Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Easy way to removed win32/small ca virus

  • 05-04-2013 6:29pm
    #1
    Banned (with Prison Access) Posts: 559 ✭✭✭


    I have been trying to removed win32/small ca virus from my computer which is proving impossible to do, any suggestion anyone please.


Comments

  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    what is finding it ?


    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Quick Scan button. Do not change any settings. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files here


  • Registered Users, Registered Users 2 Posts: 3,225 ✭✭✭Keith186


    Hello,

    I have the same virus notification from Action Centre in Windows 7. The message appeared back in February but it was automatically archived somehow and I only noticed it recently.

    I've ran several anti-virus scans that came back clean but I don't know what suspicious stuff to look for, computer doesn't seem like it has a virus either but I'd like to be sure.

    Should I post an OTL log here or in a new thread? Should I set the scan to more than 30 days so it goes back before the day the message in Action Centre appeared?

    Thanks for any advice.


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    you can post the otl log here, can leave it at 30 days.


  • Registered Users, Registered Users 2 Posts: 3,225 ✭✭✭Keith186


    Cool, thanks.

    OTL logfile created on: 13/04/2013 21:47:11 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Keith\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16540)
    Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    3.79 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 61.45% Memory free
    7.52 Gb Paging File | 5.43 Gb Available in Paging File | 72.21% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 92.92 Gb Total Space | 2.86 Gb Free Space | 3.08% Space Free | Partition Type: NTFS

    Computer Name: KEITH-PC | User Name: Keith | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/04/13 21:45:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Keith\Downloads\OTL.exe
    PRC - [2013/04/12 20:12:51 | 001,104,280 | ---- | M] (Spotify Ltd) -- C:\Users\Keith\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    PRC - [2013/03/18 21:12:12 | 007,366,656 | ---- | M] (Google Inc.) -- C:\Users\Keith\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
    PRC - [2013/03/14 13:14:26 | 002,912,304 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
    PRC - [2013/03/12 08:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\Keith\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2013/02/28 21:36:18 | 000,275,544 | ---- | M] (Unified Intents AB) -- C:\Program Files (x86)\Unified Remote\RemoteServer.exe
    PRC - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/07/19 22:59:35 | 000,193,536 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\irstrtsv.exe
    PRC - [2012/07/19 22:59:26 | 000,704,512 | ---- | M] (Intel) -- C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
    PRC - [2012/05/30 20:55:26 | 001,112,968 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
    PRC - [2012/05/02 08:03:44 | 002,279,304 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
    PRC - [2012/04/25 13:18:10 | 000,784,264 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
    PRC - [2012/04/13 11:12:00 | 000,088,576 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    PRC - [2012/02/13 15:02:24 | 000,031,624 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
    PRC - [2012/01/31 15:56:48 | 001,640,328 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
    PRC - [2011/12/19 11:12:06 | 004,467,280 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
    PRC - [2011/11/14 09:14:24 | 000,995,392 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    PRC - [2011/11/14 09:14:20 | 001,355,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    PRC - [2011/11/14 09:13:58 | 000,921,664 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    PRC - [2011/11/14 09:13:52 | 000,839,744 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
    PRC - [2011/10/21 10:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
    PRC - [2011/08/17 08:19:18 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    PRC - [2011/08/09 02:44:56 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2011/08/09 02:44:54 | 000,325,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2011/02/25 02:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE


    ========== Modules (No Company Name) ==========

    MOD - [2013/04/09 09:57:07 | 000,390,096 | ---- | M] () -- C:\Users\Keith\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
    MOD - [2013/04/09 09:57:06 | 013,130,704 | ---- | M] () -- C:\Users\Keith\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
    MOD - [2013/04/09 09:57:05 | 004,050,896 | ---- | M] () -- C:\Users\Keith\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
    MOD - [2013/04/09 09:56:15 | 000,598,480 | ---- | M] () -- C:\Users\Keith\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll
    MOD - [2013/04/09 09:56:14 | 000,124,368 | ---- | M] () -- C:\Users\Keith\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll
    MOD - [2013/04/09 09:56:13 | 001,606,096 | ---- | M] () -- C:\Users\Keith\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
    MOD - [2013/03/18 21:01:08 | 000,344,064 | ---- | M] () -- C:\Users\Keith\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
    MOD - [2013/03/18 21:00:52 | 000,231,936 | ---- | M] () -- C:\Users\Keith\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
    MOD - [2013/03/18 21:00:26 | 000,253,440 | ---- | M] () -- C:\Users\Keith\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
    MOD - [2013/03/18 21:00:14 | 000,117,248 | ---- | M] () -- C:\Users\Keith\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
    MOD - [2013/02/27 20:33:20 | 000,026,624 | ---- | M] () -- C:\Users\Keith\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
    MOD - [2013/02/27 20:33:06 | 010,683,392 | ---- | M] () -- C:\Users\Keith\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
    MOD - [2013/02/27 20:33:02 | 001,681,408 | ---- | M] () -- C:\Users\Keith\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
    MOD - [2013/02/27 20:32:58 | 007,741,952 | ---- | M] () -- C:\Users\Keith\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
    MOD - [2013/02/27 20:32:56 | 002,248,192 | ---- | M] () -- C:\Users\Keith\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
    MOD - [2013/02/15 23:40:29 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
    MOD - [2013/02/15 23:08:41 | 013,199,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\806c4ba7d696ab586ffd774a31f1a66b\System.Windows.Forms.ni.dll
    MOD - [2013/01/13 14:52:56 | 018,080,256 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\e464dc608a88955a0edccba917d207de\System.ServiceModel.ni.dll
    MOD - [2013/01/13 14:50:42 | 002,647,040 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\48ee0e1de873152ec7e85d7456c1cc09\System.Runtime.Serialization.ni.dll
    MOD - [2013/01/13 14:50:40 | 000,393,216 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\84068bac0b3859c94652214e0b90dfc6\System.Xml.Linq.ni.dll
    MOD - [2013/01/13 14:47:05 | 000,220,672 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\5baea82888a13fa558004b24e3b107cf\CustomMarshalers.ni.dll
    MOD - [2013/01/13 14:46:36 | 002,297,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll
    MOD - [2013/01/13 14:46:29 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
    MOD - [2013/01/12 23:34:16 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
    MOD - [2013/01/12 23:33:18 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
    MOD - [2013/01/12 23:33:05 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
    MOD - [2013/01/12 00:36:21 | 006,815,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\8167f7d08668a5859e76aa9a1124a42f\System.Data.ni.dll
    MOD - [2013/01/12 00:36:13 | 007,069,696 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\08bebcf66ad666dfdf2a4a934d79c0f9\System.Core.ni.dll
    MOD - [2013/01/12 00:36:08 | 005,617,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d884c684ee3f738a60e3c50dd5d88caa\System.Xml.ni.dll
    MOD - [2013/01/12 00:36:03 | 000,982,528 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\cb72ac8478a5ea7e2d570bb710ecb1c1\System.Configuration.ni.dll
    MOD - [2013/01/12 00:36:02 | 001,667,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b83993cc955262507c8ead67567c8060\System.Drawing.ni.dll
    MOD - [2013/01/12 00:36:00 | 009,094,656 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\df418085cedae9fa2efee87e20a419a4\System.ni.dll
    MOD - [2013/01/12 00:35:52 | 014,413,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\60c214b6ad5691e368a16ec65d127c27\mscorlib.ni.dll
    MOD - [2011/09/08 11:40:10 | 001,645,056 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
    MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2011/02/17 01:03:20 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
    MOD - [2010/11/21 04:24:01 | 000,069,120 | ---- | M] () -- C:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    MOD - [2006/08/12 12:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2011/12/08 02:44:04 | 000,594,704 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
    SRV:64bit: - [2011/12/08 02:43:56 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
    SRV:64bit: - [2011/12/08 02:43:48 | 000,618,256 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV:64bit: - [2011/12/08 02:43:44 | 000,148,752 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV:64bit: - [2011/12/05 01:30:50 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
    SRV:64bit: - [2011/12/05 00:55:36 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
    SRV:64bit: - [2010/09/22 10:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2013/03/14 13:14:26 | 002,912,304 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe -- (SWUpdateService)
    SRV - [2012/12/26 21:54:31 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/07/19 22:59:35 | 000,193,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysWOW64\irstrtsv.exe -- (irstrtsv)
    SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/04/13 11:12:00 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
    SRV - [2012/02/13 15:02:24 | 000,031,624 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe -- (SamsungDeviceConfigurationWinService)
    SRV - [2011/11/14 09:14:24 | 000,995,392 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
    SRV - [2011/11/14 09:14:20 | 001,355,840 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
    SRV - [2011/11/14 09:13:58 | 000,921,664 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
    SRV - [2011/08/09 02:44:56 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2011/08/09 02:44:54 | 000,325,912 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2011/03/01 13:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/02/25 02:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/04/08 21:41:25 | 000,030,112 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HWiNFO64A.SYS -- (HWiNFO32)
    DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/08/23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2012/08/23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2012/08/20 16:48:50 | 000,019,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
    DRV:64bit: - [2012/08/20 16:48:48 | 000,012,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
    DRV:64bit: - [2012/08/06 03:41:28 | 000,313,712 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
    DRV:64bit: - [2012/05/10 16:35:26 | 000,221,184 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rusb3xhc.sys -- (rusb3xhc)
    DRV:64bit: - [2012/05/10 16:35:26 | 000,104,448 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rusb3hub.sys -- (rusb3hub)
    DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/01/10 14:28:16 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/12/09 03:45:14 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
    DRV:64bit: - [2011/12/05 01:22:58 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
    DRV:64bit: - [2011/12/05 01:22:58 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
    DRV:64bit: - [2011/12/01 14:51:00 | 011,417,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
    DRV:64bit: - [2011/11/25 00:25:52 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pneteth.sys -- (pneteth)
    DRV:64bit: - [2011/11/23 15:02:20 | 000,648,808 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/11/14 09:13:44 | 000,327,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
    DRV:64bit: - [2011/11/14 09:13:40 | 000,084,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
    DRV:64bit: - [2011/09/08 08:20:58 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
    DRV:64bit: - [2011/09/08 08:20:56 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
    DRV:64bit: - [2011/09/08 08:20:56 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
    DRV:64bit: - [2011/08/22 21:12:56 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2011/08/17 08:19:38 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
    DRV:64bit: - [2011/06/15 21:50:08 | 000,026,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\irstrtdv.sys -- (irstrtdv)
    DRV:64bit: - [2011/04/11 11:55:24 | 000,007,680 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SGDrv64.sys -- (SGDrv)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/18 00:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/11/23 08:34:00 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
    DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/10/20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2010/06/25 17:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
    DRV:64bit: - [2009/11/02 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
    DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/14 01:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials)
    DRV:64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
    DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/28 07:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
    DRV - [2012/02/16 13:03:19 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
    DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2008/07/26 21:30:36 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\BatteryCare\WinRing0x64.sys -- (WinRing0_1_2_0)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
    IE - HKCU\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
    IE - HKCU\..\SearchScopes\{E625136D-7B8F-45A4-B7BC-15CE0FBB2700}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Keith\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Keith\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)


