Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Something to worry about or not?

  • 20-07-2015 7:47pm
    #1
    Registered Users Posts: 15,696 ✭✭✭✭


    Just after starting my computer and the attached image popped up on screen. Can anyone shed any light on it?

    Thanks


Comments

  • Registered Users Posts: 840 ✭✭✭jsa112


    possibly, run this, don't attach the logs


    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Quick Scan button. Do not change any settings. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files here


  • Registered Users Posts: 15,696 ✭✭✭✭y0ssar1an22


    OTL logfile created on: 7/20/2015 8:57:51 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rory\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.17914)
    Locale: 00000409 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    3.93 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 61.25% Memory free
    7.87 Gb Paging File | 5.98 Gb Available in Paging File | 75.99% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 286.69 Gb Total Space | 88.52 Gb Free Space | 30.88% Space Free | Partition Type: NTFS

    Computer Name: RORY-PC | User Name: Rory | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2015/07/20 20:57:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rory\Desktop\OTL.exe
    PRC - [2015/07/07 20:12:28 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/09/06 18:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    PRC - [2010/03/04 03:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2010/03/04 03:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2009/10/01 05:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2009/10/01 05:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2009/07/22 15:52:12 | 002,384,896 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe


    ========== Modules (No Company Name) ==========

    MOD - [2015/05/16 04:26:09 | 002,297,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\63e9d5c341d64a753cde97f5a3d65c71\System.Core.ni.dll
    MOD - [2015/05/13 22:30:53 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b3eb55fa5864a2fc7accbbbbe7fa7246\PresentationFramework.Aero.ni.dll
    MOD - [2015/05/13 22:29:55 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ea543310204d0addfaf9792d820e958d\PresentationFramework.ni.dll
    MOD - [2015/05/13 22:29:29 | 012,438,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6949c4470a81970ec3de0a575d93babc\System.Windows.Forms.ni.dll
    MOD - [2015/05/13 22:29:14 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5a401fd2a7689ff13fb54182953f9c40\System.Drawing.ni.dll
    MOD - [2015/05/13 22:29:09 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\007fc007edc388d9806dff94ee04f129\System.Configuration.ni.dll
    MOD - [2015/05/13 22:28:47 | 012,254,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\ef204c8310562595a0518e356fb15387\PresentationCore.ni.dll
    MOD - [2015/05/13 22:28:36 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1c3513960037508558358652f2d202a1\WindowsBase.ni.dll
    MOD - [2015/04/15 19:41:44 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0967cf5c31691f38d013263304d2dacb\System.Runtime.Remoting.ni.dll
    MOD - [2014/10/16 08:24:28 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\2ca8cdf617184cf813f8777f0db6b7a7\System.Xml.ni.dll
    MOD - [2014/10/16 08:23:04 | 007,991,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll
    MOD - [2014/09/10 08:16:25 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
    MOD - [2009/07/22 15:52:12 | 002,384,896 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe


    ========== Services (SafeList) ==========

    SRV:64bit: - [2015/06/20 20:34:46 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
    SRV:64bit: - [2015/05/25 19:19:13 | 001,255,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
    SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2010/07/31 14:14:45 | 009,390,440 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
    SRV:64bit: - [2010/01/22 09:01:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2009/12/14 22:28:54 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2009/11/02 19:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
    SRV:64bit: - [2009/07/17 18:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
    SRV:64bit: - [2009/03/03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\AESTSr64.exe -- (AESTFilters)
    SRV - [2015/07/07 20:12:28 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2014/12/11 10:30:48 | 000,315,496 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2014/03/20 23:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2013/12/11 03:34:44 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/10/16 01:30:02 | 005,175,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2013/07/26 23:46:24 | 000,563,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
    SRV - [2011/08/18 16:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Stopped] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
    SRV - [2010/07/07 10:56:58 | 001,461,064 | ---- | M] (Wisair Ltd.) [Auto | Running] -- C:\Program Files (x86)\Wireless USB\Components\Association\CableAssociation.exe -- (CableAssociation)
    SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2010/03/04 03:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2009/12/14 22:28:54 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\STacSV64.exe -- (STacSV)
    SRV - [2009/10/01 05:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2009/10/01 05:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2009/06/23 23:02:42 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe -- (InstallFilterService)
    SRV - [2009/03/03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\AESTSr64.exe -- (AESTFilters)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2014/11/04 01:33:14 | 000,384,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
    DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/12/10 04:28:34 | 000,127,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
    DRV:64bit: - [2012/11/08 04:49:24 | 000,307,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2012/05/16 16:38:35 | 000,017,408 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DisplayLinkUsbPort_5.4.26772.0.sys -- (DisplayLinkUsbPort)
    DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
    DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2012/01/05 00:01:54 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
    DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
    DRV:64bit: - [2011/08/11 00:20:26 | 000,091,864 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
    DRV:64bit: - [2011/07/29 13:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
    DRV:64bit: - [2011/07/29 13:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/08/05 14:35:14 | 000,165,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSR_RCI.SYS -- (HWARadio)
    DRV:64bit: - [2010/08/05 14:34:54 | 000,570,880 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSR_DWA.SYS -- (DWA)
    DRV:64bit: - [2010/08/05 14:34:12 | 000,947,200 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSR_HWA.SYS -- (hwa)
    DRV:64bit: - [2010/07/31 14:15:12 | 000,199,280 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dlkmd.sys -- (dlkmd)
    DRV:64bit: - [2010/07/31 14:15:12 | 000,013,936 | ---- | M] (DisplayLink Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\dlkmdldr.sys -- (dlkmdldr)
    DRV:64bit: - [2010/07/29 00:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
    DRV:64bit: - [2010/07/21 15:47:14 | 000,052,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSR_TBF.sys -- (DLCopyFilter)
    DRV:64bit: - [2010/07/12 19:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2010/07/01 14:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
    DRV:64bit: - [2010/06/23 15:20:44 | 000,189,952 | ---- | M] (Hauppauge, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcwhdpvr.sys -- (hcwhdpvr)
    DRV:64bit: - [2010/05/10 11:03:46 | 000,048,640 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSR_USF.sys -- (WSR_USF)
    DRV:64bit: - [2010/03/04 03:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/01/22 09:13:24 | 006,233,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2010/01/22 09:13:24 | 006,233,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
    DRV:64bit: - [2010/01/22 08:07:56 | 000,161,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2009/12/14 22:28:54 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2009/11/02 19:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
    DRV:64bit: - [2009/09/30 18:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV:64bit: - [2009/09/17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
    DRV:64bit: - [2009/08/24 20:20:22 | 000,285,744 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2009/08/21 09:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/07/24 23:13:02 | 000,023,912 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Acceler.sys -- (Acceler)
    DRV:64bit: - [2009/07/23 19:57:48 | 000,018,792 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdflt.sys -- (stdflt)
    DRV:64bit: - [2009/07/17 18:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
    DRV:64bit: - [2009/07/17 18:06:16 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/05 04:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
    DRV:64bit: - [2009/07/02 17:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
    DRV:64bit: - [2009/07/02 03:31:58 | 000,080,896 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
    DRV:64bit: - [2009/06/26 02:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
    DRV:64bit: - [2009/06/26 01:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
    DRV:64bit: - [2009/06/26 01:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
    DRV:64bit: - [2009/06/15 20:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
    DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2008/12/26 12:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer)
    DRV:64bit: - [2007/05/14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
    DRV:64bit: - [2007/02/16 14:42:28 | 000,022,528 | ---- | M] (Christian Diefer) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\fanio.sys -- (fanio)
    DRV:64bit: - [2006/11/01 19:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2011/07/29 13:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
    DRV - [2011/07/29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
    DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ie.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-IE
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8E BF BE C2 04 AD CE 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@winzip.com/Winzip Courier: C:\Program Files (x86)\WinZip Courier\npwzwmc.dll (WinZip Computing, S.L.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@alibaba.com/npAliSSOLogin;version=1.0: C:\Program Files (x86)\Trademanager\npAliSSOLogin.dll (Alibaba software (Shanghai) Corporation.)
    FF - HKCU\Software\MozillaPlugins\{@alibaba.com/alisetup;version=1.0}: C:\Users\Rory\AppData\Local\Alibaba\AliSetup\0.1.0.52\npAliSetupOneClick.dll (alibaba)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2015/07/11 19:13:42 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{74c841e3-b59f-479e-8d7a-e26a942a87c8}: C:\Program Files (x86)\WinZip Courier\FFExt [2011/08/23 14:30:20 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2015/07/11 19:13:42 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/11/23 19:56:29 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/11/23 19:56:29 | 000,000,000 | ---D | M]

    [2011/08/11 13:18:12 | 000,128,960 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
    [2011/08/11 00:16:34 | 000,096,192 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
    [2011/08/11 13:18:30 | 000,092,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
    [2011/08/11 13:18:08 | 000,022,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
    [2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2011/08/11 13:19:38 | 000,436,136 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
    [2012/05/31 10:16:36 | 000,108,576 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\nptrademanager.dll
    [2011/08/11 00:16:34 | 000,024,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll

    ========== Chrome ==========

    CHR - Extension: No name found = C:\Users\Rory\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
    CHR - Extension: No name found = C:\Users\Rory\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.0_0\
    CHR - Extension: No name found = C:\Users\Rory\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
    CHR - Extension: No name found = C:\Users\Rory\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\
    CHR - Extension: No name found = C:\Users\Rory\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.36.2_0\
    CHR - Extension: No name found = C:\Users\Rory\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_0\
    CHR - Extension: No name found = C:\Users\Rory\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\
    CHR - Extension: No name found = C:\Users\Rory\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\

    O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
    O2:64bit: - BHO: (no name) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - No CLSID value found.
    O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (WinZip Courier BHO) - {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\Program Files (x86)\WinZip Courier\wzwmcie.dll (WinZip Computing, S.L.)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
    O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()
    O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [WirelessUSBManager] C:\Program Files (x86)\Wireless USB\Components\WirelessUSBManager\WirelessUSBManager.exe (Wisair Ltd.)
    O4 - HKCU..\Run: [AdobeBridge] File not found
    O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
    O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: alipay.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: alipay.com ([]https in Trusted sites)
    O15 - HKCU\..Trusted Domains: alisoft.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: alisoft.com ([]https in Trusted sites)
    O15 - HKCU\..Trusted Domains: taobao.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: taobao.com ([]https in Trusted sites)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.7.2)
    O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 10.9.2)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 10.9.2)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.101.160.5 89.101.160.4
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47C2517D-3DF6-49C8-8159-D199B8C6EEDB}: DhcpNameServer = 89.101.160.5 89.101.160.4
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79D25402-CF35-4816-8AEA-4720882FEB91}: DhcpNameServer = 89.101.160.5 89.101.160.4
    O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\ms-help - No CLSID value found
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
    O18:64bit: - Protocol\Filter\ica - No CLSID value found
    O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{7a80a03f-f7b1-11e0-a88d-b8ac6f76e227}\Shell - "" = AutoRun
    O33 - MountPoints2\{7a80a03f-f7b1-11e0-a88d-b8ac6f76e227}\Shell\AutoRun\command - "" = E:\DTVP_Launcher.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2015/07/20 20:57:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Rory\Desktop\OTL.exe
    [2015/07/20 20:48:59 | 000,000,000 | ---D | C] -- C:\Users\Rory\Desktop\True.Detective.S02E05.HDTV.x264-ASAP[ettv]
    [2015/07/20 20:48:28 | 000,000,000 | ---D | C] -- C:\Users\Rory\Desktop\The.Strain.S02E02.720p.HDTV.x264-KILLERS[rarbg]
    [2015/07/13 21:26:20 | 000,000,000 | ---D | C] -- C:\Users\Rory\Desktop\True.Detective.S02E04.HDTV.x264-ASAP[ettv]
    [2015/07/13 21:26:07 | 000,000,000 | ---D | C] -- C:\Users\Rory\Desktop\The.Strain.S02E01.HDTV.x264-KILLERS[rarbg]
    [2015/07/08 22:40:35 | 000,000,000 | ---D | C] -- C:\Users\Rory\AppData\Local\Avg2015
    [2015/07/08 22:39:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AV
    [2015/07/08 22:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2015
    [7 C:\Users\Rory\Desktop\*.tmp files -> C:\Users\Rory\Desktop\*.tmp -> ]
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Users\Rory\*.tmp files -> C:\Users\Rory\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2015/07/20 20:57:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rory\Desktop\OTL.exe
    [2015/07/20 20:52:22 | 000,022,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2015/07/20 20:52:22 | 000,022,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2015/07/20 20:43:52 | 000,023,207 | ---- | M] () -- C:\Users\Rory\Desktop\Untitled.png
    [2015/07/20 20:41:50 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2015/07/20 20:41:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2015/07/20 20:41:12 | 3168,165,888 | -HS- | M] () -- C:\hiberfil.sys
    [2015/07/19 23:27:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2015/07/19 12:22:41 | 000,025,567 | ---- | M] () -- C:\Users\Rory\Desktop\[kat.cr.prx.websiteproxy.co.uk.prx.websiteproxy.co.uk]power.2014.s02e06.hdtv.x264.asap.rartv.torrent
    [2015/07/19 09:06:25 | 005,030,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2015/07/18 21:22:02 | 000,018,082 | ---- | M] () -- C:\Users\Rory\Desktop\[kat.cr.prx.websiteproxy.co.uk.prx.websiteproxy.co.uk]wayward.pines.s01e09.hdtv.x264.lol.ettv.torrent
    [2015/07/08 22:32:08 | 186,296,034 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
    [2015/07/04 12:14:01 | 000,736,104 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2015/07/04 12:14:01 | 000,634,746 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2015/07/04 12:14:01 | 000,114,114 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2015/06/24 22:06:17 | 000,002,285 | ---- | M] () -- C:\Users\Rory\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [7 C:\Users\Rory\Desktop\*.tmp files -> C:\Users\Rory\Desktop\*.tmp -> ]
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Users\Rory\*.tmp files -> C:\Users\Rory\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2015/07/20 20:43:52 | 000,023,207 | ---- | C] () -- C:\Users\Rory\Desktop\Untitled.png
    [2015/07/19 12:22:41 | 000,025,567 | ---- | C] () -- C:\Users\Rory\Desktop\[kat.cr.prx.websiteproxy.co.uk.prx.websiteproxy.co.uk]power.2014.s02e06.hdtv.x264.asap.rartv.torrent
    [2015/07/18 21:22:02 | 000,018,082 | ---- | C] () -- C:\Users\Rory\Desktop\[kat.cr.prx.websiteproxy.co.uk.prx.websiteproxy.co.uk]wayward.pines.s01e09.hdtv.x264.lol.ettv.torrent
    [2014/07/11 21:32:15 | 000,003,584 | ---- | C] () -- C:\Users\Rory\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2014/04/01 09:51:53 | 000,000,180 | ---- | C] () -- C:\Users\Rory\AppData\Roaming\COPA_Last_Connected_Device.ini
    [2014/04/01 09:45:48 | 000,000,098 | ---- | C] () -- C:\Users\Rory\AppData\Roaming\SDC_Path.ini
    [2014/02/26 17:01:41 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2014/02/25 13:20:26 | 000,771,420 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2014/01/21 15:13:53 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
    [2011/06/24 04:22:41 | 000,007,639 | ---- | C] () -- C:\Users\Rory\AppData\Local\Resmon.ResmonCfg
    [2010/12/21 23:09:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

