokeVerb = open

HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625}

-> {HKLM…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim

\InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

MSLiveShowPicturesOnArrival\

Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10

InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1

InvokeVerb = open

HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7}

-> {HKLM…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim

\InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

MSLiveVideoCameraArrivalCaptureWizard\

Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10

ProgID = WLXAutoPlayMgr.WLXHWEventHandler

InitCmdLine = WLXVideoAcquireWizard

HKLM\SOFTWARE\Classes\WLXAutoPlayMgr.WLXHWEventHandler\CLSID\(Default) = {9B5C97F6-B3A5-4A6D-8B03-993EC7291A22}

-> {HKLM…CLSID} = WLXWEventHandler Class

\LocalServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\WLXVideoCameraAutoPlayManager.exe" [MS]

VLCPlayCDAudioOnArrival\

Provider = VideoLAN VLC media player

InvokeProgID = VLC.CDAudio

InvokeVerb = Open

HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file cdda:///%1 [VideoLAN]

VLCPlayDVDAudioOnArrival\

Provider = VideoLAN VLC media player

InvokeProgID = VLC.OPENFolder

InvokeVerb = Open

HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]

VLCPlayDVDMovieOnArrival\

Provider = VideoLAN VLC media player

InvokeProgID = VLC.DVDMovie

InvokeVerb = Open

HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file dvd:///%1 [VideoLAN]

VLCPlayMusicFilesOnArrival\

Provider = VideoLAN VLC media player

InvokeProgID = VLC.OPENFolder

InvokeVerb = Open

HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]

VLCPlaySVCDMovieOnArrival\

Provider = VideoLAN VLC media player

InvokeProgID = VLC.SVCDMovie

InvokeVerb = Open

HKLM\SOFTWARE\Classes\VLC.SVCDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN]

VLCPlayVCDMovieOnArrival\

Provider = VideoLAN VLC media player

InvokeProgID = VLC.VCDMovie

InvokeVerb = Open

HKLM\SOFTWARE\Classes\VLC.VCDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN]

VLCPlayVideoFilesOnArrival\

Provider = VideoLAN VLC media player

InvokeProgID = VLC.OPENFolder

InvokeVerb = Open

HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]

WIA_{7B8D3C88-5134-4626-B585-0BB47BE06D5C}\

Provider = Microsoft Word

CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}

InitCmdLine = /WiaCmd;C:\Program Files\Microsoft Office\Office14\WINWORD.EXE /IMG_WIA;

-> {HKLM…CLSID} = WPDShextAutoplay

\LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]

WinampMTPHandler\

Provider = Winamp

ProgID = Shell.HWEventHandlerShellExecute

InitCmdLine = C:\Program Files\Winamp\winamp.exe

HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}

-> {HKLM…CLSID} = Shell Execute Hardware Event Handler

\LocalServer32\(Default) = C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS]

WinampPlayMediaOnArrival\

Provider = Winamp

InvokeProgID = Winamp.File

InvokeVerb = Play

HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = "C:\Program Files\Winamp\winamp.exe" "%1" [Nullsoft, Inc.]

HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = {46986115-84D6-459c-8F95-52DD653E532E}

-> {HKLM…CLSID} = (no title provided)

\LocalServer32\(Default) = "C:\Program Files\Winamp\winamp.exe" [Nullsoft, Inc.]

Startup items in "Ben" & "All Users" startup folders:

-----------------------------------------------------

C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup {++}

Dropbox -> shortcut to: C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [Dropbox, Inc.]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup {++}

UltraMon -> shortcut to: C:\Windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico /auto [null data]

Windows Sidebar Gadgets: {++}

------------------------

C:\Users\Ben\AppData\Local\Microsoft\Windows Sidebar\Settings.ini

"C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CClock.Gadget"

"C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CCurrency.Gadget"

"C:%5CUsers%5CBen%5CAppData%5CLocal%5CMicrosoft%5CWindows%20Sidebar%5CGadgets%5CAll_CPU_Meter_V4.5.gadget"