    [2012/12/30 22:47:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\extensions
    [2012/12/30 22:47:37 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
    CHR - homepage: http://www.google.ie/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Keith\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Keith\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Keith\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Keith\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Search = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: AdBlock = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
    CHR - Extension: Google Play Music = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg\5.1_0\
    CHR - Extension: Typing Test - KeyHero = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcieoaeooeidmpaopkpjpjfakidlabm\1.4.0_0\
    CHR - Extension: UEFA EURO 2012 TM by Carlsberg = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlpjblbfabaebkkhjebmjagoadlficpm\1.0.6_0\
    CHR - Extension: Argos Stockchecker = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdfjafldmdgledccmljiadgmbdcicjee\1.14_0\
    CHR - Extension: Tabs saver = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmabfaomlcjlnplkoflgenkmmpilmead\2.4.8.3_0\
    CHR - Extension: ActiveX for Chrome = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgllffgicojgllpmdbemgglaponefajn\1.5.0.0_0\
    CHR - Extension: Amazon Prices for Ireland = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljbghemliajpgabhbaecbipkgngkoalf\1.7_0\
    CHR - Extension: EXIF Viewer = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\lplmljfembbkocngnlkkdgabpnfokmnl\2.1.11_0\
    CHR - Extension: Awesome New Tab Page = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg\2013.107.6.0_0\
    CHR - Extension: Google Chrome to Phone Extension = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\
    CHR - Extension: Weather Underground = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej\1.6_0\
    CHR - Extension: Gmail = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2 - BHO: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentControl_v2 Toolbar) - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
    O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
    O4 - HKCU..\Run: [MusicManager] C:\Users\Keith\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
    O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Keith\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
    O4 - HKCU..\Run: [Unified Remote v2] C:\Program Files (x86)\Unified Remote\RemoteServer.exe (Unified Intents AB)
    O4 - Startup: C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Keith\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DelayedDesktopSwitchTimeout = 0
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.101.160.4 89.101.160.5
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADF31255-09BA-498C-A64A-CE534F787B4F}: DhcpNameServer = 89.101.160.4 89.101.160.5
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/04/13 13:24:29 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
    [2013/04/13 12:57:31 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Local\adaware
    [2013/04/12 19:49:41 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Local\Brice_Lambson
    [2013/04/12 19:48:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Resizer for Windows
    [2013/04/12 19:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\Image Resizer for Windows
    [2013/04/12 19:48:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Image Resizer for Windows
    [2013/04/12 19:48:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
    [2013/04/08 21:41:25 | 000,030,112 | ---- | C] (REALiX(tm)) -- C:\windows\SysNative\drivers\HWiNFO64A.SYS
    [2013/04/07 23:32:26 | 000,000,000 | ---D | C] -- C:\Users\Keith\Documents\JUPITER EVO GORE-TEX® Products TCX Boots_files
    [2013/03/15 23:42:45 | 000,000,000 | ---D | C] -- C:\windows\rescache
    [2013/03/15 22:22:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    [2013/03/15 22:19:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
    [2013/03/15 22:19:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

    ========== Files - Modified Within 30 Days ==========

    [2013/04/13 21:52:01 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1630322149-2956363582-1371023967-1000Core.job
    [2013/04/13 21:52:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1630322149-2956363582-1371023967-1000UA.job
    [2013/04/13 21:43:34 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2013/04/13 20:54:28 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/04/13 20:54:28 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/04/13 20:51:37 | 000,735,176 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
    [2013/04/13 20:51:37 | 000,633,156 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
    [2013/04/13 20:51:37 | 000,115,116 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
    [2013/04/13 14:23:02 | 000,416,688 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
    [2013/04/13 13:39:37 | 000,025,185 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
    [2013/04/13 13:39:36 | 000,025,185 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
    [2013/04/13 13:11:53 | 000,003,544 | ---- | M] () -- C:\bootsqm.dat
    [2013/04/13 12:30:12 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/04/12 23:12:58 | 006,138,388 | ---- | M] () -- C:\Users\Keith\AppData\Local\census.cache
    [2013/04/12 23:11:41 | 000,116,794 | ---- | M] () -- C:\Users\Keith\AppData\Local\ars.cache
    [2013/04/12 20:27:29 | 000,000,036 | ---- | M] () -- C:\Users\Keith\AppData\Local\housecall.guid.cache
    [2013/04/12 18:17:27 | 000,002,368 | ---- | M] () -- C:\Users\Keith\Desktop\Google Chrome.lnk
    [2013/04/08 21:41:25 | 000,030,112 | ---- | M] (REALiX(tm)) -- C:\windows\SysNative\drivers\HWiNFO64A.SYS
    [2013/04/08 20:20:26 | 000,001,946 | ---- | M] () -- C:\Users\Public\Desktop\SW Update.lnk
    [2013/04/07 23:32:26 | 000,094,731 | ---- | M] () -- C:\Users\Keith\Documents\JUPITER EVO GORE-TEX® Products TCX Boots.htm
    [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
    [2013/03/30 00:41:54 | 000,001,049 | ---- | M] () -- C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2013/03/30 00:41:39 | 000,001,017 | ---- | M] () -- C:\Users\Keith\Desktop\Dropbox.lnk

    ========== Files Created - No Company Name ==========

    [2013/04/13 13:39:37 | 000,025,185 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
    [2013/04/13 13:39:36 | 000,025,185 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
    [2013/04/13 13:11:53 | 000,003,544 | ---- | C] () -- C:\bootsqm.dat
    [2013/04/12 23:12:58 | 006,138,388 | ---- | C] () -- C:\Users\Keith\AppData\Local\census.cache
    [2013/04/12 23:11:41 | 000,116,794 | ---- | C] () -- C:\Users\Keith\AppData\Local\ars.cache
    [2013/04/12 20:27:29 | 000,000,036 | ---- | C] () -- C:\Users\Keith\AppData\Local\housecall.guid.cache
    [2013/04/07 23:32:25 | 000,094,731 | ---- | C] () -- C:\Users\Keith\Documents\JUPITER EVO GORE-TEX® Products TCX Boots.htm
    [2012/07/19 23:19:19 | 000,000,017 | ---- | C] () -- C:\Users\Keith\AppData\Local\resmon.resmoncfg
    [2012/04/09 23:26:11 | 000,735,230 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
    [2012/02/03 09:24:11 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
    [2012/02/03 08:49:15 | 000,001,340 | ---- | C] () -- C:\windows\HotFixList.ini
    [2012/01/10 14:27:24 | 000,963,884 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
    [2012/01/10 14:27:24 | 000,221,264 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
    [2012/01/10 14:16:52 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
    [2012/01/10 13:29:52 | 013,904,384 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
    [2011/12/13 01:16:19 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin

    ========== ZeroAccess Check ==========

    [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2013/03/10 14:50:08 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\BatteryCare
    [2013/04/13 20:47:56 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Dropbox
    [2013/04/13 13:14:40 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Spotify
    [2013/01/13 14:03:46 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\StreamTorrent
    [2012/04/22 01:59:15 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Unified Remote
    [2013/04/08 00:45:20 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\uTorrent
    [2012/04/07 00:35:05 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\WildTangent
    [2013/02/07 23:26:51 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\XBMC

    ========== Purity Check ==========



    < End of report >


    **************************************************************************************************************************************************************************************************************




    OTL Extras logfile created on: 13/04/2013 21:47:11 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Keith\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16540)
    Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    3.79 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 61.45% Memory free
    7.52 Gb Paging File | 5.43 Gb Available in Paging File | 72.21% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 92.92 Gb Total Space | 2.86 Gb Free Space | 3.08% Space Free | Partition Type: NTFS