    ========== ZeroAccess Check ==========

    [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2015/02/13 06:22:33 | 014,177,280 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2015/02/13 06:26:18 | 012,875,264 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2013/08/22 08:49:36 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Alibaba
    [2015/04/03 02:04:51 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Audacity
    [2012/04/19 10:04:46 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\AVG
    [2015/07/11 19:13:44 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\AVG2012
    [2014/08/24 11:58:06 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Avnex
    [2013/10/13 08:38:50 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\calibre
    [2012/02/13 15:20:32 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Datel
    [2014/03/07 12:52:34 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\EDrawings
    [2011/03/20 14:11:12 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\eTeks
    [2012/02/13 15:22:25 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\ICAClient
    [2013/03/21 16:03:07 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\LolClient
    [2012/02/11 07:58:50 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Manue
    [2013/04/14 23:09:59 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Opera
    [2010/12/23 23:46:04 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Publish Providers
    [2014/08/23 13:42:54 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\REAPER
    [2014/08/21 20:52:11 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Screaming Bee
    [2012/02/13 15:20:33 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Sony
    [2013/06/22 10:10:18 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Sports Interactive
    [2013/02/08 00:09:43 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\SystemRequirementsLab
    [2012/05/23 12:34:36 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\TuneUp Software
    [2015/07/19 12:28:41 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\uTorrent
    [2012/02/11 07:58:50 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Wea

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4

    < End of report >


  • Registered Users Posts: 15,696 ✭✭✭✭y0ssar1an22


    OTL logfile created on: 7/20/2015 8:57:51 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rory\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.17914)
    Locale: 00000409 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    3.93 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 61.25% Memory free
    7.87 Gb Paging File | 5.98 Gb Available in Paging File | 75.99% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 286.69 Gb Total Space | 88.52 Gb Free Space | 30.88% Space Free | Partition Type: NTFS

    Computer Name: RORY-PC | User Name: Rory | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2015/07/20 20:57:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rory\Desktop\OTL.exe
    PRC - [2015/07/07 20:12:28 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/09/06 18:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    PRC - [2010/03/04 03:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2010/03/04 03:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2009/10/01 05:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2009/10/01 05:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2009/07/22 15:52:12 | 002,384,896 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe


    ========== Modules (No Company Name) ==========

    MOD - [2015/05/16 04:26:09 | 002,297,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\63e9d5c341d64a753cde97f5a3d65c71\System.Core.ni.dll
    MOD - [2015/05/13 22:30:53 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b3eb55fa5864a2fc7accbbbbe7fa7246\PresentationFramework.Aero.ni.dll
    MOD - [2015/05/13 22:29:55 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ea543310204d0addfaf9792d820e958d\PresentationFramework.ni.dll
    MOD - [2015/05/13 22:29:29 | 012,438,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6949c4470a81970ec3de0a575d93babc\System.Windows.Forms.ni.dll
    MOD - [2015/05/13 22:29:14 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5a401fd2a7689ff13fb54182953f9c40\System.Drawing.ni.dll
    MOD - [2015/05/13 22:29:09 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\007fc007edc388d9806dff94ee04f129\System.Configuration.ni.dll
    MOD - [2015/05/13 22:28:47 | 012,254,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\ef204c8310562595a0518e356fb15387\PresentationCore.ni.dll
    MOD - [2015/05/13 22:28:36 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1c3513960037508558358652f2d202a1\WindowsBase.ni.dll
    MOD - [2015/04/15 19:41:44 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0967cf5c31691f38d013263304d2dacb\System.Runtime.Remoting.ni.dll
    MOD - [2014/10/16 08:24:28 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\2ca8cdf617184cf813f8777f0db6b7a7\System.Xml.ni.dll
    MOD - [2014/10/16 08:23:04 | 007,991,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll
    MOD - [2014/09/10 08:16:25 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
    MOD - [2009/07/22 15:52:12 | 002,384,896 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe


    ========== Services (SafeList) ==========

    SRV:64bit: - [2015/06/20 20:34:46 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
    SRV:64bit: - [2015/05/25 19:19:13 | 001,255,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
    SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2010/07/31 14:14:45 | 009,390,440 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
    SRV:64bit: - [2010/01/22 09:01:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2009/12/14 22:28:54 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2009/11/02 19:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
    SRV:64bit: - [2009/07/17 18:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
    SRV:64bit: - [2009/03/03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\AESTSr64.exe -- (AESTFilters)
    SRV - [2015/07/07 20:12:28 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2014/12/11 10:30:48 | 000,315,496 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2014/03/20 23:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2013/12/11 03:34:44 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/10/16 01:30:02 | 005,175,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2013/07/26 23:46:24 | 000,563,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
    SRV - [2011/08/18 16:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Stopped] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
    SRV - [2010/07/07 10:56:58 | 001,461,064 | ---- | M] (Wisair Ltd.) [Auto | Running] -- C:\Program Files (x86)\Wireless USB\Components\Association\CableAssociation.exe -- (CableAssociation)
    SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2010/03/04 03:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2009/12/14 22:28:54 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\STacSV64.exe -- (STacSV)
    SRV - [2009/10/01 05:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2009/10/01 05:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2009/06/23 23:02:42 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe -- (InstallFilterService)
    SRV - [2009/03/03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\AESTSr64.exe -- (AESTFilters)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2014/11/04 01:33:14 | 000,384,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
    DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/12/10 04:28:34 | 000,127,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
    DRV:64bit: - [2012/11/08 04:49:24 | 000,307,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2012/05/16 16:38:35 | 000,017,408 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DisplayLinkUsbPort_5.4.26772.0.sys -- (DisplayLinkUsbPort)
    DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
    DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2012/01/05 00:01:54 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
    DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
    DRV:64bit: - [2011/08/11 00:20:26 | 000,091,864 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
    DRV:64bit: - [2011/07/29 13:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
    DRV:64bit: - [2011/07/29 13:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/08/05 14:35:14 | 000,165,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSR_RCI.SYS -- (HWARadio)
    DRV:64bit: - [2010/08/05 14:34:54 | 000,570,880 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSR_DWA.SYS -- (DWA)
    DRV:64bit: - [2010/08/05 14:34:12 | 000,947,200 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSR_HWA.SYS -- (hwa)
    DRV:64bit: - [2010/07/31 14:15:12 | 000,199,280 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dlkmd.sys -- (dlkmd)
    DRV:64bit: - [2010/07/31 14:15:12 | 000,013,936 | ---- | M] (DisplayLink Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\dlkmdldr.sys -- (dlkmdldr)
    DRV:64bit: - [2010/07/29 00:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
    DRV:64bit: - [2010/07/21 15:47:14 | 000,052,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSR_TBF.sys -- (DLCopyFilter)
    DRV:64bit: - [2010/07/12 19:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2010/07/01 14:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
    DRV:64bit: - [2010/06/23 15:20:44 | 000,189,952 | ---- | M] (Hauppauge, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcwhdpvr.sys -- (hcwhdpvr)
    DRV:64bit: - [2010/05/10 11:03:46 | 000,048,640 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSR_USF.sys -- (WSR_USF)
    DRV:64bit: - [2010/03/04 03:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/01/22 09:13:24 | 006,233,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2010/01/22 09:13:24 | 006,233,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
    DRV:64bit: - [2010/01/22 08:07:56 | 000,161,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2009/12/14 22:28:54 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2009/11/02 19:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
    DRV:64bit: - [2009/09/30 18:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV:64bit: - [2009/09/17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
    DRV:64bit: - [2009/08/24 20:20:22 | 000,285,744 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2009/08/21 09:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/07/24 23:13:02 | 000,023,912 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Acceler.sys -- (Acceler)
    DRV:64bit: - [2009/07/23 19:57:48 | 000,018,792 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdflt.sys -- (stdflt)
    DRV:64bit: - [2009/07/17 18:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
    DRV:64bit: - [2009/07/17 18:06:16 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/05 04:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
    DRV:64bit: - [2009/07/02 17:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
    DRV:64bit: - [2009/07/02 03:31:58 | 000,080,896 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
    DRV:64bit: - [2009/06/26 02:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
    DRV:64bit: - [2009/06/26 01:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
    DRV:64bit: - [2009/06/26 01:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
    DRV:64bit: - [2009/06/15 20:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
    DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2008/12/26 12:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer)
    DRV:64bit: - [2007/05/14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
    DRV:64bit: - [2007/02/16 14:42:28 | 000,022,528 | ---- | M] (Christian Diefer) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\fanio.sys -- (fanio)
    DRV:64bit: - [2006/11/01 19:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2011/07/29 13:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
    DRV - [2011/07/29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
    DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ie.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-IE
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8E BF BE C2 04 AD CE 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@winzip.com/Winzip Courier: C:\Program Files (x86)\WinZip Courier\npwzwmc.dll (WinZip Computing, S.L.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@alibaba.com/npAliSSOLogin;version=1.0: C:\Program Files (x86)\Trademanager\npAliSSOLogin.dll (Alibaba software (Shanghai) Corporation.)
    FF - HKCU\Software\MozillaPlugins\{@alibaba.com/alisetup;version=1.0}: C:\Users\Rory\AppData\Local\Alibaba\AliSetup\0.1.0.52\npAliSetupOneClick.dll (alibaba)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2015/07/11 19:13:42 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{74c841e3-b59f-479e-8d7a-e26a942a87c8}: C:\Program Files (x86)\WinZip Courier\FFExt [2011/08/23 14:30:20 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2015/07/11 19:13:42 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/11/23 19:56:29 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/11/23 19:56:29 | 000,000,000 | ---D | M]

    [2011/08/11 13:18:12 | 000,128,960 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
    [2011/08/11 00:16:34 | 000,096,192 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
    [2011/08/11 13:18:30 | 000,092,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
    [2011/08/11 13:18:08 | 000,022,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
    [2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2011/08/11 13:19:38 | 000,436,136 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
    [2012/05/31 10:16:36 | 000,108,576 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\nptrademanager.dll
    [2011/08/11 00:16:34 | 000,024,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll

    ========== Chrome ==========

    CHR - Extension: No name found = C:\Users\Rory\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
    CHR - Extension: No name found = C:\Users\Rory\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.0_0\
    CHR - Extension: No name found = C:\Users\Rory\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
    CHR - Extension: No name found = C:\Users\Rory\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\
    CHR - Extension: No name found = C:\Users\Rory\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.36.2_0\
    CHR - Extension: No name found = C:\Users\Rory\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_0\
    CHR - Extension: No name found = C:\Users\Rory\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\
    CHR - Extension: No name found = C:\Users\Rory\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\

    O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
    O2:64bit: - BHO: (no name) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - No CLSID value found.
    O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (WinZip Courier BHO) - {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\Program Files (x86)\WinZip Courier\wzwmcie.dll (WinZip Computing, S.L.)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
    O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()
    O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [WirelessUSBManager] C:\Program Files (x86)\Wireless USB\Components\WirelessUSBManager\WirelessUSBManager.exe (Wisair Ltd.)
    O4 - HKCU..\Run: [AdobeBridge] File not found
    O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
    O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: alipay.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: alipay.com ([]https in Trusted sites)
    O15 - HKCU\..Trusted Domains: alisoft.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: alisoft.com ([]https in Trusted sites)
    O15 - HKCU\..Trusted Domains: taobao.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: taobao.com ([]https in Trusted sites)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.7.2)
    O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 10.9.2)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 10.9.2)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.101.160.5 89.101.160.4
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47C2517D-3DF6-49C8-8159-D199B8C6EEDB}: DhcpNameServer = 89.101.160.5 89.101.160.4
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79D25402-CF35-4816-8AEA-4720882FEB91}: DhcpNameServer = 89.101.160.5 89.101.160.4
    O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\ms-help - No CLSID value found
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
    O18:64bit: - Protocol\Filter\ica - No CLSID value found
    O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{7a80a03f-f7b1-11e0-a88d-b8ac6f76e227}\Shell - "" = AutoRun
    O33 - MountPoints2\{7a80a03f-f7b1-11e0-a88d-b8ac6f76e227}\Shell\AutoRun\command - "" = E:\DTVP_Launcher.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2015/07/20 20:57:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Rory\Desktop\OTL.exe
    [2015/07/20 20:48:59 | 000,000,000 | ---D | C] -- C:\Users\Rory\Desktop\True.Detective.S02E05.HDTV.x264-ASAP[ettv]
    [2015/07/20 20:48:28 | 000,000,000 | ---D | C] -- C:\Users\Rory\Desktop\The.Strain.S02E02.720p.HDTV.x264-KILLERS[rarbg]
    [2015/07/13 21:26:20 | 000,000,000 | ---D | C] -- C:\Users\Rory\Desktop\True.Detective.S02E04.HDTV.x264-ASAP[ettv]
    [2015/07/13 21:26:07 | 000,000,000 | ---D | C] -- C:\Users\Rory\Desktop\The.Strain.S02E01.HDTV.x264-KILLERS[rarbg]
    [2015/07/08 22:40:35 | 000,000,000 | ---D | C] -- C:\Users\Rory\AppData\Local\Avg2015
    [2015/07/08 22:39:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AV
    [2015/07/08 22:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2015
    [7 C:\Users\Rory\Desktop\*.tmp files -> C:\Users\Rory\Desktop\*.tmp -> ]
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Users\Rory\*.tmp files -> C:\Users\Rory\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2015/07/20 20:57:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rory\Desktop\OTL.exe
    [2015/07/20 20:52:22 | 000,022,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2015/07/20 20:52:22 | 000,022,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2015/07/20 20:43:52 | 000,023,207 | ---- | M] () -- C:\Users\Rory\Desktop\Untitled.png
    [2015/07/20 20:41:50 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2015/07/20 20:41:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2015/07/20 20:41:12 | 3168,165,888 | -HS- | M] () -- C:\hiberfil.sys
    [2015/07/19 23:27:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2015/07/19 12:22:41 | 000,025,567 | ---- | M] () -- C:\Users\Rory\Desktop\[kat.cr.prx.websiteproxy.co.uk.prx.websiteproxy.co.uk]power.2014.s02e06.hdtv.x264.asap.rartv.torrent
    [2015/07/19 09:06:25 | 005,030,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2015/07/18 21:22:02 | 000,018,082 | ---- | M] () -- C:\Users\Rory\Desktop\[kat.cr.prx.websiteproxy.co.uk.prx.websiteproxy.co.uk]wayward.pines.s01e09.hdtv.x264.lol.ettv.torrent
    [2015/07/08 22:32:08 | 186,296,034 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
    [2015/07/04 12:14:01 | 000,736,104 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2015/07/04 12:14:01 | 000,634,746 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2015/07/04 12:14:01 | 000,114,114 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2015/06/24 22:06:17 | 000,002,285 | ---- | M] () -- C:\Users\Rory\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [7 C:\Users\Rory\Desktop\*.tmp files -> C:\Users\Rory\Desktop\*.tmp -> ]
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Users\Rory\*.tmp files -> C:\Users\Rory\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2015/07/20 20:43:52 | 000,023,207 | ---- | C] () -- C:\Users\Rory\Desktop\Untitled.png
    [2015/07/19 12:22:41 | 000,025,567 | ---- | C] () -- C:\Users\Rory\Desktop\[kat.cr.prx.websiteproxy.co.uk.prx.websiteproxy.co.uk]power.2014.s02e06.hdtv.x264.asap.rartv.torrent
    [2015/07/18 21:22:02 | 000,018,082 | ---- | C] () -- C:\Users\Rory\Desktop\[kat.cr.prx.websiteproxy.co.uk.prx.websiteproxy.co.uk]wayward.pines.s01e09.hdtv.x264.lol.ettv.torrent
    [2014/07/11 21:32:15 | 000,003,584 | ---- | C] () -- C:\Users\Rory\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2014/04/01 09:51:53 | 000,000,180 | ---- | C] () -- C:\Users\Rory\AppData\Roaming\COPA_Last_Connected_Device.ini
    [2014/04/01 09:45:48 | 000,000,098 | ---- | C] () -- C:\Users\Rory\AppData\Roaming\SDC_Path.ini
    [2014/02/26 17:01:41 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2014/02/25 13:20:26 | 000,771,420 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2014/01/21 15:13:53 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
    [2011/06/24 04:22:41 | 000,007,639 | ---- | C] () -- C:\Users\Rory\AppData\Local\Resmon.ResmonCfg
    [2010/12/21 23:09:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

    ========== ZeroAccess Check ==========

    [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2015/02/13 06:22:33 | 014,177,280 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2015/02/13 06:26:18 | 012,875,264 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2013/08/22 08:49:36 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Alibaba
    [2015/04/03 02:04:51 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Audacity
    [2012/04/19 10:04:46 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\AVG
    [2015/07/11 19:13:44 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\AVG2012
    [2014/08/24 11:58:06 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Avnex
    [2013/10/13 08:38:50 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\calibre
    [2012/02/13 15:20:32 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Datel
    [2014/03/07 12:52:34 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\EDrawings
    [2011/03/20 14:11:12 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\eTeks
    [2012/02/13 15:22:25 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\ICAClient
    [2013/03/21 16:03:07 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\LolClient
    [2012/02/11 07:58:50 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Manue
    [2013/04/14 23:09:59 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Opera
    [2010/12/23 23:46:04 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Publish Providers
    [2014/08/23 13:42:54 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\REAPER
    [2014/08/21 20:52:11 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Screaming Bee
    [2012/02/13 15:20:33 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Sony
    [2013/06/22 10:10:18 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Sports Interactive
    [2013/02/08 00:09:43 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\SystemRequirementsLab
    [2012/05/23 12:34:36 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\TuneUp Software
    [2015/07/19 12:28:41 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\uTorrent
    [2012/02/11 07:58:50 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Wea

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4

    < End of report >


  • Registered Users Posts: 15,696 ✭✭✭✭y0ssar1an22


    OTL Extras logfile created on: 7/20/2015 8:57:51 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rory\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.17914)
    Locale: 00000409 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    3.93 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 61.25% Memory free
    7.87 Gb Paging File | 5.98 Gb Available in Paging File | 75.99% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 286.69 Gb Total Space | 88.52 Gb Free Space | 30.88% Space Free | Partition Type: NTFS

