[Inactive] Win32/Sirefef.gen!C Please help

Printable View

Show 40 post(s) from this thread on one page

May 20th, 2013, 12:44 AM
shaunwkc

Correct, they are not in the download path selected.
May 20th, 2013, 12:51 AM
Broni

OK. Go on...
May 20th, 2013, 12:56 AM
shaunwkc

OTL logfile created on: 5/20/2013 8:44:44 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ian James\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000409 | Country: South Africa | Language: ENS | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 51.71% Memory free
5.98 Gb Paging File | 3.72 Gb Available in Paging File | 62.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.00 Gb Total Space | 12.57 Gb Free Space | 8.49% Space Free | Partition Type: NTFS
Drive D: | 138.59 Gb Total Space | 109.71 Gb Free Space | 79.16% Space Free | Partition Type: NTFS
Drive F: | 5.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 1.90 Gb Total Space | 1.86 Gb Free Space | 97.77% Space Free | Partition Type: FAT

Computer Name: SHAUNPEARCE-PC | User Name: Ian James | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/20 08:13:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ian James\Desktop\OTL.exe
PRC - [2013/05/11 14:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/30 01:28:38 | 002,115,864 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/04/30 01:28:38 | 001,124,632 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/04/15 15:27:46 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/04/03 15:26:06 | 000,256,600 | ---- | M] (Microsoft Corporation) -- C:\Users\Ian James\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2013/03/15 12:52:10 | 004,466,120 | ---- | M] (SafeNet Inc.) -- C:\Windows\System32\hasplms.exe
PRC - [2013/02/26 16:23:13 | 003,560,800 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/02/18 08:06:40 | 004,279,408 | ---- | M] (Hola Networks Ltd.) -- C:\Program Files\Hola\app\hola_updater.exe
PRC - [2013/01/18 17:10:18 | 000,577,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
PRC - [2013/01/17 16:08:26 | 000,267,792 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2012/12/24 07:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\20.3.1.22\ccsvchst.exe
PRC - [2012/12/14 17:55:44 | 000,530,432 | ---- | M] (Braunstein + Berndt GmbH) -- C:\Program Files\SoundPLAN 7.2\SPUpdateService.exe
PRC - [2012/11/23 06:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/04/24 12:25:35 | 000,020,480 | ---- | M] (Mindteck India Limited) -- C:\Windows\System32\klpnm.exe
PRC - [2012/01/20 23:03:48 | 000,719,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2011/10/15 12:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/15 12:53:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011/10/15 12:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011/10/15 02:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/04/11 17:02:28 | 008,142,848 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
PRC - [2011/03/21 13:17:44 | 000,196,928 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
PRC - [2011/03/21 11:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
PRC - [2011/02/25 09:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/06 01:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/06 01:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/07/29 14:52:58 | 000,312,688 | ---- | M] (BIT LEADER) -- C:\Program Files\lg_swupdate\GiljabiStart.exe
PRC - [2009/12/04 22:41:36 | 003,655,168 | ---- | M] (LG Electronics Inc.) -- C:\Program Files\LG Software\LG OSD\HotKey.exe
PRC - [2009/11/18 14:23:46 | 000,458,752 | ---- | M] (Argonne National Lab) -- C:\Program Files\MPICH2\bin\smpd.exe
PRC - [2009/09/17 03:03:00 | 000,369,952 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
PRC - [2009/09/05 19:29:06 | 000,385,024 | ---- | M] (shbox.de) -- C:\Program Files\FreePDF_XP\fpassist.exe
PRC - [2009/07/22 18:54:16 | 000,081,920 | ---- | M] (Firebird Project) -- C:\Program Files\firebird\firebird_2_1\bin\fbguard.exe
PRC - [2009/07/22 18:53:46 | 002,736,128 | ---- | M] (Firebird Project) -- C:\Program Files\firebird\firebird_2_1\bin\fbserver.exe
PRC - [2009/03/28 06:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/05/20 05:25:56 | 000,144,688 | ---- | M] (LG Electronics Inc.) -- C:\Program Files\LG Software\LG Magnifier\MagnifyingGlass.exe
PRC - [2008/05/20 05:24:54 | 000,263,472 | ---- | M] (LG Electronics Inc.) -- C:\Program Files\LG Software\LG Magnifier\Maglev.exe
PRC - [2007/03/29 17:41:26 | 000,222,128 | ---- | M] (Macrovision Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe

========== Modules (No Company Name) ==========

MOD - [2013/05/18 10:06:50 | 000,225,280 | ---- | M] () -- C:\ProgramData\Microsoft\Media Tools\MediaIconsOverlays.dll
MOD - [2013/05/14 21:36:33 | 013,136,776 | ---- | M] () -- C:\Users\Ian James\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll
MOD - [2013/04/09 12:57:07 | 000,390,096 | ---- | M] () -- C:\Users\Ian James\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013/04/09 12:57:05 | 004,050,896 | ---- | M] () -- C:\Users\Ian James\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013/04/09 12:56:15 | 000,598,480 | ---- | M] () -- C:\Users\Ian James\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll
MOD - [2013/04/09 12:56:14 | 000,124,368 | ---- | M] () -- C:\Users\Ian James\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll
MOD - [2013/04/09 12:56:13 | 001,606,096 | ---- | M] () -- C:\Users\Ian James\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2013/02/21 13:16:44 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll
MOD - [2013/02/21 13:14:46 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\5baea82888a13fa558004b24e3b107cf\CustomMarshalers.ni.dll
MOD - [2013/02/21 13:14:16 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013/02/21 13:14:15 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ab54c04b3df40416205883b4049fe273\IAStorUtil.ni.dll
MOD - [2013/02/21 13:14:15 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\4d6518ef6ae8d6f005c49ab1c86de7fe\IAStorCommon.ni.dll
MOD - [2013/02/21 07:12:29 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/02/21 07:11:58 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/02/21 07:11:51 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/02/21 07:11:36 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/02/21 07:11:30 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/02/21 07:11:26 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/02/21 07:11:25 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/02/21 07:11:17 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013/02/19 20:45:27 | 000,557,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2012/05/30 18:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton 360\Engine\20.3.1.22\wincfi39.dll
MOD - [2010/11/05 05:57:46 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
MOD - [2010/11/05 05:57:39 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