    Computer Name: KEITH-PC | User Name: Keith | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00004C45-C2F0-488F-B2F9-F13CE54CB373}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{0DE27D4D-87D9-4E15-BF05-D1326957E9D9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{1E1CB408-358A-423C-8F49-A3774A2CFFD6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{2D8485E1-7A7A-49F0-A89A-C775E798B07F}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{305EECA7-B755-4677-BC39-4D91AB4AB01D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{38E373C5-EEF2-49B6-B6B0-93795265BE20}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{414DD56D-AF69-4A89-B827-4DCBA8E7AA58}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{46678F7F-24B6-46E9-BFEA-F7A184703328}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{5CBB1225-40FB-4C41-B424-A318466DC0FA}" = lport=137 | protocol=17 | dir=in | app=system |
    "{70DF548D-4DCF-4F25-A513-84416693B529}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
    "{9FCB1870-1ABC-4B39-897B-0C8F04ED39CD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{A7E0B853-01DF-4D09-A143-504C048C977A}" = rport=139 | protocol=6 | dir=out | app=system |
    "{AA8594C8-CF0D-480F-9A0A-4FCC050E3B9B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{AAA1D850-A8F7-4260-AD43-6A7C4D864D90}" = lport=138 | protocol=17 | dir=in | app=system |
    "{AE8C5018-7E38-4933-868E-4DF0EACCA8EB}" = rport=137 | protocol=17 | dir=out | app=system |
    "{B96ECBCA-CE40-44D1-8030-085732964AEF}" = rport=445 | protocol=6 | dir=out | app=system |
    "{C369DD7F-0337-46C1-B4AF-0880F0356E1A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{D40FB81D-B135-4B68-836C-BAFC6CC3542A}" = rport=138 | protocol=17 | dir=out | app=system |
    "{D7289AF3-DBE1-4F06-8BC7-8090F54516AB}" = lport=445 | protocol=6 | dir=in | app=system |
    "{E1574E93-9108-4CDF-A9BA-617F33A66E12}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{E574AB1F-C18D-4FE2-8240-95D7CCF315E7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{F2682C83-7AE5-40B4-9586-D94978A0E272}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{F3CDEE27-7C88-48C8-9FB4-93BC23354A08}" = lport=139 | protocol=6 | dir=in | app=system |
    "{FD87D827-311D-491B-A23B-CCABCC5B070F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{042C564E-C818-4BAB-9A54-2F88E9C798A7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{0AAA26C2-1F60-4FE6-9EE4-E73ED123C4B4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{1785A5F1-3D04-4531-A138-492E1E62C5E4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1E590126-0070-4066-9B60-3DB00614FBDA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hotline_miami\hotlinemiami.exe |
    "{1F25E540-E862-436E-8FB7-9CFD32C491C9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{2B218EB7-5DA7-4D71-8C17-1BD8221C1B5E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{3112AAA5-FD55-4F28-A11F-F8A4E72743B5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{32377265-D89F-4410-B6AD-A1D3806FE67C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{36319B93-4196-416A-A4A3-D0DCBE66C003}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{3654FECF-4ACA-4170-BD81-84C54B8F7494}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{44010638-4799-422E-A1BE-16DB7F15FD18}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{445B7C36-D908-4586-99D5-7FD45C6CC170}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{503CCEA1-DE7B-485F-93E7-A8A2ECB3FB87}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{51E014F2-C715-428E-BA8A-E36988D1732C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{573CCA03-0AA3-481C-9314-84AB8556B5C8}" = protocol=6 | dir=in | app=c:\users\keith\appdata\roaming\dropbox\bin\dropbox.exe |
    "{5E5AA370-D124-4D78-9590-AE49743DBA67}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
    "{6303E52B-4FAC-4E3A-8EC1-7914DE206F6B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{79D4F791-C79D-437D-A1B5-C516E9C791B0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{7C21CAB2-0A39-46E3-B501-38BA79442FFB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{7FD20C73-051B-4962-BA97-65BE5AC63C9F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{81206F17-2099-4035-8E61-8B0BFEA6F23E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8B4B3738-E4A9-4E9B-9098-946F63B0A3BE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{989F94EC-FB95-4E26-B036-A968C379B425}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
    "{A211E42A-7FE6-4A7B-A7FC-E77A39F18696}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{A59C058F-1CA5-4EFB-8F19-EEC7BFA1B3D6}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{B08BDF68-76CE-4705-A35B-09BCE88B10A1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{C2945EC7-8A16-434A-8D3F-CE0D36C6DCB7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{C7F580F2-ACC7-43C3-B8FA-0CE91F31B891}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{C8F721C2-2D7B-4141-BFAD-0BDA23A0BCE1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{CAD566F6-B751-45AE-9585-644EE1957812}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{D18C777B-AA5A-4485-997A-BDE7D467D922}" = protocol=6 | dir=out | app=system |
    "{E38FB7EB-189E-437C-A868-FEC82ACBBC9D}" = protocol=17 | dir=in | app=c:\users\keith\appdata\roaming\dropbox\bin\dropbox.exe |
    "{E7362B82-B5FD-47F2-9A65-028049CCA9B6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{ED9AFC1F-E139-4425-B4A3-A489822185B9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{F2E54D47-C051-4E57-998D-4B11F07BC0F3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hotline_miami\hotlinemiami.exe |
    "{FB7A9AB9-A675-49D8-86BF-86C7B86B5C84}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{FDB55BFF-52EF-45D1-88A3-B4B1EDB30D70}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "TCP Query User{0108EF23-C262-4800-BE6E-C5DCCF5074BA}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
    "TCP Query User{1B4ED379-FE8F-4B35-9170-F971E669647E}C:\users\keith\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\keith\appdata\roaming\spotify\spotify.exe |
    "TCP Query User{24536A87-047E-4076-9D40-2CB4F370555B}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe |
    "TCP Query User{27D74E08-11B4-40AB-BEBA-5CE8489612C2}C:\program files (x86)\xbmc\xbmc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe |
    "TCP Query User{37A2814F-96FA-41AF-9123-50A7F4D75792}C:\users\keith\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\keith\appdata\roaming\dropbox\bin\dropbox.exe |
    "TCP Query User{BFA0292C-B61A-4097-966D-B1CE42659C6E}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
    "TCP Query User{CE9A0861-A504-4D98-AC38-1096BF556235}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe |
    "TCP Query User{DEE259D5-3B14-416D-BBE9-9367AC8603F5}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
    "UDP Query User{05F6001C-DE24-4FF8-B52F-0AF5E6555680}C:\users\keith\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\keith\appdata\roaming\spotify\spotify.exe |
    "UDP Query User{2F7AF7CC-8E0D-4F87-8B19-858351E806EA}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
    "UDP Query User{33694D8A-F8D7-4C2C-AF2C-4BBDD2B0C5F9}C:\users\keith\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\keith\appdata\roaming\dropbox\bin\dropbox.exe |
    "UDP Query User{37374649-3150-4138-A326-3CBE37F1EABC}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe |
    "UDP Query User{387F8A24-4445-4E0B-8A1A-F33D1D172109}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
    "UDP Query User{8B10C104-72D6-4C18-AE75-B69FC55C6994}C:\program files (x86)\xbmc\xbmc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe |
    "UDP Query User{965C1311-00C4-4831-A5AF-C3A3907754D9}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe |
    "UDP Query User{C408CC19-2354-4436-A175-C57F58E7FF1D}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0738F5F1-8E70-49A6-8692-F5722E1E5A4D}" = Easy Support Center
    "{077BF055-512A-4D48-B3C2-44AD860FEB0A}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
    "{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
    "{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
    "{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
    "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
    "{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
    "{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources
    "{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
    "{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
    "{27F3F8DE-AC95-4E10-90A6-EBA999DDBCAF}" = Windows Live Remote Service Resources
    "{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
    "{29CFD07F-4971-41B0-B14D-621ACCC264AC}" = Windows Live Remote Service Resources
    "{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}" = Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed
    "{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
    "{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
    "{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
    "{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
    "{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
    "{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
    "{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
    "{4C9845D5-9FAD-4C52-B389-CAEF0F216215}" = Windows Live Remote Client Resources
    "{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
    "{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
    "{539A70A8-95EC-474A-BDDF-92AB7A53762C}" = S Agent
    "{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
    "{5E2CD4F


  • Registered Users, Registered Users 2 Posts: 3,225 ✭✭✭Keith186


    Cool, thanks.

    OTL logfile created on: 13/04/2013 21:47:11 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Keith\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16540)
    Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    3.79 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 61.45% Memory free
    7.52 Gb Paging File | 5.43 Gb Available in Paging File | 72.21% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 92.92 Gb Total Space | 2.86 Gb Free Space | 3.08% Space Free | Partition Type: NTFS

    Computer Name: KEITH-PC | User Name: Keith | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/04/13 21:45:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Keith\Downloads\OTL.exe
    PRC - [2013/04/12 20:12:51 | 001,104,280 | ---- | M] (Spotify Ltd) -- C:\Users\Keith\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    PRC - [2013/03/18 21:12:12 | 007,366,656 | ---- | M] (Google Inc.) -- C:\Users\Keith\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
    PRC - [2013/03/14 13:14:26 | 002,912,304 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
    PRC - [2013/03/12 08:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\Keith\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2013/02/28 21:36:18 | 000,275,544 | ---- | M] (Unified Intents AB) -- C:\Program Files (x86)\Unified Remote\RemoteServer.exe
    PRC - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/07/19 22:59:35 | 000,193,536 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\irstrtsv.exe
    PRC - [2012/07/19 22:59:26 | 000,704,512 | ---- | M] (Intel) -- C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
    PRC - [2012/05/30 20:55:26 | 001,112,968 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
    PRC - [2012/05/02 08:03:44 | 002,279,304 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
    PRC - [2012/04/25 13:18:10 | 000,784,264 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
    PRC - [2012/04/13 11:12:00 | 000,088,576 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    PRC - [2012/02/13 15:02:24 | 000,031,624 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
    PRC - [2012/01/31 15:56:48 | 001,640,328 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
    PRC - [2011/12/19 11:12:06 | 004,467,280 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
    PRC - [2011/11/14 09:14:24 | 000,995,392 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    PRC - [2011/11/14 09:14:20 | 001,355,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    PRC - [2011/11/14 09:13:58 | 000,921,664 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    PRC - [2011/11/14 09:13:52 | 000,839,744 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
    PRC - [2011/10/21 10:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
    PRC - [2011/08/17 08:19:18 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    PRC - [2011/08/09 02:44:56 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2011/08/09 02:44:54 | 000,325,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2011/02/25 02:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE


    ========== Modules (No Company Name) ==========

    MOD - [2013/04/09 09:57:07 | 000,390,096 | ---- | M] () -- C:\Users\Keith\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
    MOD - [2013/04/09 09:57:06 | 013,130,704 | ---- | M] () -- C:\Users\Keith\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
    MOD - [2013/04/09 09:57:05 | 004,050,896 | ---- | M] () -- C:\Users\Keith\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
    MOD - [2013/04/09 09:56:15 | 000,598,480 | ---- | M] () -- C:\Users\Keith\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll
    MOD - [2013/04/09 09:56:14 | 000,124,368 | ---- | M] () -- C:\Users\Keith\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll
    MOD - [2013/04/09 09:56:13 | 001,606,096 | ---- | M] () -- C:\Users\Keith\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
    MOD - [2013/03/18 21:01:08 | 000,344,064 | ---- | M] () -- C:\Users\Keith\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
    MOD - [2013/03/18 21:00:52 | 000,231,936 | ---- | M] () -- C:\Users\Keith\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
    MOD - [2013/03/18 21:00:26 | 000,253,440 | ---- | M] () -- C:\Users\Keith\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
    MOD - [2013/03/18 21:00:14 | 000,117,248 | ---- | M] () -- C:\Users\Keith\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
    MOD - [2013/02/27 20:33:20 | 000,026,624 | ---- | M] () -- C:\Users\Keith\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
    MOD - [2013/02/27 20:33:06 | 010,683,392 | ---- | M] () -- C:\Users\Keith\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
    MOD - [2013/02/27 20:33:02 | 001,681,408 | ---- | M] () -- C:\Users\Keith\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
    MOD - [2013/02/27 20:32:58 | 007,741,952 | ---- | M] () -- C:\Users\Keith\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
    MOD - [2013/02/27 20:32:56 | 002,248,192 | ---- | M] () -- C:\Users\Keith\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
    MOD - [2013/02/15 23:40:29 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
    MOD - [2013/02/15 23:08:41 | 013,199,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\806c4ba7d696ab586ffd774a31f1a66b\System.Windows.Forms.ni.dll
    MOD - [2013/01/13 14:52:56 | 018,080,256 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\e464dc608a88955a0edccba917d207de\System.ServiceModel.ni.dll
    MOD - [2013/01/13 14:50:42 | 002,647,040 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\48ee0e1de873152ec7e85d7456c1cc09\System.Runtime.Serialization.ni.dll
    MOD - [2013/01/13 14:50:40 | 000,393,216 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\84068bac0b3859c94652214e0b90dfc6\System.Xml.Linq.ni.dll
    MOD - [2013/01/13 14:47:05 | 000,220,672 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\5baea82888a13fa558004b24e3b107cf\CustomMarshalers.ni.dll
    MOD - [2013/01/13 14:46:36 | 002,297,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll
    MOD - [2013/01/13 14:46:29 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
    MOD - [2013/01/12 23:34:16 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
    MOD - [2013/01/12 23:33:18 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
    MOD - [2013/01/12 23:33:05 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
    MOD - [2013/01/12 00:36:21 | 006,815,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\8167f7d08668a5859e76aa9a1124a42f\System.Data.ni.dll
    MOD - [2013/01/12 00:36:13 | 007,069,696 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\08bebcf66ad666dfdf2a4a934d79c0f9\System.Core.ni.dll
    MOD - [2013/01/12 00:36:08 | 005,617,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d884c684ee3f738a60e3c50dd5d88caa\System.Xml.ni.dll
    MOD - [2013/01/12 00:36:03 | 000,982,528 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\cb72ac8478a5ea7e2d570bb710ecb1c1\System.Configuration.ni.dll
    MOD - [2013/01/12 00:36:02 | 001,667,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b83993cc955262507c8ead67567c8060\System.Drawing.ni.dll
    MOD - [2013/01/12 00:36:00 | 009,094,656 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\df418085cedae9fa2efee87e20a419a4\System.ni.dll
    MOD - [2013/01/12 00:35:52 | 014,413,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\60c214b6ad5691e368a16ec65d127c27\mscorlib.ni.dll
    MOD - [2011/09/08 11:40:10 | 001,645,056 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
    MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2011/02/17 01:03:20 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
    MOD - [2010/11/21 04:24:01 | 000,069,120 | ---- | M] () -- C:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    MOD - [2006/08/12 12:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2011/12/08 02:44:04 | 000,594,704 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
    SRV:64bit: - [2011/12/08 02:43:56 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
    SRV:64bit: - [2011/12/08 02:43:48 | 000,618,256 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV:64bit: - [2011/12/08 02:43:44 | 000,148,752 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV:64bit: - [2011/12/05 01:30:50 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
    SRV:64bit: - [2011/12/05 00:55:36 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
    SRV:64bit: - [2010/09/22 10:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2013/03/14 13:14:26 | 002,912,304 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe -- (SWUpdateService)
    SRV - [2012/12/26 21:54:31 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/07/19 22:59:35 | 000,193,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysWOW64\irstrtsv.exe -- (irstrtsv)
    SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/04/13 11:12:00 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
    SRV - [2012/02/13 15:02:24 | 000,031,624 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe -- (SamsungDeviceConfigurationWinService)
    SRV - [2011/11/14 09:14:24 | 000,995,392 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
    SRV - [2011/11/14 09:14:20 | 001,355,840 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
    SRV - [2011/11/14 09:13:58 | 000,921,664 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
    SRV - [2011/08/09 02:44:56 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2011/08/09 02:44:54 | 000,325,912 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2011/03/01 13:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/02/25 02:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/04/08 21:41:25 | 000,030,112 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HWiNFO64A.SYS -- (HWiNFO32)
    DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/08/23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2012/08/23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2012/08/20 16:48:50 | 000,019,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
    DRV:64bit: - [2012/08/20 16:48:48 | 000,012,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
    DRV:64bit: - [2012/08/06 03:41:28 | 000,313,712 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
    DRV:64bit: - [2012/05/10 16:35:26 | 000,221,184 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rusb3xhc.sys -- (rusb3xhc)
    DRV:64bit: - [2012/05/10 16:35:26 | 000,104,448 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rusb3hub.sys -- (rusb3hub)
    DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/01/10 14:28:16 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/12/09 03:45:14 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
    DRV:64bit: - [2011/12/05 01:22:58 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
    DRV:64bit: - [2011/12/05 01:22:58 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
    DRV:64bit: - [2011/12/01 14:51:00 | 011,417,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
    DRV:64bit: - [2011/11/25 00:25:52 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pneteth.sys -- (pneteth)
    DRV:64bit: - [2011/11/23 15:02:20 | 000,648,808 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/11/14 09:13:44 | 000,327,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
    DRV:64bit: - [2011/11/14 09:13:40 | 000,084,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
    DRV:64bit: - [2011/09/08 08:20:58 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
    DRV:64bit: - [2011/09/08 08:20:56 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
    DRV:64bit: - [2011/09/08 08:20:56 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
    DRV:64bit: - [2011/08/22 21:12:56 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2011/08/17 08:19:38 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
    DRV:64bit: - [2011/06/15 21:50:08 | 000,026,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\irstrtdv.sys -- (irstrtdv)
    DRV:64bit: - [2011/04/11 11:55:24 | 000,007,680 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SGDrv64.sys -- (SGDrv)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/18 00:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/11/23 08:34:00 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
    DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/10/20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2010/06/25 17:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
    DRV:64bit: - [2009/11/02 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
    DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/14 01:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials)
    DRV:64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
    DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/28 07:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
    DRV - [2012/02/16 13:03:19 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
    DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2008/07/26 21:30:36 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\BatteryCare\WinRing0x64.sys -- (WinRing0_1_2_0)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
    IE - HKCU\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
    IE - HKCU\..\SearchScopes\{E625136D-7B8F-45A4-B7BC-15CE0FBB2700}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Keith\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Keith\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)


    [2012/12/30 22:47:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\extensions
    [2012/12/30 22:47:37 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
    CHR - homepage: http://www.google.ie/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Keith\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Keith\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Keith\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Keith\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Search = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: AdBlock = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
    CHR - Extension: Google Play Music = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg\5.1_0\
    CHR - Extension: Typing Test - KeyHero = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcieoaeooeidmpaopkpjpjfakidlabm\1.4.0_0\
    CHR - Extension: UEFA EURO 2012 TM by Carlsberg = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlpjblbfabaebkkhjebmjagoadlficpm\1.0.6_0\
    CHR - Extension: Argos Stockchecker = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdfjafldmdgledccmljiadgmbdcicjee\1.14_0\
    CHR - Extension: Tabs saver = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmabfaomlcjlnplkoflgenkmmpilmead\2.4.8.3_0\
    CHR - Extension: ActiveX for Chrome = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgllffgicojgllpmdbemgglaponefajn\1.5.0.0_0\
    CHR - Extension: Amazon Prices for Ireland = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljbghemliajpgabhbaecbipkgngkoalf\1.7_0\
    CHR - Extension: EXIF Viewer = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\lplmljfembbkocngnlkkdgabpnfokmnl\2.1.11_0\
    CHR - Extension: Awesome New Tab Page = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg\2013.107.6.0_0\
    CHR - Extension: Google Chrome to Phone Extension = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\
    CHR - Extension: Weather Underground = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej\1.6_0\
    CHR - Extension: Gmail = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2 - BHO: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentControl_v2 Toolbar) - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
    O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
    O4 - HKCU..\Run: [MusicManager] C:\Users\Keith\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
    O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Keith\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
    O4 - HKCU..\Run: [Unified Remote v2] C:\Program Files (x86)\Unified Remote\RemoteServer.exe (Unified Intents AB)
    O4 - Startup: C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Keith\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DelayedDesktopSwitchTimeout = 0
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.101.160.4 89.101.160.5
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADF31255-09BA-498C-A64A-CE534F787B4F}: DhcpNameServer = 89.101.160.4 89.101.160.5
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/04/13 13:24:29 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
    [2013/04/13 12:57:31 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Local\adaware
    [2013/04/12 19:49:41 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Local\Brice_Lambson
    [2013/04/12 19:48:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Resizer for Windows
    [2013/04/12 19:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\Image Resizer for Windows
    [2013/04/12 19:48:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Image Resizer for Windows
    [2013/04/12 19:48:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
    [2013/04/08 21:41:25 | 000,030,112 | ---- | C] (REALiX(tm)) -- C:\windows\SysNative\drivers\HWiNFO64A.SYS
    [2013/04/07 23:32:26 | 000,000,000 | ---D | C] -- C:\Users\Keith\Documents\JUPITER EVO GORE-TEX® Products TCX Boots_files
    [2013/03/15 23:42:45 | 000,000,000 | ---D | C] -- C:\windows\rescache
    [2013/03/15 22:22:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    [2013/03/15 22:19:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
    [2013/03/15 22:19:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