    Computer Name: RORY-PC | User Name: Rory | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0454CD27-55B3-4FCC-BD1F-895F5D7B1283}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{1432F898-1B8A-4823-9788-8FA2B8B0AF4D}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{153D5173-330B-4D50-B836-EAC4B08CF38E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{17F4574A-D123-4C08-B3AC-A9C32F075483}" = lport=3390 | protocol=6 | dir=in | app=system |
    "{1BF06A34-E76B-4076-A9FA-C0E7569899D0}" = lport=3390 | protocol=6 | dir=in | app=system |
    "{1FBA97E3-D144-4AAB-A1C9-A43CDB84AA0E}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{20B2986A-1E8F-4B21-B105-B48CA8096B08}" = lport=137 | protocol=17 | dir=in | app=system |
    "{220F1134-4B24-4DE2-A64B-2B5A661FE5D8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{253048BA-E2E7-4647-ADEC-C4E47611F88A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{253A81C0-A664-418B-B47F-C75E58C7BB59}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{41B55433-2938-4C33-9CC4-07ADA3DBD3C0}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{4650EEDF-DBF0-4DD2-9037-07FCCE98C36C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{4B732E41-B8FF-4CB7-924D-B67111DF6042}" = lport=10244 | protocol=6 | dir=in | app=system |
    "{55C569A2-B290-476E-9CD2-A77BDB5B9E17}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{59A086FB-3C61-489D-94DF-90D8ACFA7504}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{5CD494BE-F4D0-4D94-96E9-288A2BB6F8C2}" = rport=139 | protocol=6 | dir=out | app=system |
    "{5E97D9FD-17E5-4151-ABEA-A7ED954D0FAD}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
    "{66C572C4-F2FD-47FA-BCF7-DE0FD58ECD88}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{67FA2DDE-5C72-4374-AB20-B0A16D270C07}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{6C1C876A-3876-43CC-85A8-2A245E0ED39F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{7174916F-C696-496F-B473-E787B7E768D7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{72901496-CF77-44E3-B43C-3B3C0F7AA5B2}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{783B9806-870A-4628-8F09-208B711473AA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{798CA25B-AD0B-447E-9321-84F0A4787DC6}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=%systemroot%\microsoft.net\framework64\v3.0\windows communication foundation\smsvchost.exe |
    "{7B0AED13-529D-4CC2-8316-D12FEFC5F1CA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{808D9F17-ED6E-4F86-90D3-5F9D5F31A270}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{81F3F47F-96C0-418B-9BFD-61BD22A77DC5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
    "{84F39381-D93D-4E71-AE07-6F3A79DDC3E3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{878F4A55-C665-4DEB-B7C6-F1AFB7CC2ECE}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{8B8C88D7-478E-4D03-8E4B-9481C1E11307}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{8CA56F11-E73A-4FA6-AC7F-2729CF20CE16}" = lport=10244 | protocol=6 | dir=in | app=system |
    "{8F2B9F6C-CBEA-4B2C-99B8-C7ECCEC37DFB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{8F60A284-DC2D-466B-B439-19B4DA1DC9AF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{95865155-4796-4B5F-B6EE-EAB48FB1A306}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{982E0857-251C-459A-8B93-4ECD1EA610B9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{9ABB9393-665B-4801-9004-18451ABA90D0}" = rport=445 | protocol=6 | dir=out | app=system |
    "{9D2350F3-C3B0-4FFF-B350-A918B5B89920}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{9E4994A7-CB5B-4719-B351-A2FD293BC0FF}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{9F6E21F7-A1C0-46C6-B527-EBFF2B7639FE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{B7D9D793-8812-436C-9C48-21DC8B92A488}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{C11B5F56-8706-436E-8E8C-1C6643115C1D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{C1FC37C2-4390-4110-AD64-C9D389258F01}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{C2812715-D08D-45D7-8C9F-3B7E9D6EDC4C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{C498FC4E-CA8B-4E84-BE3C-18053FCD2052}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{C4AC71A8-535D-4609-A981-7AC438F54EFD}" = lport=139 | protocol=6 | dir=in | app=system |
    "{C5E9BF3A-888A-46DE-95A4-8A7D6493B983}" = lport=445 | protocol=6 | dir=in | app=system |
    "{C8F6004F-F4DC-48EE-862B-AB1F8E3BB2CD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{CC3DF1D6-7B43-473D-82FF-7384E1D2E545}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{D4494515-ABA0-4773-8D71-D7E3C86ACD81}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{D456AE76-18D1-49B8-A2EA-53D2D1E09D17}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{DCD62A30-0451-4721-AE75-7D22A781ABF0}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{DD035739-C54E-4F17-8618-BB3950AAD6F0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{E019A989-3E16-4EF8-8CEB-3F3DE229A4E8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{E24677A8-E42C-44D3-B93A-F2545567A974}" = rport=138 | protocol=17 | dir=out | app=system |
    "{E5B4EEFA-B56A-47FA-8C23-A9E62F2A5B85}" = rport=137 | protocol=17 | dir=out | app=system |
    "{E844B77A-A0B4-446A-A684-797EA95DB872}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{EF235757-A99F-494E-8F67-EEAFF3436401}" = lport=138 | protocol=17 | dir=in | app=system |
    "{F87E6133-8453-4501-9091-A20F440FBFA5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0073F586-24B1-4EAF-A209-BFCFD8BD9FA5}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{092A6719-CFCE-4F28-AFBF-F1F7BAC173CA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{0A8E1DA5-DC83-4BB4-95C5-B11773BFA68A}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{0B63B1A2-DFA8-401B-8AB4-1688AC80E082}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{0B6D8FBC-D4F5-40A9-B43F-06250632179C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{0EB93B7F-FE55-4EAB-A871-7DF32797466E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
    "{0FB68317-BC51-4318-870A-5047DAD745F6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
    "{12CDC8B5-341A-45FB-BF30-645E796E6E7B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{132E99EA-B3F1-41BC-9487-D395FE852574}" = protocol=6 | dir=out | app=system |
    "{197B7F4E-4CCA-4F31-8905-9FDF2375B821}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
    "{1AF77AC7-1A1B-417C-8026-5D9BAEED150D}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
    "{1C7DDC3E-D447-453E-A650-6BC3D089F690}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{22BC9BE8-45D9-4C99-9D3E-D08515B72A26}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{24104236-7EC7-47DF-9E9F-2A07807DC86C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{242BE846-1DEB-4B6E-86D9-5DD5257503D6}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
    "{27039E02-50A9-4A1C-B79F-0DF0712E4409}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\multiwinia\multiwinia.exe |
    "{27EB2136-F97B-42F5-BC1D-03366FF467C4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{27FE0CFA-60ED-4FB6-A35F-7F5BEC35F9A8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
    "{28C2DB04-C808-43FA-9CD9-9D3B8EABBBAE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darwinia\darwinia.exe |
    "{2CD93E2C-ACE0-480D-AE2C-506B8FF6E31F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{2F4FDB70-D76A-4AFB-99F3-BEAC040E7412}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
    "{350307FB-E782-4C4D-B444-031772D0422A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{35B9B9BA-887B-4848-93C1-7CD58B6A9938}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
    "{371869D9-BF6C-48F0-8BF2-D78E31CDD213}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{38C5270A-015F-46E7-BBAF-3B8379D79A5D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{3AA6A155-31D0-4208-A171-AD35DBAB95ED}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
    "{3C438330-A9BB-4E86-988A-315824185A2C}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
    "{4387F914-EE34-4D56-A06D-932B0D40A72E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic 2013\dotp_d13.exe |
    "{451F67AF-D271-4764-84C0-5D9B57E8CAE9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
    "{4589FB18-498A-4E68-A64C-E2E0C5776656}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{48630E49-47AD-41B3-A2C5-14D573299EE1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
    "{4A4B7B15-AD5F-4B93-B39F-F8362CC291FD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{4A71AAC1-84BE-4B7D-8701-38ACB714CA6A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{4BB303A5-0B61-44D7-BCFA-DBCF1946981A}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{4C66C988-96C4-44B7-8645-11C116240D37}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
    "{4CF0569A-5194-4D1F-8936-490762C7DDA4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{5200BDF2-82C3-45A1-AF93-5874CA6E691E}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
    "{5310157C-89CE-40F1-9975-5D29B11E4B49}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
    "{5328F65C-9D8C-4D35-A395-681F4EFA2E06}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\uplink\uplink.exe |
    "{5763AD4A-22AC-4E72-9306-82CC71986304}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{57844AF6-CF6E-4FD9-AEBB-71A9A51578E2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{57CE3DFE-7E51-484B-AAEF-DE99289607E7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{5AF16543-A24F-460B-9F3F-8AA3F3AF415C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
    "{5FECBC4F-AC1E-473C-8797-D1DE44D8DDDB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\uplink\uplink.exe |
    "{65A9DE2B-AB9E-441C-B42B-D840A85D26A7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{6AD4B533-A4C7-4A35-B320-5E4A96C94C4F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{6F23122F-7AF8-4D99-9620-CB6CD1EC5583}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{703D8404-9390-4F1C-82AF-A7311C2AC7D8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{70EDD852-E2E7-453F-81B9-09641F33B8FE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darwinia\darwinia.exe |
    "{72D721B8-53C0-406A-8CDD-A6149802BEF7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
    "{74A46881-0685-4174-8754-7F0CB7992A1D}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
    "{77D2CDDC-41A9-4709-B5E3-B4169430CF61}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{79EBE45B-344B-4BE5-8CFE-4C3C67AB7191}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
    "{7B635C13-8819-41BC-B6B7-69A6B3BCBD28}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{7D89537C-0248-4B50-B1AE-19486E0B8BD2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{7EDCC956-965E-45AE-94E8-BADA15C571FF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\defcon\defcon.exe |
    "{7F31C3EB-E8A9-4815-9207-451FF5591EC9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
    "{7F78C56E-FF4E-482A-93A8-B2FD552B9E2F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{846AA675-C341-42D6-AD80-D4F858550B72}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prison architect\prison architect.exe |
    "{87B3D942-5AFA-406F-9852-669FCB25534F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{88290169-24FC-4F80-A1F8-08FACE4B7565}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\defcon\defcon.exe |
    "{8B5CF9A1-C577-4D79-ADE6-831E071D0E48}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
    "{8F10F9DD-1D2D-4E08-979A-7608079C023B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
    "{8F2B6097-84FB-4E80-86D5-B5EEF4AC1285}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{90C55989-5FCC-4FFC-B279-CA9D41C858E1}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
    "{93459882-A733-40D4-9616-2183258FD358}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
    "{96D84655-641D-4A37-96C0-624B74D09B21}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
    "{9F3A864E-AB94-479D-9066-A3A91ED318EC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
    "{A12B3CB7-BBBA-408E-9BE0-F0223FC228DC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{A2C02DE0-07F1-491F-95CE-E2FC1AE3EFB6}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{A2E97C7C-8B1E-4C8B-813D-6A08DB4A4DE9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\multiwinia\multiwinia.exe |
    "{A34B1C6B-6E87-4BEF-8244-2AB407ECB552}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{A74BCB5D-203F-46F7-9071-7FAB8995BEA0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{B6FA0552-6A1F-4C55-8C1B-4F39598CDE26}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{B9E49FFD-164A-44C2-B896-E768BB3E7991}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic 2013\dotp_d13.exe |
    "{BBB97767-D0B8-4A1D-A114-9CBFE700BB58}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prison architect\prison architect.exe |
    "{BF04ADCB-8454-4EC6-A136-FCD5E85FEB97}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{BF265D49-6427-4470-96AF-9DDAF8CBE762}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{C4C02DDD-D066-4D31-BEB1-86E8ADE806F8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
    "{C78BD0A8-5A7A-42A2-B4D0-1B51E7FB89F3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{C7DE5CA9-702A-4C67-B2CB-EDD78599C5F5}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{CAB26D67-03A0-4BE2-9548-9CF8CBBEBF79}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
    "{CB6F8F9E-0937-41FF-982C-D5A1CF37A934}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{CC9D956B-D856-4B0B-AF0E-38B09A0A90CA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{D19EB95A-9E4C-4CBA-8E7A-74C5E05A439F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{D2453CA2-B2B0-44BD-9849-15BE167EDDE6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{D6F5ABD9-9961-4C90-A9D8-A1856845E436}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{DB34C102-9DE9-4AEC-9EC5-58E9433574D7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
    "{DBEEDFBA-0BE3-415A-9E92-74F0FC0C4D05}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{EA8548CC-C6E5-4A0D-92A9-7B5536C8C116}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{EE18AAC7-E1EA-46DA-8C23-5F92CA0B6FF9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
    "{F9BFFE67-4680-4A44-AAE6-2B5BE9513B0B}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
    "{FB0A1C6C-F2FF-499A-94C9-AC0D096D0CBD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{FE9BD336-EB11-4DBD-A01E-EAD4FF1D9C6D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{FFF22539-2AA5-4081-9270-14442342DE96}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "TCP Query User{26645D7C-892B-4E49-87DB-6B67442B12B0}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
    "UDP Query User{4BC2B1F1-9916-4236-BBAC-B248F4F13A60}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{11B7FDD0-6D31-1CAB-3BC4-9EB1ACD67803}" = ATI AVIVO64 Codecs
    "{14BC5667-22B0-4DC4-8205-597053BBDDC9}" = HP Photosmart C4200 All-In-One Driver Software 13.0 Rel. 1
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
    "{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
    "{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
    "{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
    "{3EF53D70-F472-9A93-2E09-737FBB4A5AE8}" = ATI Catalyst Install Manager
    "{4ADF194B-B0B6-4C06-9318-DDE5171A655A}" = AVG 2012
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{60617D41-12B1-4D1F-B826-985727E26121}" = AVG 2015
    "{64A3A4F4-B792-11D6-A78A-00B0D0170070}" = Java SE Development Kit 7 Update 7 (64-bit)
    "{655D4D89-82AC-4B45-AE41-246281CC3886}" = DisplayLink Graphics
    "{6D45461F-F0FF-4E32-A16D-C636722FCA12}" = Wireless USB WinDrivers
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{482CB0DF-849D-479C-8CBB-F9DA6AF0F8C5}" =
    "{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
    "{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
    "{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
    "{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{AE124EE9-EF32-69C5-60F9-FFA0FFF7F9B1}" = ccc-utility64
    "{B12F5507-1E4B-46B8-A37A-1771913191F7}" = DisplayLink Core Software
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240CD}" = WinZip 16.0
    "{E852F060-08FF-FFD5-0C98-2A066B42EBBB}" = ccc-utility64
    "AVG" = AVG 2012
    "CCleaner" = CCleaner
    "Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Photosmart Essential" = HP Photosmart Essential 3.5
    "HP Smart Web Printing" = HP Smart Web Printing 4.51
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "HPOCR" = OCR Software by I.R.I.S. 13.0
    "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "Shop for HP Supplies" = Shop for HP Supplies
    "SynTPDeinstKey" = Dell Touchpad