"C:%5CUsers%5CBen%5CAppData%5CLocal%5CMicrosoft%5CWindows%20Sidebar%5CGadgets%5CNetwork_Meter_V8.5.gadget"

"C:%5CUsers%5CBen%5CAppData%5CLocal%5CMicrosoft%5CWindows%20Sidebar%5CGadgets%5CDrives_Meter_V4.1.gadget"

Non-disabled Scheduled Tasks: {++}

-----------------------------

C:\Windows\System32\Tasks

Adobe Flash Player Updater -> launches: C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]

avast! Emergency Update -> (HIDDEN!) launches: C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [AVAST Software]

GlaryInitialize -> launches: C:\Program Files\Glary Utilities\initialize.exe [Glarysoft Ltd]

GoogleUpdateTaskMachineCore -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /c [Google Inc.]

GoogleUpdateTaskMachineUA -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]

GoogleUpdateTaskUserS-1-5-21-956322425-969636760-2544637902-1000Core -> launches: C:\Users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe /c [Google Inc.]

GoogleUpdateTaskUserS-1-5-21-956322425-969636760-2544637902-1000UA -> launches: C:\Users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]

SidebarExecute -> launches: C:\Program Files\Windows Sidebar\sidebar.exe [MS]

User_Feed_Synchronization-{2DD9BCB2-E15F-44F5-AD0F-87C99CDA2616} -> (HIDDEN!) launches: C:\Windows\system32\msfeedssync.exe sync [MS]

{038A4749-472C-4F7F-B5E1-A5EC17603F55} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Program files\Bohemia Interactive\ArmA 2\UnInstall_OA.exe" [MS]

{0E617D00-A9E4-41D2-BB06-F904F1EB3312} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Program Files\Steam\steam.exe" -c steam://uninstall/42710 [MS]

{2B2172DE-8155-4238-84B2-08E8B2D72D84} -> launches: C:\Windows\system32\pcalua.exe -a C:\Users\Ben\Desktop\Left2Die_v100_to_v101_patch\Setup.exe -d C:\Users\Ben\Desktop\Left2Die_v100_to_v101_patch [MS]

{A394F893-50AC-4AA2-8B77-1962086C58FD} -> launches: C:\Program Files\Steam\steamapps\common\payday the heist\payday_win32_release.exe [null data]

{C3A4B18C-FD4D-4F76-9FF0-8950DD4A88B3} -> launches: C:\Program Files\Steam\steamapps\common\payday the heist\payday_win32_release.exe [null data]

{E2D65346-2165-49B9-94D4-5A76CBA10FFB} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Games\Dragon Age\DAO-Modmanager_1_9d-277\mods\dazip\Dragon_Age_Redesigned_-686\Dragon Age Redesigned Version 7.3d\Dragon Age Origins\Companion NPCs for Origins\Zevran\Dragon Age Redesigned- Zevran.exe" -d "C:\Games\Dragon Age\DAO-Modmanager_1_9d-277\mods\dazip\Dragon_Age_Redesigned_-686\Dragon Age Redesigned Version 7.3d\Dragon Age Origins\Companion NPCs for Origins\Zevran" [MS]

{F1CAE40F-D954-4EBF-9BE3-3F6E5BAB5327} -> launches: C:\Windows\system32\pcalua.exe -a C:\Users\Ben\Downloads\Sequoia1.3Install.exe -d C:\Users\Ben\Downloads [MS]

{FC5C98D8-B45F-441C-B8F2-5E1F92F562C2} -> launches: C:\Windows\system32\pcalua.exe -a F:\Setup.exe -d F:\ [MS]

C:\Windows\System32\Tasks\Apple

AppleSoftwareUpdate -> launches: C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task [Apple Inc.]