    ========== Files - Modified Within 30 Days ==========

    [2013/04/13 21:52:01 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1630322149-2956363582-1371023967-1000Core.job
    [2013/04/13 21:52:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1630322149-2956363582-1371023967-1000UA.job
    [2013/04/13 21:43:34 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2013/04/13 20:54:28 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/04/13 20:54:28 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/04/13 20:51:37 | 000,735,176 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
    [2013/04/13 20:51:37 | 000,633,156 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
    [2013/04/13 20:51:37 | 000,115,116 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
    [2013/04/13 14:23:02 | 000,416,688 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
    [2013/04/13 13:39:37 | 000,025,185 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
    [2013/04/13 13:39:36 | 000,025,185 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
    [2013/04/13 13:11:53 | 000,003,544 | ---- | M] () -- C:\bootsqm.dat
    [2013/04/13 12:30:12 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/04/12 23:12:58 | 006,138,388 | ---- | M] () -- C:\Users\Keith\AppData\Local\census.cache
    [2013/04/12 23:11:41 | 000,116,794 | ---- | M] () -- C:\Users\Keith\AppData\Local\ars.cache
    [2013/04/12 20:27:29 | 000,000,036 | ---- | M] () -- C:\Users\Keith\AppData\Local\housecall.guid.cache
    [2013/04/12 18:17:27 | 000,002,368 | ---- | M] () -- C:\Users\Keith\Desktop\Google Chrome.lnk
    [2013/04/08 21:41:25 | 000,030,112 | ---- | M] (REALiX(tm)) -- C:\windows\SysNative\drivers\HWiNFO64A.SYS
    [2013/04/08 20:20:26 | 000,001,946 | ---- | M] () -- C:\Users\Public\Desktop\SW Update.lnk
    [2013/04/07 23:32:26 | 000,094,731 | ---- | M] () -- C:\Users\Keith\Documents\JUPITER EVO GORE-TEX® Products TCX Boots.htm
    [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
    [2013/03/30 00:41:54 | 000,001,049 | ---- | M] () -- C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2013/03/30 00:41:39 | 000,001,017 | ---- | M] () -- C:\Users\Keith\Desktop\Dropbox.lnk

    ========== Files Created - No Company Name ==========

    [2013/04/13 13:39:37 | 000,025,185 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
    [2013/04/13 13:39:36 | 000,025,185 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
    [2013/04/13 13:11:53 | 000,003,544 | ---- | C] () -- C:\bootsqm.dat
    [2013/04/12 23:12:58 | 006,138,388 | ---- | C] () -- C:\Users\Keith\AppData\Local\census.cache
    [2013/04/12 23:11:41 | 000,116,794 | ---- | C] () -- C:\Users\Keith\AppData\Local\ars.cache
    [2013/04/12 20:27:29 | 000,000,036 | ---- | C] () -- C:\Users\Keith\AppData\Local\housecall.guid.cache
    [2013/04/07 23:32:25 | 000,094,731 | ---- | C] () -- C:\Users\Keith\Documents\JUPITER EVO GORE-TEX® Products TCX Boots.htm
    [2012/07/19 23:19:19 | 000,000,017 | ---- | C] () -- C:\Users\Keith\AppData\Local\resmon.resmoncfg
    [2012/04/09 23:26:11 | 000,735,230 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
    [2012/02/03 09:24:11 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
    [2012/02/03 08:49:15 | 000,001,340 | ---- | C] () -- C:\windows\HotFixList.ini
    [2012/01/10 14:27:24 | 000,963,884 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
    [2012/01/10 14:27:24 | 000,221,264 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
    [2012/01/10 14:16:52 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
    [2012/01/10 13:29:52 | 013,904,384 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
    [2011/12/13 01:16:19 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin

    ========== ZeroAccess Check ==========

    [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2013/03/10 14:50:08 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\BatteryCare
    [2013/04/13 20:47:56 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Dropbox
    [2013/04/13 13:14:40 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Spotify
    [2013/01/13 14:03:46 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\StreamTorrent
    [2012/04/22 01:59:15 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Unified Remote
    [2013/04/08 00:45:20 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\uTorrent
    [2012/04/07 00:35:05 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\WildTangent
    [2013/02/07 23:26:51 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\XBMC

    ========== Purity Check ==========



    < End of report >


    **************************************************************************************************************************************************************************************************************




    OTL Extras logfile created on: 13/04/2013 21:47:11 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Keith\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16540)
    Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    3.79 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 61.45% Memory free
    7.52 Gb Paging File | 5.43 Gb Available in Paging File | 72.21% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 92.92 Gb Total Space | 2.86 Gb Free Space | 3.08% Space Free | Partition Type: NTFS

    Computer Name: KEITH-PC | User Name: Keith | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00004C45-C2F0-488F-B2F9-F13CE54CB373}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{0DE27D4D-87D9-4E15-BF05-D1326957E9D9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{1E1CB408-358A-423C-8F49-A3774A2CFFD6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{2D8485E1-7A7A-49F0-A89A-C775E798B07F}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{305EECA7-B755-4677-BC39-4D91AB4AB01D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{38E373C5-EEF2-49B6-B6B0-93795265BE20}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{414DD56D-AF69-4A89-B827-4DCBA8E7AA58}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{46678F7F-24B6-46E9-BFEA-F7A184703328}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{5CBB1225-40FB-4C41-B424-A318466DC0FA}" = lport=137 | protocol=17 | dir=in | app=system |
    "{70DF548D-4DCF-4F25-A513-84416693B529}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
    "{9FCB1870-1ABC-4B39-897B-0C8F04ED39CD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{A7E0B853-01DF-4D09-A143-504C048C977A}" = rport=139 | protocol=6 | dir=out | app=system |
    "{AA8594C8-CF0D-480F-9A0A-4FCC050E3B9B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{AAA1D850-A8F7-4260-AD43-6A7C4D864D90}" = lport=138 | protocol=17 | dir=in | app=system |
    "{AE8C5018-7E38-4933-868E-4DF0EACCA8EB}" = rport=137 | protocol=17 | dir=out | app=system |
    "{B96ECBCA-CE40-44D1-8030-085732964AEF}" = rport=445 | protocol=6 | dir=out | app=system |
    "{C369DD7F-0337-46C1-B4AF-0880F0356E1A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{D40FB81D-B135-4B68-836C-BAFC6CC3542A}" = rport=138 | protocol=17 | dir=out | app=system |
    "{D7289AF3-DBE1-4F06-8BC7-8090F54516AB}" = lport=445 | protocol=6 | dir=in | app=system |
    "{E1574E93-9108-4CDF-A9BA-617F33A66E12}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{E574AB1F-C18D-4FE2-8240-95D7CCF315E7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{F2682C83-7AE5-40B4-9586-D94978A0E272}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{F3CDEE27-7C88-48C8-9FB4-93BC23354A08}" = lport=139 | protocol=6 | dir=in | app=system |
    "{FD87D827-311D-491B-A23B-CCABCC5B070F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{042C564E-C818-4BAB-9A54-2F88E9C798A7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{0AAA26C2-1F60-4FE6-9EE4-E73ED123C4B4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{1785A5F1-3D04-4531-A138-492E1E62C5E4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1E590126-0070-4066-9B60-3DB00614FBDA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hotline_miami\hotlinemiami.exe |
    "{1F25E540-E862-436E-8FB7-9CFD32C491C9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{2B218EB7-5DA7-4D71-8C17-1BD8221C1B5E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{3112AAA5-FD55-4F28-A11F-F8A4E72743B5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{32377265-D89F-4410-B6AD-A1D3806FE67C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{36319B93-4196-416A-A4A3-D0DCBE66C003}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{3654FECF-4ACA-4170-BD81-84C54B8F7494}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{44010638-4799-422E-A1BE-16DB7F15FD18}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{445B7C36-D908-4586-99D5-7FD45C6CC170}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{503CCEA1-DE7B-485F-93E7-A8A2ECB3FB87}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{51E014F2-C715-428E-BA8A-E36988D1732C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{573CCA03-0AA3-481C-9314-84AB8556B5C8}" = protocol=6 | dir=in | app=c:\users\keith\appdata\roaming\dropbox\bin\dropbox.exe |
    "{5E5AA370-D124-4D78-9590-AE49743DBA67}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
    "{6303E52B-4FAC-4E3A-8EC1-7914DE206F6B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{79D4F791-C79D-437D-A1B5-C516E9C791B0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{7C21CAB2-0A39-46E3-B501-38BA79442FFB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{7FD20C73-051B-4962-BA97-65BE5AC63C9F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{81206F17-2099-4035-8E61-8B0BFEA6F23E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8B4B3738-E4A9-4E9B-9098-946F63B0A3BE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{989F94EC-FB95-4E26-B036-A968C379B425}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
    "{A211E42A-7FE6-4A7B-A7FC-E77A39F18696}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{A59C058F-1CA5-4EFB-8F19-EEC7BFA1B3D6}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{B08BDF68-76CE-4705-A35B-09BCE88B10A1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{C2945EC7-8A16-434A-8D3F-CE0D36C6DCB7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{C7F580F2-ACC7-43C3-B8FA-0CE91F31B891}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{C8F721C2-2D7B-4141-BFAD-0BDA23A0BCE1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{CAD566F6-B751-45AE-9585-644EE1957812}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{D18C777B-AA5A-4485-997A-BDE7D467D922}" = protocol=6 | dir=out | app=system |
    "{E38FB7EB-189E-437C-A868-FEC82ACBBC9D}" = protocol=17 | dir=in | app=c:\users\keith\appdata\roaming\dropbox\bin\dropbox.exe |
    "{E7362B82-B5FD-47F2-9A65-028049CCA9B6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{ED9AFC1F-E139-4425-B4A3-A489822185B9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{F2E54D47-C051-4E57-998D-4B11F07BC0F3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hotline_miami\hotlinemiami.exe |
    "{FB7A9AB9-A675-49D8-86BF-86C7B86B5C84}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{FDB55BFF-52EF-45D1-88A3-B4B1EDB30D70}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "TCP Query User{0108EF23-C262-4800-BE6E-C5DCCF5074BA}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
    "TCP Query User{1B4ED379-FE8F-4B35-9170-F971E669647E}C:\users\keith\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\keith\appdata\roaming\spotify\spotify.exe |
    "TCP Query User{24536A87-047E-4076-9D40-2CB4F370555B}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe |
    "TCP Query User{27D74E08-11B4-40AB-BEBA-5CE8489612C2}C:\program files (x86)\xbmc\xbmc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe |
    "TCP Query User{37A2814F-96FA-41AF-9123-50A7F4D75792}C:\users\keith\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\keith\appdata\roaming\dropbox\bin\dropbox.exe |
    "TCP Query User{BFA0292C-B61A-4097-966D-B1CE42659C6E}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
    "TCP Query User{CE9A0861-A504-4D98-AC38-1096BF556235}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe |
    "TCP Query User{DEE259D5-3B14-416D-BBE9-9367AC8603F5}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
    "UDP Query User{05F6001C-DE24-4FF8-B52F-0AF5E6555680}C:\users\keith\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\keith\appdata\roaming\spotify\spotify.exe |
    "UDP Query User{2F7AF7CC-8E0D-4F87-8B19-858351E806EA}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
    "UDP Query User{33694D8A-F8D7-4C2C-AF2C-4BBDD2B0C5F9}C:\users\keith\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\keith\appdata\roaming\dropbox\bin\dropbox.exe |
    "UDP Query User{37374649-3150-4138-A326-3CBE37F1EABC}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe |
    "UDP Query User{387F8A24-4445-4E0B-8A1A-F33D1D172109}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
    "UDP Query User{8B10C104-72D6-4C18-AE75-B69FC55C6994}C:\program files (x86)\xbmc\xbmc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe |
    "UDP Query User{965C1311-00C4-4831-A5AF-C3A3907754D9}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe |
    "UDP Query User{C408CC19-2354-4436-A175-C57F58E7FF1D}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0738F5F1-8E70-49A6-8692-F5722E1E5A4D}" = Easy Support Center
    "{077BF055-512A-4D48-B3C2-44AD860FEB0A}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
    "{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
    "{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
    "{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
    "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
    "{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
    "{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources
    "{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
    "{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
    "{27F3F8DE-AC95-4E10-90A6-EBA999DDBCAF}" = Windows Live Remote Service Resources
    "{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
    "{29CFD07F-4971-41B0-B14D-621ACCC264AC}" = Windows Live Remote Service Resources
    "{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}" = Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed
    "{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
    "{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
    "{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
    "{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
    "{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
    "{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Res