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
    "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
    "{0B74F57C-4636-4D70-A7A9-95074DF21802}" = Citrix Receiver(Aero)
    "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
    "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
    "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
    "{164B26C5-9BC9-48E8-8FB5-C3C0AC0FE1C8}" = Citrix Receiver Inside
    "{16FB54B9-8AC9-F064-38FB-DF7B69583218}" = CCC Help Chinese Standard
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{1B367D21-5307-428C-DEDA-D073071CB89B}" = CCC Help Japanese
    "{1B7D12BE-D1D8-4CCE-A01B-43CAFF8ECA9B}" = C4200
    "{1DC7DFF9-2180-0E7E-DB49-817280EE4E93}" = Catalyst Control Center Graphics Light
    "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 7.0
    "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 23
    "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
    "{27B94460-B1A6-BE42-D92A-4FCDCF4A719F}" = CCC Help German
    "{2D5941A7-146F-4509-B35C-E58CE68FE204}" = eDrawings 2014
    "{2DE12376-E648-D16E-3E0A-0CAEE233BF64}" = CCC Help Spanish
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
    "{3347400D-F491-6DB5-9F57-0A9EA8E435C9}" = Catalyst Control Center Core Implementation
    "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
    "{47BC5D36-B837-B2A8-FB46-F6EC602A7F9C}" = Catalyst Control Center Graphics Previews Common
    "{4817D846-700B-474E-A31B-80892B3E92E3}" = Adobe After Effects CS6
    "{4979A82C-4EBE-32C4-81E5-94532C4BAEED}" = Catalyst Control Center Localization All
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
    "{4B8C6616-F310-60D3-71FD-057C16DB3E8A}" = CCC Help Finnish
    "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{54EE63E3-9960-41B6-9644-BB0167C6DD42}" = Catalyst Control Center - Branding
    "{5A11DB94-53E7-0232-3AF6-8DD9612094CD}" = CCC Help Chinese Traditional
    "{5B079F85-A24D-4642-BF1A-32D5A6B3A003}" = calibre
    "{5CF3C617-83A2-3D8E-39D6-45B593BB5F89}" = CCC Help German
    "{5F8D5450-5BD8-4B8A-A1DE-8326C0395D5D}" = PS_AIO_Software_min
    "{5FEF1894-CF67-B16C-11B6-5818358B3FC9}" = CCC Help Russian
    "{60495020-5A67-DE2D-B768-5E77E734D263}" = CCC Help Italian
    "{60E9E76A-FB31-67CB-8071-A1D38A499A86}" = CCC Help French
    "{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
    "{61C06586-0FAD-1E43-20C6-08F4F1483C3D}" = CCC Help Norwegian
    "{62499375-AB9C-5279-EEEE-F5AB863CA996}" = CCC Help Danish
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{6464EA89-7B34-C15B-B39F-4638EFF931DE}" = Catalyst Control Center Graphics Previews Common
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
    "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
    "{6869DEA9-8FA6-E3E0-05B6-8187FEB71D52}" = Skins
    "{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding
    "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{6ED86F6F-7130-48F5-2AF7-5D693098057F}" = CCC Help Norwegian
    "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
    "{7087BFF5-88C7-4B82-2EF6-B7F09DD4A86B}" = ccc-core-static
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{719CCEF3-234C-6C1A-3891-79FA208E8025}" = CCC Help Portuguese
    "{764490A7-9DF2-B0CE-DA9F-72DDFD342ACA}" = CCC Help Russian
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77534F47-08D5-4A50-8249-403C9ECE9840}" = Smart Organizing Monitor
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{860CF8EA-A8ED-01BD-8344-26DB1058A563}" = CCC Help Korean
    "{87434D51-51DB-4109-B68F-A829ECDCF380}" = Accelerometer
    "{88B05038-C890-468B-A563-0015FD53CDC3}" = ArcSoft TotalMedia Extreme
    "{90B45DFA-5DD9-47F0-BCC7-F25B9562A738}" = Citrix Receiver(USB)
    "{92F39985-0DA5-4CC4-869F-2A3048C182E6}" = System Requirements Lab
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
    "{9B362AE0-1F0D-370B-F468-FFEF38682508}" = Catalyst Control Center Graphics Full Existing
    "{9B9F49A2-6791-761F-6077-22977B0FD03D}" = CCC Help Dutch
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9FF5AF7A-F7C7-D4F0-D93F-40800E2F8C20}" = Catalyst Control Center InstallProxy
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
    "{A498BF75-59BD-6EDB-1C19-13AAA2FD3034}" = CCC Help French
    "{A697D62C-643B-5315-204B-D43055A86649}" = CCC Help Swedish
    "{A6B483B0-E8E8-0EE1-D678-FEEBDF27FE15}" = Catalyst Control Center Localization All
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9316AC7-CAB2-C29B-F8B6-6239817B1B45}" = CCC Help Chinese Standard
    "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
    "{AB834517-C040-6115-A231-0A62F0A08294}" = CCC Help Swedish
    "{AC76BA86-0804-1033-1959-001824147215}" = Adobe Refresh Manager
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.12)
    "{AD6E2415-407E-40D3-A550-126E67509D84}" = Citrix Receiver(DV)
    "{AE2E0F4A-E08F-4A15-B4DC-D8FC9CEFF9C7}" = Online Plug-in
    "{AE3A67EE-0C5D-11E0-BC1D-0013D3D69929}" = Vegas Pro 10.0
    "{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
    "{AFF254B3-ABBC-15E7-200E-FABF74314C13}" = ccc-core-static
    "{B1924580-0C5D-11E0-B655-0013D3D69929}" = MSVCRT Redists
    "{B27E389B-AE9B-BEB6-8FCF-BA293F884C70}" = CCC Help Japanese
    "{B2939EC4-6FB6-3153-0F9E-CE1AE76F0AE8}" = Catalyst Control Center Graphics Light
    "{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
    "{B5747FE9-AC7C-3512-02EA-2C6A089EC68F}" = CCC Help Finnish
    "{B5AB153E-59F3-AB56-F8A7-43E531368327}" = Catalyst Control Center Graphics Full New
    "{BA214394-CDD8-BB3C-3FCC-8294C9A02ACA}" = CCC Help Chinese Traditional
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{BF8DC895-9CC3-E284-6ADF-67077E3FBCA2}" = CCC Help Danish
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
    "{CD95F661-A5C4-11AF-B2CC-ABCD21A325B5}" = WinZip Courier
    "{CFBB5529-2532-1F5E-8706-F0D1BE3B8C35}" = Catalyst Control Center Graphics Previews Vista
    "{D0016802-8E49-0DED-0B9C-F8946945998F}" = Catalyst Control Center Graphics Full Existing
    "{D1D603C4-8C68-40F3-85AE-6DBEF3B712B5}" = Citrix Receiver (HDX Flash Redirection)
    "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
    "{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
    "{DC068C99-4AF6-C4B4-178F-790CC62B93ED}" = Catalyst Control Center Graphics Previews Vista
    "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
    "{DCC9335C-09BD-3017-096F-931FDB8E7663}" = Catalyst Control Center Graphics Full New
    "{DD786529-8C5E-4C64-9FA6-D47FBF17C392}" = Catalyst Control Center InstallProxy
    "{DDBBE693-E9E5-A743-4C11-D693F94A80D7}" = Catalyst Control Center Core Implementation
    "{DE4AD67B-9EA0-31F1-F5EE-E9B836248839}" = CCC Help English
    "{DF6BCD20-50DC-4DE6-4798-948DF8CAC38A}" = CCC Help Korean
    "{DF8F8A4A-C9EB-79EC-7597-166D3042EAA8}" = CCC Help Spanish
    "{E19F161D-7FD0-FECB-41B1-A036862C3E47}" = CCC Help English
    "{E393AA7A-33AE-1F62-0C33-D107BB03E74E}" = CCC Help Portuguese
    "{E65CA2A8-1F2A-4400-AE55-FFD43D3B6980}" = c4200_Help
    "{E77DA909-3532-4C95-AFEB-06310E88462A}" = System Requirements Lab CYRI
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{EE7BEE99-4C13-DF3E-142B-5E4BA8D10CEC}" = CCC Help Italian
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FCAC5BFF-0A4E-3E71-C486-5E55C0630817}" = CCC Help Dutch
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "Audacity_is1" = Audacity 2.0.5
    "AV Voice Changer Software DIAMOND 7.0" = AV Voice Changer Software DIAMOND 7.0
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
    "CitrixOnlinePluginPackWeb" = Citrix Receiver
    "Dell Webcam Central" = Dell Webcam Central
    "EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.0 Home Edition
    "Google Chrome" = Google Chrome
    "Hauppauge HDPVR Scheduler" = Hauppauge HDPVR Scheduler
    "Hauppauge WinTV IR Blaster" = Hauppauge WinTV IR Blaster
    "Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
    "InstallShield_{6D45461F-F0FF-4E32-A16D-C636722FCA12}" = Wireless USB WinDrivers
    "LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
    "Steam App 1500" = Darwinia
    "Steam App 1510" = Uplink
    "Steam App 1520" = DEFCON
    "Steam App 1530" = Multiwinia
    "Steam App 233450" = Prison Architect
    "Steam App 570" = Dota 2
    "Steam App 97330" = Magic: The Gathering - Duels of the Planeswalkers 2013
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 1.1.6
    "WindPower Trial_is1" = WindPower Trial
    "XPort 360_is1" = XPort 360

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "3557924970.go.sky.com" = Sky Go Desktop
    "9f2df17776476c05" = Magic The Gathering Online
    "uTorrent" = µTorrent

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 7/18/2015 4:47:14 PM | Computer Name = Rory-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 3011

    Error - 7/18/2015 4:47:14 PM | Computer Name = Rory-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 3011

    Error - 7/18/2015 4:47:15 PM | Computer Name = Rory-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 7/18/2015 4:47:15 PM | Computer Name = Rory-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 4010

    Error - 7/18/2015 4:47:15 PM | Computer Name = Rory-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 4010

    Error - 7/18/2015 7:06:24 PM | Computer Name = Rory-PC | Source = Desktop Window Manager | ID = 9020
    Description = The Desktop Window Manager has encountered a fatal error (0x88980406)

    Error - 7/19/2015 4:06:35 AM | Computer Name = Rory-PC | Source = Desktop Window Manager | ID = 9020
    Description = The Desktop Window Manager has encountered a fatal error (0x88980406)

    Error - 7/19/2015 2:14:44 PM | Computer Name = Rory-PC | Source = Desktop Window Manager | ID = 9020
    Description = The Desktop Window Manager has encountered a fatal error (0x88980406)

    Error - 7/20/2015 3:41:38 PM | Computer Name = Rory-PC | Source = Desktop Window Manager | ID = 9020
    Description = The Desktop Window Manager has encountered a fatal error (0x88980406)

    Error - 7/20/2015 3:41:52 PM | Computer Name = Rory-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: sftservice.EXE, version: 1.0.82.72, time
    stamp: 0x4e45499a Faulting module name: ntdll.dll, version: 6.1.7601.18869, time
    stamp: 0x55636317 Exception code: 0xc0000005 Fault offset: 0x0002e45b Faulting process
    id: 0xbe4 Faulting application start time: 0x01d0c32416802d12 Faulting application
    path: C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE Faulting
    module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 5ddf53f1-2f17-11e5-8203-b8ac6f76e227

    [ Broadcom Wireless LAN Events ]
    Error - 6/7/2015 8:00:05 AM | Computer Name = Rory-PC | Source = WLAN-Tray | ID = 0
    Description = 13:00:05, Sun, Jun 07, 15 Error - Unable to gain access to user store


    Error - 6/7/2015 12:04:24 PM | Computer Name = Rory-PC | Source = WLAN-Tray | ID = 0
    Description = 17:04:23, Sun, Jun 07, 15 Error - Unable to gain access to user store


    Error - 6/9/2015 6:14:23 PM | Computer Name = Rory-PC | Source = WLAN-Tray | ID = 0
    Description = 23:14:21, Tue, Jun 09, 15 Error - Unable to gain access to user store


    Error - 6/10/2015 2:03:56 AM | Computer Name = Rory-PC | Source = WLAN-Tray | ID = 0
    Description = 07:03:56, Wed, Jun 10, 15 Error - Unable to gain access to user store


    Error - 7/11/2015 8:19:04 AM | Computer Name = Rory-PC | Source = WLAN-Tray | ID = 0
    Description = 13:19:04, Sat, Jul 11, 15 Error - Unable to gain access to user store


    [ Dell Events ]
    Error - 10/22/2011 6:18:59 PM | Computer Name = Rory-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 10/22/2011 6:28:18 PM | Computer Name = Rory-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 10/22/2011 6:28:18 PM | Computer Name = Rory-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 10/22/2011 6:28:42 PM | Computer Name = Rory-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 10/22/2011 6:28:42 PM | Computer Name = Rory-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 10/23/2011 11:18:40 AM | Computer Name = Rory-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 10/23/2011 11:18:40 AM | Computer Name = Rory-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 10/23/2011 5:24:50 PM | Computer Name = Rory-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 10/23/2011 5:24:50 PM | Computer Name = Rory-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 10/24/2011 2:16:10 PM | Computer Name = Rory-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    [ Media Center Events ]
    Error - 12/27/2010 12:03:13 AM | Computer Name = Rory-PC | Source = MCUpdate | ID = 0
    Description = 04:03:13 - Error connecting to the internet. 04:03:13 - Unable
    to contact server..

    Error - 12/27/2010 12:03:22 AM | Computer Name = Rory-PC | Source = MCUpdate | ID = 0
    Description = 04:03:18 - Error connecting to the internet. 04:03:18 - Unable
    to contact server..

    Error - 3/1/2014 5:27:54 PM | Computer Name = Rory-PC | Source = MCUpdate | ID = 0
    Description = 21:27:53 - Error connecting to the internet. 21:27:54 - Unable
    to contact server..

    Error - 3/1/2014 5:28:02 PM | Computer Name = Rory-PC | Source = MCUpdate | ID = 0
    Description = 21:27:59 - Error connecting to the internet. 21:27:59 - Unable
    to contact server..

    Error - 3/1/2014 6:28:11 PM | Computer Name = Rory-PC | Source = MCUpdate | ID = 0
    Description = 22:28:10 - Error connecting to the internet. 22:28:10 - Unable
    to contact server..

    Error - 3/1/2014 6:28:18 PM | Computer Name = Rory-PC | Source = MCUpdate | ID = 0
    Description = 22:28:16 - Error connecting to the internet. 22:28:16 - Unable
    to contact server..

    Error - 3/1/2014 7:28:26 PM | Computer Name = Rory-PC | Source = MCUpdate | ID = 0
    Description = 23:28:26 - Error connecting to the internet. 23:28:26 - Unable
    to contact server..