========== Services (SafeList) ==========

SRV - [2013/05/14 23:37:10 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/11 14:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/07 13:50:20 | 004,593,728 | ---- | M] (Hola Networks Ltd.) [Auto | Stopped] -- C:\Program Files\Hola\app\hola_svc.exe -- (hola_svc)
SRV - [2013/04/30 01:28:38 | 001,124,632 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/04/15 15:27:46 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/15 12:52:10 | 004,466,120 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/26 16:23:13 | 003,560,800 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/02/18 08:06:40 | 004,279,408 | ---- | M] (Hola Networks Ltd.) [Auto | Running] -- C:\Program Files\Hola\app\hola_updater.exe -- (hola_updater)
SRV - [2013/01/18 17:10:18 | 000,577,536 | ---- | M] (Research In Motion Limited) [On_Demand | Running] -- C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe -- (Blackberry Device Manager)
SRV - [2012/12/24 07:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\20.3.1.22\ccSvcHst.exe -- (N360)
SRV - [2012/12/14 17:55:44 | 000,530,432 | ---- | M] (Braunstein + Berndt GmbH) [Auto | Running] -- C:\Program Files\SoundPLAN 7.2\SPUpdateService.exe -- (SPUpdService)
SRV - [2012/11/19 17:03:24 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/04/24 12:25:35 | 000,020,480 | ---- | M] (Mindteck India Limited) [Auto | Running] -- C:\Windows\System32\klpnm.exe -- (instdt)
SRV - [2011/10/15 12:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/15 02:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/04/11 17:02:28 | 008,142,848 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe -- (MySQL)
SRV - [2011/03/21 13:17:44 | 000,196,928 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe -- (NitroDriverReadSpool)
SRV - [2011/03/21 11:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/11/06 01:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/07/30 12:26:14 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/11/18 14:23:46 | 000,458,752 | ---- | M] (Argonne National Lab) [Auto | Running] -- C:\Program Files\MPICH2\bin\smpd.exe -- (mpich2_smpd)
SRV - [2009/10/15 13:13:50 | 000,136,192 | ---- | M] (HP) [Auto | Stopped] -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2009/09/17 03:03:00 | 000,369,952 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2009/07/22 18:54:16 | 000,081,920 | ---- | M] (Firebird Project) [Auto | Running] -- C:\Program Files\firebird\firebird_2_1\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2009/07/22 18:53:46 | 002,736,128 | ---- | M] (Firebird Project) [On_Demand | Running] -- C:\Program Files\firebird\firebird_2_1\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2009/07/14 05:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 05:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 05:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/03/28 06:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\IANJAM~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwrchid.sys -- (btwrchid)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2013/05/18 20:23:24 | 000,015,616 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2013/05/07 13:50:19 | 000,465,216 | ---- | M] (Hola Networks Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\hola_drv.sys -- (hola-drv)
DRV - [2013/05/07 13:50:19 | 000,071,360 | ---- | M] (Hola Networks Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\hola_mon_drv.sys -- (hola-mon-drv)
DRV - [2013/04/30 01:28:50 | 000,174,320 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2013/04/30 01:28:50 | 000,103,120 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2013/04/30 01:28:50 | 000,102,448 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2013/04/13 03:53:06 | 001,000,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130502.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/03/30 21:36:11 | 000,317,112 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_51755.sys -- (RapportCerberus_51755)
DRV - [2013/03/24 20:18:23 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130519.005\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/03/24 20:18:23 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130519.005\NAVENG.SYS -- (NAVENG)
DRV - [2013/03/15 12:52:10 | 000,608,136 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)
DRV - [2013/03/15 12:52:10 | 000,376,200 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2013/03/15 12:52:10 | 000,295,944 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb)
DRV - [2013/03/15 12:52:10 | 000,244,040 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp)
DRV - [2013/03/15 12:52:10 | 000,053,192 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshhl.sys -- (akshhl)
DRV - [2013/02/19 22:24:22 | 000,072,688 | ---- | M] (Hola Networks Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\hola_net.sys -- (hola_net)
DRV - [2013/02/18 09:22:18 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2013/01/31 07:18:18 | 000,338,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1403010.016\symnets.sys -- (SymNetS)
DRV - [2013/01/31 07:18:06 | 000,934,488 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\1403010.016\symefa.sys -- (SymEFA)
DRV - [2013/01/29 05:45:18 | 000,602,712 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\1403010.016\srtsp.sys -- (SRTSP)
DRV - [2013/01/29 05:45:18 | 000,032,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1403010.016\srtspx.sys -- (SRTSPX)
DRV - [2013/01/22 06:15:32 | 000,367,704 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\1403010.016\symds.sys -- (SymDS)
DRV - [2012/11/16 06:22:01 | 000,175,264 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1403010.016\ironx86.sys -- (SymIRON)
DRV - [2012/11/16 06:18:04 | 000,134,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1403010.016\ccsetx86.sys -- (ccSet_N360)
DRV - [2012/11/05 14:49:13 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/11/04 03:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/11/04 03:00:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/11/03 08:37:24 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130517.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/08/27 10:17:14 | 000,165,376 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2012/08/27 10:17:13 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2012/08/23 18:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 18:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/04/13 12:05:20 | 000,062,216 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2012/04/13 12:05:06 | 000,073,096 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2011/10/15 12:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/09/06 16:24:40 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI Afterburner\RTCore32.sys -- (RTCore32)
DRV - [2010/11/20 16:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 16:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 16:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 13:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 13:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 13:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/20 12:39:44 | 000,187,904 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\netbt.sys -- (NetBT)
DRV - [2010/04/01 12:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2010/02/03 17:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/11/28 03:48:12 | 000,058,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009/08/13 23:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/31 05:45:22 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/14 04:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/14 04:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009/07/14 03:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/06/05 03:03:28 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd)
DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2008/05/13 17:18:42 | 000,100,096 | ---- | M] (BandRich Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\br3gmdm.sys -- (br3gmdm)
DRV - [2007/10/15 18:27:10 | 000,101,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/05/04 12:45:36 | 001,347,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\camdrv41.sys -- (camdrv41)
DRV - [2002/07/17 18:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/se...pvid=20.3.1.22
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/se...pvid=20.3.1.22
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/se...pvid=20.3.1.22
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1966870287-2785114930-2950882033-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/se...pvid=20.3.1.22
IE - HKU\S-1-5-21-1966870287-2785114930-2950882033-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1966870287-2785114930-2950882033-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=IP2TDF&PC=IP2TDF&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-1966870287-2785114930-2950882033-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1966870287-2785114930-2950882033-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1966870287-2785114930-2950882033-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/se...pvid=20.3.1.22
IE - HKU\S-1-5-21-1966870287-2785114930-2950882033-1004\..\SearchScopes,DefaultScope =