  • Advertisement
  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    looks ok, what was finding the win32small ? Can you get the log that shows it ?


    Also update mbam run a quick scan post that log here.


  • Registered Users, Registered Users 2 Posts: 3,225 ✭✭✭Keith186


    Here's an mbam quick scan log that I did yesterday.

    Message about virus is only in the Action Centre, screen shot below. Is there a log for this anywhere or in windows event log maybe?

    I've done all these scans so far.

    TrendMicro housecall online scanner - no infections
    MalwareBytes Anti Malware - no infections
    Ad-Aware - no infections
    Chkdsk - everything ok
    MSE - Active at time, no infections.
    OTL - 30 day log saved on 13/04.


    *************************************************
    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.04.13.02

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Keith :: KEITH-PC [administrator]

    13/04/2013 12:31:33
    mbam-log-2013-04-13 (12-31-33).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 213794
    Time elapsed: 6 minute(s), 29 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    wo4uo.jpg[


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    No need to worry about it, can click the CleanUp button in OTL then all done.


  • Registered Users, Registered Users 2 Posts: 3,225 ✭✭✭Keith186


    Cheers mate, thanks for taking the time to look. OTL Clean Up done.

    ESET online scan was clean too so between all them and your help I should be alright. Read elsewhere it may be false positives but nothing conclusive.


  • Banned (with Prison Access) Posts: 559 ✭✭✭Maura74


    ASJ112 wrote: »
    what is finding it ?


    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Quick Scan button. Do not change any settings. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files here

    Thanks you for help, but I have not been able to get do anything with that laptop as yet. I will however do something with later, I will need to get some stuff of it and transfer it to the new laptop that I purchase with windows 8, which I am a bit of bother with this when I am typing the keyboard seems very sensitive keeps jumping back all over the place. It an Acer Aspire V3-771G.


    I am not having much luck with my laptops. :(


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 6,163 ✭✭✭ZENER


    It might be a good idea to get rid of the virus first before moving files to the new laptop ? You may possibly transfer the virus (if one exists) to the new laptop and the problem will happen again.

    Ken


  • Banned (with Prison Access) Posts: 559 ✭✭✭Maura74


    ZENER wrote: »
    It might be a good idea to get rid of the virus first before moving files to the new laptop ? You may possibly transfer the virus (if one exists) to the new laptop and the problem will happen again.

    Ken

    I think I possibly tranfer the viru to the new laptop,

    I have ran the scan you left kindly put on and this is the results.

    OTL logfile created on: 5/5/2013 3:53:52 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\emily jade\Documents
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.87 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 38.99% Memory free
    5.74 Gb Paging File | 3.63 Gb Available in Paging File | 63.26% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 288.67 Gb Total Space | 18.84 Gb Free Space | 6.53% Space Free | Partition Type: NTFS