    Error - 3/1/2014 7:28:32 PM | Computer Name = Rory-PC | Source = MCUpdate | ID = 0
    Description = 23:28:31 - Error connecting to the internet. 23:28:31 - Unable
    to contact server..

    Error - 3/1/2014 8:28:40 PM | Computer Name = Rory-PC | Source = MCUpdate | ID = 0
    Description = 00:28:40 - Error connecting to the internet. 00:28:40 - Unable
    to contact server..

    Error - 3/1/2014 8:28:46 PM | Computer Name = Rory-PC | Source = MCUpdate | ID = 0
    Description = 00:28:45 - Error connecting to the internet. 00:28:45 - Unable
    to contact server..

    [ System Events ]
    Error - 7/20/2015 3:42:34 PM | Computer Name = Rory-PC | Source = Service Control Manager | ID = 7023
    Description = The Peer Name Resolution Protocol service terminated with the following
    error: %%997

    Error - 7/20/2015 3:42:34 PM | Computer Name = Rory-PC | Source = Service Control Manager | ID = 7001
    Description = The Peer Networking Grouping service depends on the Peer Name Resolution
    Protocol service which failed to start because of the following error: %%997

    Error - 7/20/2015 3:42:36 PM | Computer Name = Rory-PC | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the SftService service.

    Error - 7/20/2015 3:42:39 PM | Computer Name = Rory-PC | Source = Service Control Manager | ID = 7034
    Description = The SoftThinks Agent Service service terminated unexpectedly. It
    has done this 1 time(s).

    Error - 7/20/2015 3:42:45 PM | Computer Name = Rory-PC | Source = PNRPSvc | ID = 102
    Description =

    Error - 7/20/2015 3:42:46 PM | Computer Name = Rory-PC | Source = PNRPSvc | ID = 102
    Description =

    Error - 7/20/2015 3:42:45 PM | Computer Name = Rory-PC | Source = Service Control Manager | ID = 7023
    Description = The Peer Name Resolution Protocol service terminated with the following
    error: %%997

    Error - 7/20/2015 3:42:45 PM | Computer Name = Rory-PC | Source = Service Control Manager | ID = 7001
    Description = The Peer Networking Grouping service depends on the Peer Name Resolution
    Protocol service which failed to start because of the following error: %%997

    Error - 7/20/2015 3:42:46 PM | Computer Name = Rory-PC | Source = Service Control Manager | ID = 7023
    Description = The Peer Name Resolution Protocol service terminated with the following
    error: %%997

    Error - 7/20/2015 3:42:46 PM | Computer Name = Rory-PC | Source = Service Control Manager | ID = 7001
    Description = The Peer Networking Grouping service depends on the Peer Name Resolution
    Protocol service which failed to start because of the following error: %%997


    < End of report >


  • Registered Users Posts: 15,696 ✭✭✭✭y0ssar1an22


    OTL Extras logfile created on: 7/20/2015 8:57:51 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rory\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.17914)
    Locale: 00000409 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    3.93 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 61.25% Memory free
    7.87 Gb Paging File | 5.98 Gb Available in Paging File | 75.99% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 286.69 Gb Total Space | 88.52 Gb Free Space | 30.88% Space Free | Partition Type: NTFS

    Computer Name: RORY-PC | User Name: Rory | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0454CD27-55B3-4FCC-BD1F-895F5D7B1283}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{1432F898-1B8A-4823-9788-8FA2B8B0AF4D}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{153D5173-330B-4D50-B836-EAC4B08CF38E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{17F4574A-D123-4C08-B3AC-A9C32F075483}" = lport=3390 | protocol=6 | dir=in | app=system |
    "{1BF06A34-E76B-4076-A9FA-C0E7569899D0}" = lport=3390 | protocol=6 | dir=in | app=system |
    "{1FBA97E3-D144-4AAB-A1C9-A43CDB84AA0E}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{20B2986A-1E8F-4B21-B105-B48CA8096B08}" = lport=137 | protocol=17 | dir=in | app=system |
    "{220F1134-4B24-4DE2-A64B-2B5A661FE5D8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{253048BA-E2E7-4647-ADEC-C4E47611F88A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{253A81C0-A664-418B-B47F-C75E58C7BB59}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{41B55433-2938-4C33-9CC4-07ADA3DBD3C0}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{4650EEDF-DBF0-4DD2-9037-07FCCE98C36C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{4B732E41-B8FF-4CB7-924D-B67111DF6042}" = lport=10244 | protocol=6 | dir=in | app=system |
    "{55C569A2-B290-476E-9CD2-A77BDB5B9E17}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{59A086FB-3C61-489D-94DF-90D8ACFA7504}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{5CD494BE-F4D0-4D94-96E9-288A2BB6F8C2}" = rport=139 | protocol=6 | dir=out | app=system |
    "{5E97D9FD-17E5-4151-ABEA-A7ED954D0FAD}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
    "{66C572C4-F2FD-47FA-BCF7-DE0FD58ECD88}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{67FA2DDE-5C72-4374-AB20-B0A16D270C07}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{6C1C876A-3876-43CC-85A8-2A245E0ED39F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{7174916F-C696-496F-B473-E787B7E768D7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{72901496-CF77-44E3-B43C-3B3C0F7AA5B2}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{783B9806-870A-4628-8F09-208B711473AA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{798CA25B-AD0B-447E-9321-84F0A4787DC6}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=%systemroot%\microsoft.net\framework64\v3.0\windows communication foundation\smsvchost.exe |
    "{7B0AED13-529D-4CC2-8316-D12FEFC5F1CA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{808D9F17-ED6E-4F86-90D3-5F9D5F31A270}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{81F3F47F-96C0-418B-9BFD-61BD22A77DC5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
    "{84F39381-D93D-4E71-AE07-6F3A79DDC3E3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{878F4A55-C665-4DEB-B7C6-F1AFB7CC2ECE}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{8B8C88D7-478E-4D03-8E4B-9481C1E11307}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{8CA56F11-E73A-4FA6-AC7F-2729CF20CE16}" = lport=10244 | protocol=6 | dir=in | app=system |
    "{8F2B9F6C-CBEA-4B2C-99B8-C7ECCEC37DFB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{8F60A284-DC2D-466B-B439-19B4DA1DC9AF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{95865155-4796-4B5F-B6EE-EAB48FB1A306}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{982E0857-251C-459A-8B93-4ECD1EA610B9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{9ABB9393-665B-4801-9004-18451ABA90D0}" = rport=445 | protocol=6 | dir=out | app=system |
    "{9D2350F3-C3B0-4FFF-B350-A918B5B89920}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{9E4994A7-CB5B-4719-B351-A2FD293BC0FF}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{9F6E21F7-A1C0-46C6-B527-EBFF2B7639FE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{B7D9D793-8812-436C-9C48-21DC8B92A488}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{C11B5F56-8706-436E-8E8C-1C6643115C1D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{C1FC37C2-4390-4110-AD64-C9D389258F01}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{C2812715-D08D-45D7-8C9F-3B7E9D6EDC4C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{C498FC4E-CA8B-4E84-BE3C-18053FCD2052}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{C4AC71A8-535D-4609-A981-7AC438F54EFD}" = lport=139 | protocol=6 | dir=in | app=system |
    "{C5E9BF3A-888A-46DE-95A4-8A7D6493B983}" = lport=445 | protocol=6 | dir=in | app=system |
    "{C8F6004F-F4DC-48EE-862B-AB1F8E3BB2CD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{CC3DF1D6-7B43-473D-82FF-7384E1D2E545}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{D4494515-ABA0-4773-8D71-D7E3C86ACD81}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{D456AE76-18D1-49B8-A2EA-53D2D1E09D17}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{DCD62A30-0451-4721-AE75-7D22A781ABF0}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{DD035739-C54E-4F17-8618-BB3950AAD6F0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{E019A989-3E16-4EF8-8CEB-3F3DE229A4E8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{E24677A8-E42C-44D3-B93A-F2545567A974}" = rport=138 | protocol=17 | dir=out | app=system |
    "{E5B4EEFA-B56A-47FA-8C23-A9E62F2A5B85}" = rport=137 | protocol=17 | dir=out | app=system |
    "{E844B77A-A0B4-446A-A684-797EA95DB872}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{EF235757-A99F-494E-8F67-EEAFF3436401}" = lport=138 | protocol=17 | dir=in | app=system |
    "{F87E6133-8453-4501-9091-A20F440FBFA5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0073F586-24B1-4EAF-A209-BFCFD8BD9FA5}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{092A6719-CFCE-4F28-AFBF-F1F7BAC173CA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{0A8E1DA5-DC83-4BB4-95C5-B11773BFA68A}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{0B63B1A2-DFA8-401B-8AB4-1688AC80E082}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{0B6D8FBC-D4F5-40A9-B43F-06250632179C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{0EB93B7F-FE55-4EAB-A871-7DF32797466E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
    "{0FB68317-BC51-4318-870A-5047DAD745F6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
    "{12CDC8B5-341A-45FB-BF30-645E796E6E7B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{132E99EA-B3F1-41BC-9487-D395FE852574}" = protocol=6 | dir=out | app=system |
    "{197B7F4E-4CCA-4F31-8905-9FDF2375B821}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
    "{1AF77AC7-1A1B-417C-8026-5D9BAEED150D}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
    "{1C7DDC3E-D447-453E-A650-6BC3D089F690}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{22BC9BE8-45D9-4C99-9D3E-D08515B72A26}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{24104236-7EC7-47DF-9E9F-2A07807DC86C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{242BE846-1DEB-4B6E-86D9-5DD5257503D6}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
    "{27039E02-50A9-4A1C-B79F-0DF0712E4409}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\multiwinia\multiwinia.exe |
    "{27EB2136-F97B-42F5-BC1D-03366FF467C4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{27FE0CFA-60ED-4FB6-A35F-7F5BEC35F9A8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
    "{28C2DB04-C808-43FA-9CD9-9D3B8EABBBAE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darwinia\darwinia.exe |
    "{2CD93E2C-ACE0-480D-AE2C-506B8FF6E31F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{2F4FDB70-D76A-4AFB-99F3-BEAC040E7412}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
    "{350307FB-E782-4C4D-B444-031772D0422A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{35B9B9BA-887B-4848-93C1-7CD58B6A9938}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
    "{371869D9-BF6C-48F0-8BF2-D78E31CDD213}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{38C5270A-015F-46E7-BBAF-3B8379D79A5D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{3AA6A155-31D0-4208-A171-AD35DBAB95ED}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
    "{3C438330-A9BB-4E86-988A-315824185A2C}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
    "{4387F914-EE34-4D56-A06D-932B0D40A72E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic 2013\dotp_d13.exe |
    "{451F67AF-D271-4764-84C0-5D9B57E8CAE9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
    "{4589FB18-498A-4E68-A64C-E2E0C5776656}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{48630E49-47AD-41B3-A2C5-14D573299EE1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
    "{4A4B7B15-AD5F-4B93-B39F-F8362CC291FD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{4A71AAC1-84BE-4B7D-8701-38ACB714CA6A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{4BB303A5-0B61-44D7-BCFA-DBCF1946981A}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{4C66C988-96C4-44B7-8645-11C116240D37}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
    "{4CF0569A-5194-4D1F-8936-490762C7DDA4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{5200BDF2-82C3-45A1-AF93-5874CA6E691E}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
    "{5310157C-89CE-40F1-9975-5D29B11E4B49}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
    "{5328F65C-9D8C-4D35-A395-681F4EFA2E06}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\uplink\uplink.exe |
    "{5763AD4A-22AC-4E72-9306-82CC71986304}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{57844AF6-CF6E-4FD9-AEBB-71A9A51578E2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{57CE3DFE-7E51-484B-AAEF-DE99289607E7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{5AF16543-A24F-460B-9F3F-8AA3F3AF415C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
    "{5FECBC4F-AC1E-473C-8797-D1DE44D8DDDB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\uplink\uplink.exe |
    "{65A9DE2B-AB9E-441C-B42B-D840A85D26A7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{6AD4B533-A4C7-4A35-B320-5E4A96C94C4F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{6F23122F-7AF8-4D99-9620-CB6CD1EC5583}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{703D8404-9390-4F1C-82AF-A7311C2AC7D8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{70EDD852-E2E7-453F-81B9-09641F33B8FE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darwinia\darwinia.exe |
    "{72D721B8-53C0-406A-8CDD-A6149802BEF7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
    "{74A46881-0685-4174-8754-7F0CB7992A1D}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
    "{77D2CDDC-41A9-4709-B5E3-B4169430CF61}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{79EBE45B-344B-4BE5-8CFE-4C3C67AB7191}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
    "{7B635C13-8819-41BC-B6B7-69A6B3BCBD28}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{7D89537C-0248-4B50-B1AE-19486E0B8BD2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{7EDCC956-965E-45AE-94E8-BADA15C571FF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\defcon\defcon.exe |
    "{7F31C3EB-E8A9-4815-9207-451FF5591EC9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
    "{7F78C56E-FF4E-482A-93A8-B2FD552B9E2F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{846AA675-C341-42D6-AD80-D4F858550B72}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prison architect\prison architect.exe |
    "{87B3D942-5AFA-406F-9852-669FCB25534F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{88290169-24FC-4F80-A1F8-08FACE4B7565}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\defcon\defcon.exe |
    "{8B5CF9A1-C577-4D79-ADE6-831E071D0E48}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
    "{8F10F9DD-1D2D-4E08-979A-7608079C023B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
    "{8F2B6097-84FB-4E80-86D5-B5EEF4AC1285}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{90C55989-5FCC-4FFC-B279-CA9D41C858E1}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
    "{93459882-A733-40D4-9616-2183258FD358}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
    "{96D84655-641D-4A37-96C0-624B74D09B21}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
    "{9F3A864E-AB94-479D-9066-A3A91ED318EC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
    "{A12B3CB7-BBBA-408E-9BE0-F0223FC228DC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{A2C02DE0-07F1-491F-95CE-E2FC1AE3EFB6}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{A2E97C7C-8B1E-4C8B-813D-6A08DB4A4DE9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\multiwinia\multiwinia.exe |
    "{A34B1C6B-6E87-4BEF-8244-2AB407ECB552}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{A74BCB5D-203F-46F7-9071-7FAB8995BEA0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{B6FA0552-6A1F-4C55-8C1B-4F39598CDE26}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{B9E49FFD-164A-44C2-B896-E768BB3E7991}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic 2013\dotp_d13.exe |
    "{BBB97767-D0B8-4A1D-A114-9CBFE700BB58}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prison architect\prison architect.exe |
    "{BF04ADCB-8454-4EC6-A136-FCD5E85FEB97}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{BF265D49-6427-4470-96AF-9DDAF8CBE762}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{C4C02DDD-D066-4D31-BEB1-86E8ADE806F8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
    "{C78BD0A8-5A7A-42A2-B4D0-1B51E7FB89F3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{C7DE5CA9-702A-4C67-B2CB-EDD78599C5F5}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{CAB26D67-03A0-4BE2-9548-9CF8CBBEBF79}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
    "{CB6F8F9E-0937-41FF-982C-D5A1CF37A934}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{CC9D956B-D856-4B0B-AF0E-38B09A0A90CA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{D19EB95A-9E4C-4CBA-8E7A-74C5E05A439F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{D2453CA2-B2B0-44BD-9849-15BE167EDDE6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{D6F5ABD9-9961-4C90-A9D8-A1856845E436}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{DB34C102-9DE9-4AEC-9EC5-58E9433574D7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
    "{DBEEDFBA-0BE3-415A-9E92-74F0FC0C4D05}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{EA8548CC-C6E5-4A0D-92A9-7B5536C8C116}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{EE18AAC7-E1EA-46DA-8C23-5F92CA0B6FF9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
    "{F9BFFE67-4680-4A44-AAE6-2B5BE9513B0B}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
    "{FB0A1C6C-F2FF-499A-94C9-AC0D096D0CBD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{FE9BD336-EB11-4DBD-A01E-EAD4FF1D9C6D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{FFF22539-2AA5-4081-9270-14442342DE96}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "TCP Query User{26645D7C-892B-4E49-87DB-6B67442B12B0}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
    "UDP Query User{4BC2B1F1-9916-4236-BBAC-B248F4F13A60}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{11B7FDD0-6D31-1CAB-3BC4-9EB1ACD67803}" = ATI AVIVO64 Codecs
    "{14BC5667-22B0-4DC4-8205-597053BBDDC9}" = HP Photosmart C4200 All-In-One Driver Software 13.0 Rel. 1
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
    "{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
    "{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
    "{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
    "{3EF53D70-F472-9A93-2E09-737FBB4A5AE8}" = ATI Catalyst Install Manager
    "{4ADF194B-B0B6-4C06-9318-DDE5171A655A}" = AVG 2012
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{60617D41-12B1-4D1F-B826-985727E26121}" = AVG 2015
    "{64A3A4F4-B792-11D6-A78A-00B0D0170070}" = Java SE Development Kit 7 Update 7 (64-bit)
    "{655D4D89-82AC-4B45-AE41-246281CC3886}" = DisplayLink Graphics
    "{6D45461F-F0FF-4E32-A16D-C636722FCA12}" = Wireless USB WinDrivers
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{482CB0DF-849D-479C-8CBB-F9DA6AF0F8C5}" =
    "{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
    "{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
    "{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
    "{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{AE124EE9-EF32-69C5-60F9-FFA0FFF7F9B1}" = ccc-utility64
    "{B12F5507-1E4B-46B8-A37A-1771913191F7}" = DisplayLink Core Software
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240CD}" = WinZip 16.0
    "{E852F060-08FF-FFD5-0C98-2A066B42EBBB}" = ccc-utility64
    "AVG" = AVG 2012
    "CCleaner" = CCleaner
    "Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Photosmart Essential" = HP Photosmart Essential 3.5
    "HP Smart Web Printing" = HP Smart Web Printing 4.51
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "HPOCR" = OCR Software by I.R.I.S. 13.0
    "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "Shop for HP Supplies" = Shop for HP Supplies
    "SynTPDeinstKey" = Dell Touchpad