C:\Windows\System32\Tasks\Microsoft\Microsoft Antimalware

MpIdleTask -> launches: C:\Program Files\Microsoft Security Client\MpCmdRun.exe -IdleTask -TaskName MpIdleTask [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client

AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}

-> {HKLM…CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler

\InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience

AitAgent -> launches: aitagent [MS]

ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Autochk

Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth

UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient

SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}

-> {HKLM…CLSID} = Certificate Services Client Task Handler

\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}

-> {HKLM…CLSID} = Certificate Services Client Task Handler

\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program

Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS]

KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c}

-> {HKLM…CLSID} = KernelCeipCustomHandler

\InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS]

UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}

-> {HKLM…CLSID} = UsbCeip

\InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis

Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3}

-> {HKLM…CLSID} = ScheduledDiagnosticCustomHandler

\InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Location

Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Media Center

ActivateWindowsSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS]

ConfigureInternetTimeService -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS]

DispatchRecoveryTasks -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS]

ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS]

InstallPlayReady -> launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS]

mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS]

MediaCenterRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS]

ObjectStoreRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS]

OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS]

OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS]

PBDADiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS]

PBDADiscoveryW1 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS]

PBDADiscoveryW2 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS]

PvrRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS]

PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS]

RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS]

ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS]

SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS]

UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic

CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}

-> {HKLM…CLSID} = MemoryDiagnosticCustomHandler

\InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]

DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}

-> {HKLM…CLSID} = MemoryDiagnosticCustomHandler

\InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC

HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E}

-> {HKLM…CLSID} = HotStart User Agent

\InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MUI

Lpksetup -> launches: C:\Windows\System32\lpksetup.exe -v [MS]

LPRemove -> launches: %windir%\system32\lpremove.exe [MS]

Mcbuilder -> launches: C:\Windows\System32\mcbuilder.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia

SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}

-> {HKLM…CLSID} = Microsoft PlaySoundService Class

\InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace

GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics

AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RAC

RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6}

-> {HKLM…CLSID} = ReliabilityAnalysisCustomHandler

\InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Ras

MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa}

-> {HKLM…CLSID} = RasMobilityManager

\InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Registry

RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2}

-> {HKLM…CLSID} = RegistryIdleBackupHandler

\InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance

RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SideShow

GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61}

-> {HKLM…CLSID} = GadgetsManager Class

\InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore

SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager

Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4}

-> {HKLM…CLSID} = RunTask

\InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip

IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS]

IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework

MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}

-> {HKLM…CLSID} = MsCtfMonitor task handler

\InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization

SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\UPnP

UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WDI

ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}

-> {HKLM…CLSID} = DiagnosticInfrastructureCustomHandler

\InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting

QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform

BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing

UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup

ConfigNotification -> launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Wininet

CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148}

-> {HKLM…CLSID} = Wininet Cache task object

\InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE

Extractor Definitions Update Task -> launches: {3519154C-227E-47F3-9CC9-12C3F05817F1}

-> {HKLM…CLSID} = Windows Live Social Object Extractor Engine Definition Updater

\InProcServer32\(Default) = C:\Program Files\Windows Live\SOXE\wlsoxe.dll [MS]

C:\Windows\System32\Tasks\PCMeter

Startup -> launches: C:\Users\Ben\Downloads\PCMeter\PCMeter\PCMeterV0.3.exe [null data]

C:\Windows\System32\Tasks\WPD

SqmUpload_S-1-5-21-956322425-969636760-2544637902-1000 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS]

Winsock2 Service Provider DLLs:

-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]

000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]

000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]

000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]

000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]

000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]

000000000007\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]

000000000008\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]

000000000009\LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll [Apple Inc.]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 36

Toolbars, Explorer Bars, Extensions:

------------------------------------

Toolbars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\

{8E5E2654-AD2D-48BF-AC2D-D17F00898D06} = (no title provided)

-> {HKLM…CLSID} = avast! WebRep

\InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [AVAST Software]

Explorer Bars

HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = Groove Folder Synchronization

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\

{0000036B-C524-4050-81A0-243669A86B9F}\

ButtonText = @C:\Program Files\Windows Live\Companion\companionlang.dll,-600

CLSIDExtension = {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3}

-> {HKLM…CLSID} = Windows Live Messenger Companion Command Bar Button

\InProcServer32\(Default) = C:\Program Files\Windows Live\Companion\companioncore.dll [MS]