    Computer Name: EMILYJADE-VAIO | User Name: emily jade | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - File not found -- C:\Users\emily jade\My Documents\OTL.exe
    PRC - [2013/03/06 09:59:12 | 002,569,168 | ---- | M] () -- C:\ProgramData\Browser Manager\2.6.1125.80\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
    PRC - [2012/12/18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/09/11 17:13:04 | 000,271,808 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.287\SSScheduler.exe
    PRC - [2011/06/22 18:01:18 | 001,550,136 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
    PRC - [2011/06/22 18:01:18 | 000,870,200 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    PRC - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    PRC - [2010/10/04 19:03:01 | 000,026,624 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe
    PRC - [2010/05/07 11:32:02 | 000,205,168 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
    PRC - [2009/09/16 14:27:12 | 000,480,624 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
    PRC - [2009/07/28 00:58:40 | 000,091,432 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
    PRC - [2009/07/28 00:58:38 | 000,427,304 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
    PRC - [2009/07/28 00:58:38 | 000,075,048 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
    PRC - [2009/07/28 00:58:38 | 000,070,952 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
    PRC - [2009/07/28 00:58:36 | 000,120,104 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
    PRC - [2009/07/28 00:58:36 | 000,099,624 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
    PRC - [2009/07/23 18:39:38 | 000,313,264 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    PRC - [2009/07/23 18:39:36 | 000,206,336 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    PRC - [2009/07/22 23:03:04 | 000,642,920 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
    PRC - [2009/07/01 19:49:34 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
    PRC - [2009/06/05 03:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2009/06/05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2009/05/26 17:23:14 | 000,317,288 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/03/06 09:59:12 | 002,569,168 | ---- | M] () -- C:\ProgramData\Browser Manager\2.6.1125.80\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
    MOD - [2013/03/06 09:57:59 | 002,232,272 | ---- | M] () -- C:\ProgramData\Browser Manager\2.6.1125.80\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
    MOD - [2013/02/14 10:48:40 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\76b9eaaf6cc4f694b106ee2736ac8794\System.ServiceProcess.ni.dll
    MOD - [2013/02/14 10:47:57 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e725ddb8dc1e79aff399e60abdbd5b27\System.Windows.Forms.ni.dll
    MOD - [2013/02/14 10:46:19 | 007,974,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\77a07993bb64c368c0a5a179442dea17\System.ni.dll
    MOD - [2013/01/15 23:07:10 | 005,459,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\243af92f285d5af658541c5104a8c6cd\System.Xml.ni.dll
    MOD - [2013/01/15 23:07:01 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f6f9cfcf7013f8a19e4513690c06dbc2\System.Configuration.ni.dll
    MOD - [2013/01/10 00:53:42 | 001,596,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4a288a2fef70f78ed68866aad6beb76a\System.Drawing.ni.dll
    MOD - [2013/01/10 00:52:57 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll
    MOD - [2012/06/06 19:31:36 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll
    MOD - [2011/06/14 19:27:46 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2012/10/26 10:44:28 | 001,286,784 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Update\VUAgent.exe -- (VUAgent)
    SRV:64bit: - [2009/09/16 14:27:12 | 000,480,624 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
    SRV:64bit: - [2009/09/01 22:42:00 | 000,361,840 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
    SRV:64bit: - [2009/07/24 05:34:31 | 000,189,984 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
    SRV:64bit: - [2009/07/16 17:36:56 | 000,411,496 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
    SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/06/18 02:50:30 | 000,110,888 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
    SRV - [2013/03/15 15:44:31 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/03/08 11:34:36 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/03/06 09:59:12 | 002,569,168 | ---- | M] () [Auto | Running] -- C:\ProgramData\Browser Manager\2.6.1125.80\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager)
    SRV - [2012/12/18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/09/11 17:12:18 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.287\McCHSvc.exe -- (McComponentHostService)
    SRV - [2011/06/22 18:01:18 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
    SRV - [2011/02/28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2010/05/07 11:32:02 | 000,205,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/07/31 21:09:12 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
    SRV - [2009/07/28 00:58:40 | 000,091,432 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
    SRV - [2009/07/28 00:58:38 | 000,427,304 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
    SRV - [2009/07/28 00:58:38 | 000,075,048 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
    SRV - [2009/07/28 00:58:38 | 000,070,952 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
    SRV - [2009/07/28 00:58:36 | 000,120,104 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
    SRV - [2009/07/23 18:39:38 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
    SRV - [2009/07/23 18:39:38 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
    SRV - [2009/07/23 18:39:36 | 000,206,336 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
    SRV - [2009/07/22 23:03:04 | 000,642,920 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
    SRV - [2009/06/26 19:25:36 | 000,362,992 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
    SRV - [2009/06/26 19:25:24 | 000,313,840 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
    SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/06/05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
    SRV - [2009/02/07 01:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/05/04 12:38:53 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\25504267.sys -- (25504267)
    DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2012/03/01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/06/22 18:01:32 | 000,064,272 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
    DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 14:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 14:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/11/07 08:22:22 | 007,370,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/08/31 13:32:44 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpdispm.sys -- (RDPDISPM)
    DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/10/05 09:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2009/08/05 02:22:40 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
    DRV:64bit: - [2009/08/03 21:06:34 | 000,250,928 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV:64bit: - [2009/07/31 21:14:14 | 000,076,288 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsn64.sys -- (risdptsk)
    DRV:64bit: - [2009/07/31 21:13:51 | 000,086,528 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssn64.sys -- (rimsptsk)
    DRV:64bit: - [2009/07/31 21:09:12 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
    DRV:64bit: - [2009/07/31 21:09:08 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
    DRV:64bit: - [2009/07/31 21:02:03 | 000,393,216 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/07/27 21:27:10 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2009/07/24 06:24:03 | 000,201,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
    DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/11 21:19:09 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
    DRV:64bit: - [2009/06/10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
    DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/06/05 02:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV - [2013/05/05 15:50:14 | 000,035,664 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C384070A-A753-4648-91E4-EF3D1CC0EAA2}\MpKslf85bc4e8.sys -- (MpKslf85bc4e8)
    DRV - [2012/10/30 09:50:19 | 000,505,720 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys -- (RapportCerberus_43926)
    DRV - [2011/06/22 18:01:32 | 000,061,200 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
    DRV - [2011/06/22 18:01:32 | 000,052,496 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
    DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,start page = about:blank
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
    IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=GB&userid=b19e2641-ac52-437d-8f94-b83de9f18111&searchtype=ds&q={searchTerms}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.babylon.com/?affID=111442&tt=120912_ccp_3912_3&babsrc=HP_ss&mntrId=be5aa53b00000000000006265efff1ad
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://search.babylon.com/?affID=111442&tt=120912_ccp_3912_3&babsrc=HP_ss&mntrId=be5aa53b00000000000006265efff1ad
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=GB&userid=b19e2641-ac52-437d-8f94-b83de9f18111&searchtype=ds&q={searchTerms}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,start page = about:blank
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C9 F0 F6 DE E8 2F CC 01 [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=GB&userid=b19e2641-ac52-437d-8f94-b83de9f18111&searchtype=ds&q={searchTerms}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=GB&userid=b19e2641-ac52-437d-8f94-b83de9f18111&searchtype=ds&q={searchTerms}
    IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=GB&userid=b19e2641-ac52-437d-8f94-b83de9f18111&searchtype=ds&q={searchTerms}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{0D86B3FA-8511-4938-B8AB-81EB7176EFD3}: "URL" = http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=111442&tt=120912_ccp_3912_3&babsrc=SP_ss&mntrId=be5aa53b00000000000006265efff1ad
    IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=U4&apn_dtid=OSJ000YYUK&apn_uid=2A0A73BE-57C7-4374-BE3A-D9CD9FD99BA4&apn_sauid=695FC0EE-FF13-442A-B231-8F235C1341F4
    IE - HKCU\..\SearchScopes\{26D124EA-59A2-4E0D-AF2A-85B5897E748B}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=&rlz=1I7SVEA_enGB400GB400
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SVEA_enGB400GB400
    IE - HKCU\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = http://search.ibryte.com/i/playbryte/search/redirect/?type=default-ie&user_id=57d6d5ea-7b42-4288-828e-23b913040d22&query={searchTerms}
    IE - HKCU\..\SearchScopes\{F1D298EF-7ADD-475F-BC5E-D3137DD11B18}: "URL" = http://services.zinio.com/search?s={selection}&rf=sonyslices
    IE - HKCU\..\SearchScopes\{F2B61BAB-9563-4DD5-8EE6-7F3C62E81B68}: "URL" = http://rover.ebay.com/rover/1/710-42480-16445-5/4?satitle={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 11:34:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/28 17:27:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 11:34:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/28 17:27:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 11:34:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/28 17:27:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 11:34:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/28 17:27:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 11:34:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/28 17:27:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 11:34:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/28 17:27:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 11:34:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/28 17:27:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 11:34:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/28 17:27:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 11:34:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/28 17:27:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 11:34:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/28 17:27:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 11:34:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/28 17:27:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 11:34:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/28 17:27:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 11:34:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/28 17:27:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 11:34:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/28 17:27:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 11:34:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/28 17:27:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 11:34:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/28 17:27:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 11:34:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/28 17:27:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 11:34:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/28 17:27:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 11:34:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/28 17:27:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 11:34:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/28 17:27:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 11:34:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/28 17:27:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 11:34:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/28 17:27:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 11:34:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/28 17:27:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 11:34:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/28 17:27:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 11:34:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/28 17:27:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 11:34:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/28 17:27:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 11:34:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/28 17:27:19 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 11:34:37 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/28 17:27:19 | 000,000,000 | ---D | M]

    [2010/10/06 13:12:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\emily jade\AppData\Roaming\Mozilla\Extensions
    [2013/05/05 12:40:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\emily jade\AppData\Roaming\Mozilla\Firefox\Profiles\czn59cx1.default\extensions
    [2013/02/13 22:59:20 | 000,000,000 | ---D | M] (Radio TV 2.1 Community Toolbar) -- C:\Users\emily jade\AppData\Roaming\Mozilla\Firefox\Profiles\czn59cx1.default\extensions\{4adc4b13-b4c2-4946-835e-c5f61fa9d8bf}
    [2013/05/05 12:40:35 | 000,000,000 | ---D | M] (FLV Runner B) -- C:\Users\emily jade\AppData\Roaming\Mozilla\Firefox\Profiles\czn59cx1.default\extensions\{6ec5b552-6d23-4e05-a153-32aa26f7d9e8}
    [2013/02/13 22:59:24 | 000,000,000 | ---D | M] (DaisyTrail Community Toolbar) -- C:\Users\emily jade\AppData\Roaming\Mozilla\Firefox\Profiles\czn59cx1.default\extensions\{8e8b08e2-2856-4b3e-85e5-fe74406796e8}
    [2012/01/12 08:20:44 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\emily jade\AppData\Roaming\Mozilla\Firefox\Profiles\czn59cx1.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
    [2010/12/27 11:42:54 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\emily jade\AppData\Roaming\Mozilla\Firefox\Profiles\czn59cx1.default\extensions\engine@conduit.com
    [2011/06/28 23:26:07 | 000,000,000 | ---D | M] (PlayBryte) -- C:\Users\emily jade\AppData\Roaming\Mozilla\Firefox\Profiles\czn59cx1.default\extensions\playbryte@playbryte.com
    [2012/04/17 12:26:41 | 000,000,000 | ---D | M] (ALOT Toolbar) -- C:\Users\emily jade\AppData\Roaming\Mozilla\Firefox\Profiles\czn59cx1.default\extensions\toolbar@alot.com
    [2012/09/12 08:14:02 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\emily jade\AppData\Roaming\Mozilla\Firefox\Profiles\czn59cx1.default\extensions\testpilot@labs.mozilla.com.xpi
    [2012/01/21 13:37:54 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\emily jade\AppData\Roaming\Mozilla\Firefox\Profiles\czn59cx1.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
    [2013/02/25 12:22:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/09/08 04:08:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
    [2012/09/08 04:08:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2012/11/15 08:02:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
    [2012/12/29 19:48:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
    [2013/05/05 15:46:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions
    [2013/05/05 15:47:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2013/05/05 15:46:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
    [2013/05/05 15:46:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2013/05/05 15:46:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
    [2013/05/05 15:46:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
    [2013/03/08 11:34:37 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/09/24 17:23:11 | 000,002,360 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    [2012/08/31 21:57:27 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2013/02/19 18:31:49 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://search.babylon.com/?affID=111442&tt=120912_ccp_3912_3&babsrc=HP_ss&mntrId=be5aa53b00000000000006265efff1ad
    CHR - Extension: No name found = C:\Users\emily jade\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaanplonkoccjbnlleoidjplmhgeahe\7.17.0.0\
    CHR - Extension: No name found = C:\Users\emily jade\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.14.33467\
    CHR - Extension: No name found = C:\Users\emily jade\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0\