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
    "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
    "{0B74F57C-4636-4D70-A7A9-95074DF21802}" = Citrix Receiver(Aero)
    "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
    "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
    "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
    "{164B26C5-9BC9-48E8-8FB5-C3C0AC0FE1C8}" = Citrix Receiver Inside
    "{16FB54B9-8AC9-F064-38FB-DF7B69583218}" = CCC Help Chinese Standard
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{1B367D21-5307-428C-DEDA-D073071CB89B}" = CCC Help Japanese
    "{1B7D12BE-D1D8-4CCE-A01B-43CAFF8ECA9B}" = C4200
    "{1DC7DFF9-2180-0E7E-DB49-817280EE4E93}" = Catalyst Control Center Graphics Light
    "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 7.0
    "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 23
    "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
    "{27B94460-B1A6-BE42-D92A-4FCDCF4A719F}" = CCC Help German
    "{2D5941A7-146F-4509-B35C-E58CE68FE204}" = eDrawings 2014
    "{2DE12376-E648-D16E-3E0A-0CAEE233BF64}" = CCC Help Spanish
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
    "{3347400D-F491-6DB5-9F57-0A9EA8E435C9}" = Catalyst Control Center Core Implementation
    "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
    "{47BC5D36-B837-B2A8-FB46-F6EC602A7F9C}" = Catalyst Control Center Graphics Previews Common
    "{4817D846-700B-474E-A31B-80892B3E92E3}" = Adobe After Effects CS6
    "{4979A82C-4EBE-32C4-81E5-94532C4BAEED}" = Catalyst Control Center Localization All
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
    "{4B8C6616-F310-60D3-71FD-057C16DB3E8A}" = CCC Help Finnish
    "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{54EE63E3-9960-41B6-9644-BB0167C6DD42}" = Catalyst Control Center - Branding
    "{5A11DB94-53E7-0232-3AF6-8DD9612094CD}" = CCC Help Chinese Traditional
    "{5B079F85-A24D-4642-BF1A-32D5A6B3A003}" = calibre
    "{5CF3C617-83A2-3D8E-39D6-45B593BB5F89}" = CCC Help German
    "{5F8D5450-5BD8-4B8A-A1DE-8326C0395D5D}" = PS_AIO_Software_min
    "{5FEF1894-CF67-B16C-11B6-5818358B3FC9}" = CCC Help Russian
    "{60495020-5A67-DE2D-B768-5E77E734D263}" = CCC Help Italian
    "{60E9E76A-FB31-67CB-8071-A1D38A499A86}" = CCC Help French
    "{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
    "{61C06586-0FAD-1E43-20C6-08F4F1483C3D}" = CCC Help Norwegian
    "{62499375-AB9C-5279-EEEE-F5AB863CA996}" = CCC Help Danish
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{6464EA89-7B34-C15B-B39F-4638EFF931DE}" = Catalyst Control Center Graphics Previews Common
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
    "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
    "{6869DEA9-8FA6-E3E0-05B6-8187FEB71D52}" = Skins
    "{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding
    "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{6ED86F6F-7130-48F5-2AF7-5D693098057F}" = CCC Help Norwegian
    "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
    "{7087BFF5-88C7-4B82-2EF6-B7F09DD4A86B}" = ccc-core-static
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{719CCEF3-234C-6C1A-3891-79FA208E8025}" = CCC Help Portuguese
    "{764490A7-9DF2-B0CE-DA9F-72DDFD342ACA}" = CCC Help Russian
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77534F47-08D5-4A50-8249-403C9ECE9840}" = Smart Organizing Monitor
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{860CF8EA-A8ED-01BD-8344-26DB1058A563}" = CCC Help Korean
    "{87434D51-51DB-4109-B68F-A829ECDCF380}" = Accelerometer
    "{88B05038-C890-468B-A563-0015FD53CDC3}" = ArcSoft TotalMedia Extreme
    "{90B45DFA-5DD9-47F0-BCC7-F25B9562A738}" = Citrix Receiver(USB)
    "{92F39985-0DA5-4CC4-869F-2A3048C182E6}" = System Requirements Lab
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
    "{9B362AE0-1F0D-370B-F468-FFEF38682508}" = Catalyst Control Center Graphics Full Existing
    "{9B9F49A2-6791-761F-6077-22977B0FD03D}" = CCC Help Dutch
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9FF5AF7A-F7C7-D4F0-D93F-40800E2F8C20}" = Catalyst Control Center InstallProxy
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
    "{A498BF75-59BD-6EDB-1C19-13AAA2FD3034}" = CCC Help French
    "{A697D62C-643B-5315-204B-D43055A86649}" = CCC Help Swedish
    "{A6B483B0-E8E8-0EE1-D678-FEEBDF27FE15}" = Catalyst Control Center Localization All
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9316AC7-CAB2-C29B-F8B6-6239817B1B45}" = CCC Help Chinese Standard
    "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
    "{AB834517-C040-6115-A231-0A62F0A08294}" = CCC Help Swedish
    "{AC76BA86-0804-1033-1959-001824147215}" = Adobe Refresh Manager
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.12)
    "{AD6E2415-407E-40D3-A550-126E67509D84}" = Citrix Receiver(DV)
    "{AE2E0F4A-E08F-4A15-B4DC-D8FC9CEFF9C7}" = Online Plug-in
    "{AE3A67EE-0C5D-11E0-BC1D-0013D3D69929}" = Vegas Pro 10.0
    "{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
    "{AFF254B3-ABBC-15E7-200E-FABF74314C13}" = ccc-core-static
    "{B1924580-0C5D-11E0-B655-0013D3D69929}" = MSVCRT Redists
    "{B27E389B-AE9B-BEB6-8FCF-BA293F884C70}" = CCC Help Japanese
    "{B2939EC4-6FB6-3153-0F9E-CE1AE76F0AE8}" = Catalyst Control Center Graphics Light
    "{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
    "{B5747FE9-AC7C-3512-02EA-2C6A089EC68F}" = CCC Help Finnish
    "{B5AB153E-59F3-AB56-F8A7-43E531368327}" = Catalyst Control Center Graphics Full New
    "{BA214394-CDD8-BB3C-3FCC-8294C9A02ACA}" = CCC Help Chinese Traditional
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{BF8DC895-9CC3-E284-6ADF-67077E3FBCA2}" = CCC Help Danish
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
    "{CD95F661-A5C4-11AF-B2CC-ABCD21A325B5}" = WinZip Courier
    "{CFBB5529-2532-1F5E-8706-F0D1BE3B8C35}" = Catalyst Control Center Graphics Previews Vista
    "{D0016802-8E49-0DED-0B9C-F8946945998F}" = Catalyst Control Center Graphics Full Existing
    "{D1D603C4-8C68-40F3-85AE-6DBEF3B712B5}" = Citrix Receiver (HDX Flash Redirection)
    "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
    "{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
    "{DC068C99-4AF6-C4B4-178F-790CC62B93ED}" = Catalyst Control Center Graphics Previews Vista
    "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
    "{DCC9335C-09BD-3017-096F-931FDB8E7663}" = Catalyst Control Center Graphics Full New
    "{DD786529-8C5E-4C64-9FA6-D47FBF17C392}" = Catalyst Control Center InstallProxy
    "{DDBBE693-E9E5-A743-4C11-D693F94A80D7}" = Catalyst Control Center Core Implementation
    "{DE4AD67B-9EA0-31F1-F5EE-E9B836248839}" = CCC Help English
    "{DF6BCD20-50DC-4DE6-4798-948DF8CAC38A}" = CCC Help Korean
    "{DF8F8A4A-C9EB-79EC-7597-166D3042EAA8}" = CCC Help Spanish
    "{E19F161D-7FD0-FECB-41B1-A036862C3E47}" = CCC Help English
    "{E393AA7A-33AE-1F62-0C33-D107BB03E74E}" = CCC Help Portuguese
    "{E65CA2A8-1F2A-4400-AE55-FFD43D3B6980}" = c4200_Help
    "{E77DA909-3532-4C95-AFEB-06310E88462A}" = System Requirements Lab CYRI
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{EE7BEE99-4C13-DF3E-142B-5E4BA8D10CEC}" = CCC Help Italian
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FCAC5BFF-0A4E-3E71-C486-5E55C0630817}" = CCC Help Dutch
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "Audacity_is1" = Audacity 2.0.5
    "AV Voice Changer Software DIAMOND 7.0" = AV Voice Changer Software DIAMOND 7.0
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
    "CitrixOnlinePluginPackWeb" = Citrix Receiver
    "Dell Webcam Central" = Dell Webcam Central
    "EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.0 Home Edition
    "Google Chrome" = Google Chrome
    "Hauppauge HDPVR Scheduler" = Hauppauge HDPVR Scheduler
    "Hauppauge WinTV IR Blaster" = Hauppauge WinTV IR Blaster
    "Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
    "InstallShield_{6D45461F-F0FF-4E32-A16D-C636722FCA12}" = Wireless USB WinDrivers
    "LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
    "Steam App 1500" = Darwinia
    "Steam App 1510" = Uplink
    "Steam App 1520" = DEFCON
    "Steam App 1530" = Multiwinia
    "Steam App 233450" = Prison Architect
    "Steam App 570" = Dota 2
    "Steam App 97330" = Magic: The Gathering - Duels of the Planeswalkers 2013
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 1.1.6
    "WindPower Trial_is1" = WindPower Trial
    "XPort 360_is1" = XPort 360