{219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\

ButtonText = @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004

MenuText = @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003

CLSIDExtension = {5F7B1267-94A9-47F5-98DB-E99415F33AEC}

-> {HKLM…CLSID} = BlogThisToolbarButton Class

\InProcServer32\(Default) = C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [MS]

{2670000A-7350-4F3C-8081-5663EE0C6C49}\

ButtonText = Send to OneNote

MenuText = Se&nd to OneNote

CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}

-> {HKLM…CLSID} = Send to OneNote from Internet Explorer button

\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll [MS]

{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\

ButtonText = OneNote Lin&ked Notes

MenuText = OneNote Lin&ked Notes

CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52}

-> {HKLM…CLSID} = Linked Notes button

\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [MS]

{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\

ButtonText = Skype Click to Call

CLSIDExtension = {898EA8C8-E7FF-479B-8935-AEC46303B9E5}

-> {HKLM…CLSID} = Skype Browser Helper

\InProcServer32\(Default) = C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [skype Technologies S.A.]

Internet Explorer Address Prefixes:

-----------------------------------

Prefix for specific service (i.e., "www")

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\

<<H>> = http://www.google.com/

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated]

Apple Mobile Device, Apple Mobile Device, "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [Apple Inc.]

AsusSE, AsusSE, C:\Program Files\ASUS\PCE-N15 WLAN Card Utilities\RtlService.exe [Realtek]

avast! Antivirus, avast! Antivirus, "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [AVAST Software]

HP CUE DeviceDiscovery Service, hpqddsvc, C:\Windows\system32\svchost.exe -k hpdevmgmt {C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [Hewlett-Packard Co.]}

hpqcxs08, hpqcxs08, C:\Windows\system32\svchost.exe -k hpdevmgmt {C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [Hewlett-Packard Co.]}

Intel® Management and Security Application Local Management Service, LMS, C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe [intel Corporation]

iPod Service, iPod Service, "C:\Program Files\iPod\bin\iPodService.exe" [Apple Inc.]

LogMeIn Hamachi Tunneling Engine, Hamachi2Svc, "C:\Program Files\LogMeIn Hamachi\hamachi-2.exe" -s [LogMeIn Inc.]

Microsoft Antimalware Service, MsMpSvc, "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [MS]

NVIDIA Display Driver Service, nvsvc, "C:\Windows\system32\nvvsvc.exe" [NVIDIA Corporation]

NVIDIA Stereoscopic 3D Driver Service, Stereo Service, "C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" [NVIDIA Corporation]

O&O CleverCache, OOCleverCache, "C:\Program Files\OO Software\CleverCache\ooccag.exe" [O&O Software GmbH]

PnkBstrA, PnkBstrA, C:\Windows\system32\PnkBstrA.exe [null data]

SQL Server (SQLEXPRESS), MSSQL$SQLEXPRESS, "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [MS]

SQL Server VSS Writer, SQLWriter, "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [MS]

Windows Live ID Sign-in Assistant, wlidsvc, "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [MS]

Safe Mode Drivers & Services (subkey name, subkey default value):

-----------------------------------------------------------------

HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\

<<!>> 63108623.sys, Driver

<<!>> MsMpSvc, Service

HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

<<!>> 63108623.sys, Driver

<<!>> Hamachi2Svc, Service

<<!>> MsMpSvc, Service

<<!>> SprtListen, Service

<<!>> SprtListenPush, Service

<<!>> SupportSoft RemoteAssist, Service

Print Monitors:

---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\

LIDIL hpzll5ha\Driver = hpzll5ha.dll [Hewlett-Packard Company]

---------- (launch time: 2013-04-08 20:28:14)

<<!>>: Suspicious data at a malware launch point.

<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer "No" at the

first message box and "Yes" at the second message box.

---------- (total run time: 29 seconds, including 5 seconds for message boxes)

fsquirt did pop up after the Junkware run however.

Infected with ransomware and fsquirt/sftwed redirect

Recommended Posts

Link to post

Share on other sites

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information