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: {c151d79e-e61b-4a90-a887-5a46d38fba99}:2.8
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Ian James\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@microsoft.com/Office on Demand;version=1: C:\Users\Ian James\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\Microsoft Office 15\npofficeondemand.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ian James\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ian James\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2012/10/29 12:24:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\IPSFFPlgn\ [2012/11/05 14:50:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\coFFPlgn\ [2013/05/20 08:26:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/03 10:21:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/18 10:37:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/05/14 23:37:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/07/29 14:38:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ian James\AppData\Roaming\Mozilla\Extensions
[2010/07/29 14:38:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ian James\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/05/15 14:34:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ian James\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions
[2012/12/06 11:18:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ian James\AppData\Roaming\Mozilla\Firefox\Profiles\axt9qb5g.default\extensions
[2012/05/15 14:34:18 | 000,086,818 | ---- | M] () (No name found) -- C:\Users\Ian James\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\[email protected]
[2012/08/03 13:10:24 | 000,111,899 | ---- | M] () (No name found) -- C:\Users\Ian James\AppData\Roaming\Mozilla\Firefox\Profiles\axt9qb5g.default\extensions\{c151d79e-e61b-4a90-a887-5a46d38fba99}.xpi
[2013/04/07 08:35:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/05/06 11:08:50 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/05/06 11:08:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/06 11:08:50 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/14 04:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/07/14 04:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/14 04:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ian James\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ian James\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ian James\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files\Battlelog Web Plugins\2.1.2\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Entanglement = C:\Users\Ian James\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Skype Click to Call = C:\Users\Ian James\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.8.0.12323_0\
CHR - Extension: Poppit = C:\Users\Ian James\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Norton Identity Protection = C:\Users\Ian James\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.3.3.19_0\

O1 HOSTS File: ([2013/05/19 09:50:20 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.3.1.22\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HPUsageTrackingLEDM] C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KeybdUtility] C:\Program Files\LG Software\LG OSD\HotKey.exe (LG Electronics Inc.)
O4 - HKLM..\Run: [LG Intelligent Update] C:\Program Files\lg_swupdate\giljabistart.exe (BIT LEADER)
O4 - HKLM..\Run: [LG Magnifier] C:\Program Files\LG Software\LG Magnifier\MagnifyingGlass.exe (LG Electronics Inc.)
O4 - HKLM..\Run: [LGSR_Menu] C:\Program Files\LG Software\LG Smart Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [zOSD] C:\Program Files\LG Software\LG OSD\HotKey.exe (LG Electronics Inc.)
O4 - HKU\S-1-5-21-1966870287-2785114930-2950882033-1000..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-1966870287-2785114930-2950882033-1000..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-1966870287-2785114930-2950882033-1000..\Run: [SkyDrive] C:\Users\Ian James\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1966870287-2785114930-2950882033-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Ian James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1966870287-2785114930-2950882033-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1966870287-2785114930-2950882033-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-1966870287-2785114930-2950882033-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1966870287-2785114930-2950882033-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1966870287-2785114930-2950882033-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm File not found
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2297E5B5-E00F-404E-9B79-6AC09BBBC7AB}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6215427E-E3AB-4AA3-A1C3-79FC4AE4FAF8}: NameServer = 127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B76ED32-C9D9-4A44-9CC1-7FB7BD16BBC7}: DhcpNameServer = 197.84.84.84 196.28.75.200
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/02/12 23:53:42 | 000,000,277 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
May 20th, 2013, 12:57 AM
shaunwkc