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "3557924970.go.sky.com" = Sky Go Desktop
    "9f2df17776476c05" = Magic The Gathering Online
    "uTorrent" = µTorrent

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 7/18/2015 4:47:14 PM | Computer Name = Rory-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 3011

    Error - 7/18/2015 4:47:14 PM | Computer Name = Rory-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 3011

    Error - 7/18/2015 4:47:15 PM | Computer Name = Rory-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 7/18/2015 4:47:15 PM | Computer Name = Rory-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 4010

    Error - 7/18/2015 4:47:15 PM | Computer Name = Rory-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 4010

    Error - 7/18/2015 7:06:24 PM | Computer Name = Rory-PC | Source = Desktop Window Manager | ID = 9020
    Description = The Desktop Window Manager has encountered a fatal error (0x88980406)

    Error - 7/19/2015 4:06:35 AM | Computer Name = Rory-PC | Source = Desktop Window Manager | ID = 9020
    Description = The Desktop Window Manager has encountered a fatal error (0x88980406)

    Error - 7/19/2015 2:14:44 PM | Computer Name = Rory-PC | Source = Desktop Window Manager | ID = 9020
    Description = The Desktop Window Manager has encountered a fatal error (0x88980406)

    Error - 7/20/2015 3:41:38 PM | Computer Name = Rory-PC | Source = Desktop Window Manager | ID = 9020
    Description = The Desktop Window Manager has encountered a fatal error (0x88980406)

    Error - 7/20/2015 3:41:52 PM | Computer Name = Rory-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: sftservice.EXE, version: 1.0.82.72, time
    stamp: 0x4e45499a Faulting module name: ntdll.dll, version: 6.1.7601.18869, time
    stamp: 0x55636317 Exception code: 0xc0000005 Fault offset: 0x0002e45b Faulting process
    id: 0xbe4 Faulting application start time: 0x01d0c32416802d12 Faulting application
    path: C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE Faulting
    module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 5ddf53f1-2f17-11e5-8203-b8ac6f76e227

    [ Broadcom Wireless LAN Events ]
    Error - 6/7/2015 8:00:05 AM | Computer Name = Rory-PC | Source = WLAN-Tray | ID = 0
    Description = 13:00:05, Sun, Jun 07, 15 Error - Unable to gain access to user store


    Error - 6/7/2015 12:04:24 PM | Computer Name = Rory-PC | Source = WLAN-Tray | ID = 0
    Description = 17:04:23, Sun, Jun 07, 15 Error - Unable to gain access to user store


    Error - 6/9/2015 6:14:23 PM | Computer Name = Rory-PC | Source = WLAN-Tray | ID = 0
    Description = 23:14:21, Tue, Jun 09, 15 Error - Unable to gain access to user store


    Error - 6/10/2015 2:03:56 AM | Computer Name = Rory-PC | Source = WLAN-Tray | ID = 0
    Description = 07:03:56, Wed, Jun 10, 15 Error - Unable to gain access to user store


    Error - 7/11/2015 8:19:04 AM | Computer Name = Rory-PC | Source = WLAN-Tray | ID = 0
    Description = 13:19:04, Sat, Jul 11, 15 Error - Unable to gain access to user store


    [ Dell Events ]
    Error - 10/22/2011 6:18:59 PM | Computer Name = Rory-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 10/22/2011 6:28:18 PM | Computer Name = Rory-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 10/22/2011 6:28:18 PM | Computer Name = Rory-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 10/22/2011 6:28:42 PM | Computer Name = Rory-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 10/22/2011 6:28:42 PM | Computer Name = Rory-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 10/23/2011 11:18:40 AM | Computer Name = Rory-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 10/23/2011 11:18:40 AM | Computer Name = Rory-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 10/23/2011 5:24:50 PM | Computer Name = Rory-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 10/23/2011 5:24:50 PM | Computer Name = Rory-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 10/24/2011 2:16:10 PM | Computer Name = Rory-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    [ Media Center Events ]
    Error - 12/27/2010 12:03:13 AM | Computer Name = Rory-PC | Source = MCUpdate | ID = 0
    Description = 04:03:13 - Error connecting to the internet. 04:03:13 - Unable
    to contact server..

    Error - 12/27/2010 12:03:22 AM | Computer Name = Rory-PC | Source = MCUpdate | ID = 0
    Description = 04:03:18 - Error connecting to the internet. 04:03:18 - Unable
    to contact server..

    Error - 3/1/2014 5:27:54 PM | Computer Name = Rory-PC | Source = MCUpdate | ID = 0
    Description = 21:27:53 - Error connecting to the internet. 21:27:54 - Unable
    to contact server..

    Error - 3/1/2014 5:28:02 PM | Computer Name = Rory-PC | Source = MCUpdate | ID = 0
    Description = 21:27:59 - Error connecting to the internet. 21:27:59 - Unable
    to contact server..

    Error - 3/1/2014 6:28:11 PM | Computer Name = Rory-PC | Source = MCUpdate | ID = 0
    Description = 22:28:10 - Error connecting to the internet. 22:28:10 - Unable
    to contact server..

    Error - 3/1/2014 6:28:18 PM | Computer Name = Rory-PC | Source = MCUpdate | ID = 0
    Description = 22:28:16 - Error connecting to the internet. 22:28:16 - Unable
    to contact server..

    Error - 3/1/2014 7:28:26 PM | Computer Name = Rory-PC | Source = MCUpdate | ID = 0
    Description = 23:28:26 - Error connecting to the internet. 23:28:26 - Unable
    to contact server..

    Error - 3/1/2014 7:28:32 PM | Computer Name = Rory-PC | Source = MCUpdate | ID = 0
    Description = 23:28:31 - Error connecting to the internet. 23:28:31 - Unable
    to contact server..

    Error - 3/1/2014 8:28:40 PM | Computer Name = Rory-PC | Source = MCUpdate | ID = 0
    Description = 00:28:40 - Error connecting to the internet. 00:28:40 - Unable
    to contact server..

    Error - 3/1/2014 8:28:46 PM | Computer Name = Rory-PC | Source = MCUpdate | ID = 0
    Description = 00:28:45 - Error connecting to the internet. 00:28:45 - Unable
    to contact server..

    [ System Events ]
    Error - 7/20/2015 3:42:34 PM | Computer Name = Rory-PC | Source = Service Control Manager | ID = 7023
    Description = The Peer Name Resolution Protocol service terminated with the following
    error: %%997

    Error - 7/20/2015 3:42:34 PM | Computer Name = Rory-PC | Source = Service Control Manager | ID = 7001
    Description = The Peer Networking Grouping service depends on the Peer Name Resolution
    Protocol service which failed to start because of the following error: %%997

    Error - 7/20/2015 3:42:36 PM | Computer Name = Rory-PC | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the SftService service.

    Error - 7/20/2015 3:42:39 PM | Computer Name = Rory-PC | Source = Service Control Manager | ID = 7034
    Description = The SoftThinks Agent Service service terminated unexpectedly. It
    has done this 1 time(s).

    Error - 7/20/2015 3:42:45 PM | Computer Name = Rory-PC | Source = PNRPSvc | ID = 102
    Description =

    Error - 7/20/2015 3:42:46 PM | Computer Name = Rory-PC | Source = PNRPSvc | ID = 102
    Description =

    Error - 7/20/2015 3:42:45 PM | Computer Name = Rory-PC | Source = Service Control Manager | ID = 7023
    Description = The Peer Name Resolution Protocol service terminated with the following
    error: %%997

    Error - 7/20/2015 3:42:45 PM | Computer Name = Rory-PC | Source = Service Control Manager | ID = 7001
    Description = The Peer Networking Grouping service depends on the Peer Name Resolution
    Protocol service which failed to start because of the following error: %%997

    Error - 7/20/2015 3:42:46 PM | Computer Name = Rory-PC | Source = Service Control Manager | ID = 7023
    Description = The Peer Name Resolution Protocol service terminated with the following
    error: %%997

    Error - 7/20/2015 3:42:46 PM | Computer Name = Rory-PC | Source = Service Control Manager | ID = 7001
    Description = The Peer Networking Grouping service depends on the Peer Name Resolution
    Protocol service which failed to start because of the following error: %%997


    < End of report >


  • Advertisement
  • Registered Users Posts: 22,198 ✭✭✭✭endacl


    I'm not readin' all that! :mad:


  • Closed Accounts Posts: 462 ✭✭wylie


    endacl wrote: »
    I'm not readin' all that! :mad:

    I read the end.......Rory's PC is sick i think. :)


  • Registered Users Posts: 840 ✭✭✭jsa112


    Doesn't take as long as you think, once you have read 1000's of these logs before ;)


    the popup is related to this, dell datasafe backup

    O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)


    It should disappear after a reboot, if not we can remove it


    do you recognise these folders, they look suspicious


    [2012/02/11 07:58:50 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Wea
    [2012/02/11 07:58:50 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Manue


  • Registered Users Posts: 15,696 ✭✭✭✭y0ssar1an22


    never heard if them before. In the folders:

    manue: sofyva.icr
    wea: kygofof.exe

    what should I do now? And thanks


  • Registered Users Posts: 840 ✭✭✭jsa112


    definitely malware

    open OTL copy this into the box


    :OTL
    [2012/02/11 07:58:50 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Wea
    [2012/02/11 07:58:50 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Manue

    :Commands
    [PURITY]
    [EMPTYTEMP]
    [EMPTYFLASH]
    [RESETHOSTS]
    [EMPTYJAVA]
    [CREATERESTOREPOINT]
    :Files
    ipconfig /flushdns /c

    click run fix post the log it gives


  • Advertisement
  • Registered Users Posts: 15,696 ✭✭✭✭y0ssar1an22


    All processes killed
    ========== OTL ==========
    Folder C:\Users\Rory\AppData\Roaming\Wea\ not found.
    Folder C:\Users\Rory\AppData\Roaming\Manue\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Mcx1-RORY-PC
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    User: Rory
    ->Temp folder emptied: 5714 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 7257852 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 5212 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 7.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Mcx1-RORY-PC

    User: Public

    User: Rory
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb

    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Mcx1-RORY-PC

    User: Public

    User: Rory
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Rory\Desktop\cmd.bat deleted successfully.
    C:\Users\Rory\Desktop\cmd.txt deleted successfully.

    OTL by OldTimer - Version 3.2.69.0 log created on 07212015_061301

    Files\Folders moved on Reboot...
    File\Folder C:\Users\Rory\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...


  • Registered Users Posts: 840 ✭✭✭jsa112


    all done unless there is anything else


  • Registered Users Posts: 15,696 ✭✭✭✭y0ssar1an22


    Thanks for all the help jsa. Hopefully the issue has been resolved


Advertisement