    O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No CLSID value found.
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
    O4 - HKLM..\Run: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
    O4 - HKLM..\Run: [SHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe (Sony Corporation)
    O4 - Startup: C:\Users\emily jade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TalkTalk Setup CD Reporting Tool.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
    O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
    O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
    O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
    O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64CF0F58-E1EC-4D11-81A5-9DED4A2B99A1}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AACBF180-8AE6-44BB-BAFF-02CC6CABAB17}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18 - Protocol\Handler\gopher - No CLSID value found
    O20 - AppInit_DLLs: (c:\progra~3\browse~1\261125~1.80\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.6.1125.80\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{4bb7585e-b2be-11e0-a2bf-0024be7a835f}\Shell - "" = AutoRun
    O33 - MountPoints2\{4bb7585e-b2be-11e0-a2bf-0024be7a835f}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
    O33 - MountPoints2\{919771bf-b300-11e0-9f44-0024be7a835f}\Shell - "" = AutoRun
    O33 - MountPoints2\{919771bf-b300-11e0-9f44-0024be7a835f}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/05/05 15:52:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\emily jade\Documents\OTL.exe
    [2013/05/05 15:34:24 | 000,000,000 | ---D | C] -- C:\f3e93654bf47892b2268b383
    [2013/05/05 12:15:14 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
    [2013/05/05 12:14:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
    [2013/05/05 12:14:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
    [2013/05/05 12:13:17 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
    [2013/05/05 12:13:05 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2013/05/05 12:13:05 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2013/05/05 12:13:05 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2013/05/05 10:33:08 | 000,000,000 | ---D | C] -- C:\cc5f6b5cc9d14736d8054c9eb9
    [2013/05/05 10:28:58 | 000,000,000 | ---D | C] -- C:\Users\emily jade\AppData\Local\{17C894AD-1AF4-4444-9B95-70EF52D6C9DF}
    [2013/05/05 10:16:36 | 000,000,000 | ---D | C] -- C:\Users\emily jade\AppData\Local\{F62E1071-7A3E-472D-8BFF-8F7A88435930}
    [2013/05/05 10:09:24 | 000,000,000 | ---D | C] -- C:\Users\emily jade\AppData\Local\{AE6CE9C5-E4B3-4BCF-9A7C-B9C79471A36C}
    [2013/04/12 08:42:14 | 000,000,000 | ---D | C] -- C:\Users\emily jade\AppData\Local\{EA979D0D-E2B5-48BA-BFF9-F00823AA4157}
    [2013/04/12 08:34:37 | 000,000,000 | ---D | C] -- C:\Users\emily jade\AppData\Local\{2411331E-B34C-480F-9F06-F0FC6D51D466}
    [2013/04/11 18:34:27 | 000,000,000 | ---D | C] -- C:\Users\emily jade\AppData\Local\{8AD9935B-BC83-43D3-B4BD-4E40D93A35AC}
    [2013/04/10 14:28:39 | 005,497,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2013/04/10 14:28:36 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
    [2013/04/10 14:28:35 | 003,958,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
    [2013/04/10 14:28:35 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
    [2013/04/10 14:28:35 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
    [2013/04/10 14:28:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
    [2013/04/10 14:09:53 | 000,000,000 | ---D | C] -- C:\Users\emily jade\AppData\Local\{9A2B2F43-F6A9-423E-B840-BD85D047EB71}
    [2013/04/10 13:59:18 | 000,000,000 | ---D | C] -- C:\Users\emily jade\AppData\Local\{D60423F4-9E73-427B-A61A-890884DD13B9}
    [2013/04/05 22:24:02 | 000,000,000 | ---D | C] -- C:\Users\emily jade\AppData\Local\{224DEF0C-E181-4B36-B429-9D8B41F6EBA1}
    [2013/04/05 22:15:52 | 000,000,000 | ---D | C] -- C:\Users\emily jade\AppData\Local\{4CCE9CBC-CC34-45D1-85F8-6D3A686A017B}
    [2013/04/05 21:55:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
    [2013/04/05 16:08:25 | 000,000,000 | ---D | C] -- C:\Users\emily jade\Desktop\2013-04-05 page 2 of my letter to toghill
    [2013/04/05 16:02:24 | 000,000,000 | ---D | C] -- C:\Users\emily jade\Documents\2013-04-05 page 2 toghill letter
    [2010/12/29 10:32:08 | 000,463,520 | ---- | C] (Corel) -- C:\Program Files (x86)\Common Files\AppFramework.dll
    [2010/12/29 10:32:08 | 000,330,400 | ---- | C] (Corel) -- C:\Program Files (x86)\Common Files\MediaOrganizer.dll
    [2010/12/29 10:32:08 | 000,031,392 | ---- | C] (Corel-V1E) -- C:\Program Files (x86)\Common Files\FlickrProvider.dll
    [3 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/05/05 16:03:02 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cdacb98c81fa45.job
    [2013/05/05 15:56:47 | 000,010,432 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/05/05 15:56:47 | 000,010,432 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/05/05 15:53:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\emily jade\Documents\OTL.exe
    [2013/05/05 15:42:05 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cdacb9893c15e5.job
    [2013/05/05 15:41:49 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
    [2013/05/05 15:41:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/05/05 15:41:21 | 2311,335,936 | -HS- | M] () -- C:\hiberfil.sys
    [2013/05/05 12:14:58 | 000,002,166 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    [2013/05/05 12:12:50 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2013/05/05 12:12:46 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
    [2013/05/05 12:12:46 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2013/05/05 12:12:45 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2013/05/05 12:12:44 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
    [2013/05/05 12:12:44 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
    [2013/05/05 11:03:10 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
    [2013/04/12 08:48:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/04/05 16:38:16 | 000,420,866 | ---- | M] () -- C:\Users\emily jade\Documents\itmised talk bill.jpg
    [3 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/05/05 12:14:58 | 000,002,166 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    [2013/05/05 11:03:10 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
    [2013/04/05 16:38:16 | 000,420,866 | ---- | C] () -- C:\Users\emily jade\Documents\itmised talk bill.jpg
    [2013/01/09 11:46:50 | 000,399,031 | ---- | C] () -- C:\Users\emily jade\reply from Toghill 001.jpg
    [2012/08/22 16:56:40 | 000,764,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/06/10 21:49:45 | 000,001,320 | ---- | C] () -- C:\Users\emily jade\AppData\Local\recently-used.xbel
    [2012/06/10 19:20:20 | 000,017,408 | ---- | C] () -- C:\Users\emily jade\AppData\Local\WebpageIcons.db
    [2012/05/07 10:40:57 | 133,615,528 | ---- | C] () -- C:\Program Files (x86)\setup_11.0.0.1245.x01_2012_05_04_11_39.exe
    [2012/01/12 09:45:42 | 000,159,948 | ---- | C] () -- C:\Windows\hpoins28.dat
    [2012/01/12 09:45:42 | 000,000,932 | ---- | C] () -- C:\Windows\hpomdl28.dat
    [2012/01/12 09:37:20 | 000,159,948 | ---- | C] () -- C:\Windows\hpoins28.dat.temp
    [2012/01/12 09:37:20 | 000,000,932 | ---- | C] () -- C:\Windows\hpomdl28.dat.temp
    [2012/01/05 23:08:15 | 000,000,221 | ---- | C] () -- C:\ProgramData\MusicStation.xml
    [2011/09/28 11:37:44 | 000,000,166 | ---- | C] () -- C:\Users\emily jade\_cb0.27F6FDB8_A4FC_4C30_A77C_2ED412777580
    [2011/09/13 21:37:10 | 000,000,796 | ---- | C] () -- C:\Users\emily jade\AppData\Roaming\wklnhst.dat
    [2011/05/07 13:10:27 | 000,000,000 | ---- | C] () -- C:\Users\emily jade\AppData\Local\{74BC1C7A-A73C-4C3A-9D9D-9623B9F2DAA8}
    [2011/01/26 21:12:32 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/12/29 20:20:43 | 000,148,195 | ---- | C] () -- C:\Program Files (x86)\Common Files\BookViewer.xap
    [2010/12/29 10:32:08 | 000,401,056 | ---- | C] () -- C:\Program Files (x86)\Common Files\facebook.dll
    [2010/12/29 10:32:08 | 000,128,672 | ---- | C] () -- C:\Program Files (x86)\Common Files\PluginCommon.dll
    [2010/10/21 18:27:22 | 000,000,008 | RHS- | C] () -- C:\ProgramData\08FB4FDDDC.sys
    [2010/10/06 19:18:45 | 000,056,320 | ---- | C] () -- C:\Users\emily jade\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/10/06 13:17:19 | 000,005,642 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

    ========== ZeroAccess Check ==========

    [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== Files - Unicode (All) ==========
    [2013/02/19 09:15:34 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\ᯗ森
    [2013/02/19 09:15:34 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\ᯗ森

    < End of report >

    OTL Extras logfile created on: 5/5/2013 3:53:52 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\emily jade\Documents
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.87 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 38.99% Memory free
    5.74 Gb Paging File | 3.63 Gb Available in Paging File | 63.26% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 288.67 Gb Total Space | 18.84 Gb Free Space | 6.53% Space Free | Partition Type: NTFS

    Computer Name: EMILYJADE-VAIO | User Name: emily jade | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval"


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    looks grand

    you want to remove babylon ?


  • Banned (with Prison Access) Posts: 559 ✭✭✭Maura74


    ASJ112 wrote: »
    looks grand

    you want to remove babylon ?

    Thanks Ken for your help.

    I removed babylon and got it working OK and was running using Microsoft essentials because my protection Kaspersky had expired. Therefore I purchased another Kaspersky 2013 Antivirus earlier for my new laptop, but when I loaded it on my old laptop it all went haywire again.

    I worked on it gain and thought I got it back minus virus and tried to load Kaspersky again but this time it asked to me to remove Microsoft essentials as it would conflict with their anti-virus. I then went into Kaspersky instruction on their disk and view a list of incompatible anti-virus software that would be in conflict with their one and found that all windows essential would be in conflict with their one.

    I decided not run Kaspersky and now just running Microsoft essentials on my old laptop and is working OK.

    My new Acer laptop has a concern for me now with windows 8 preloaded on it. After I purchased and installed Kaspersky anti-virus 2013. I decided to check up Microsoft essential defender etc., and found that it was already been installed on Windows 8 as default.

    I have been getting a tool bar called Delta that was very difficult to remove (just like I had with babylon tool bar on my old laptop) I removed Delta from the control panel on Acer but it shows up again some times when I do some explorer searches. I think I will keep a look out for when doing searches on explorer and if it keeps happening then I will remove Kaspersky as it may be in conflict with it windows essentials. Or Perhaps I should remove Kaspersky now as it may cause damage to my new Acer computer.

    Have you got any thoughts on this please.

    Many thanks Maura.


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    If you want to remove delta, run this program, should do it

    http://www.bleepingcomputer.com/download/adwcleaner/


    You need to be careful installing security programs as they will conflict. Kaspersky is the best though, if the machine is sluggish there could be a conflict.


Advertisement