========== Files/Folders - Created Within 30 Days ==========

[2013/05/20 08:40:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ian James\Desktop\OTL.exe
[2013/05/20 08:35:36 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/05/20 08:35:11 | 000,000,000 | ---D | C] -- C:\JRT
[2013/05/20 08:34:53 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Ian James\Desktop\JRT.exe
[2013/05/19 09:50:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/05/19 09:36:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/05/19 09:36:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/05/19 09:36:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/05/19 09:35:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/05/19 09:34:41 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/05/19 09:28:13 | 005,067,228 | R--- | C] (Swearware) -- C:\Users\Ian James\Desktop\ComboFix.exe
[2013/05/19 09:07:44 | 000,000,000 | ---D | C] -- C:\Users\Ian James\Desktop\J3048
[2013/05/19 08:05:55 | 000,000,000 | ---D | C] -- C:\Users\Ian James\Desktop\AV Reports
[2013/05/18 20:37:19 | 000,000,000 | ---D | C] -- C:\Users\Ian James\Desktop\Mbar
[2013/05/18 20:24:44 | 000,000,000 | ---D | C] -- C:\Windows\snack
[2013/05/18 20:23:07 | 000,000,000 | ---D | C] -- C:\Users\Ian James\Desktop\RK_Quarantine
[2013/05/18 16:53:44 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Ian James\Desktop\dds.com
[2013/05/18 16:24:48 | 000,000,000 | ---D | C] -- C:\Users\Ian James\AppData\Roaming\Malwarebytes
[2013/05/18 16:24:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/05/18 16:24:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/05/18 16:24:32 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/05/18 16:24:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/05/18 10:10:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/05/18 10:06:44 | 000,000,000 | ---D | C] -- C:\Users\Ian James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\x264 Video Codec
[2013/05/18 10:06:31 | 000,000,000 | ---D | C] -- C:\Program Files\x264 Video Codec
[2013/05/15 16:05:08 | 000,000,000 | ---D | C] -- C:\Users\Ian James\AppData\Local\Temporary Projects
[2013/05/15 15:46:39 | 000,000,000 | ---D | C] -- C:\Users\Ian James\AppData\Roaming\com.johnwu.ora.7C6CA62034ECEF7F45C524416D6FEE987A4E8AAB.1
[2013/05/15 15:46:33 | 000,000,000 | ---D | C] -- C:\Program Files\Ora Time and Expense
[2013/05/15 15:30:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\RsFx
[2013/05/15 15:28:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2013/05/15 15:28:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\1033
[2013/05/15 15:27:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
[2013/05/15 15:25:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2013/05/15 15:24:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2013/05/15 15:23:55 | 000,000,000 | ---D | C] -- C:\Users\Ian James\Documents\Visual Studio 2010
[2013/05/15 15:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
[2013/05/15 15:21:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
[2013/05/15 15:21:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2013/05/15 15:21:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2013/05/14 23:37:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013/05/14 15:26:45 | 000,000,000 | ---D | C] -- C:\Users\Ian James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Time & Expense Sheet Manager V4.1
[2013/05/14 15:26:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Time & Expense Sheet Manager V4.1
[2013/05/14 15:26:44 | 000,000,000 | ---D | C] -- C:\Program Files\Time & Expense Sheet Manager V4.1
[2013/05/06 14:21:57 | 000,000,000 | ---D | C] -- C:\Program Files\dumps
[2013/05/06 14:20:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2013/05/06 14:20:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013/05/06 14:20:28 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2013/05/06 08:41:50 | 000,000,000 | ---D | C] -- C:\Users\Ian James\AppData\Roaming\inkscape
[2013/05/06 08:31:05 | 000,000,000 | ---D | C] -- C:\Program Files\Inkscape
[2013/05/05 10:25:43 | 000,000,000 | ---D | C] -- C:\Users\Ian James\AppData\Roaming\Softland
[2013/05/05 10:25:30 | 000,000,000 | ---D | C] -- C:\Users\Ian James\AppData\Local\PDF Annotator
[2013/05/01 09:55:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intergraph CAS
[2013/05/01 09:55:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Intergraph CAS
[2013/05/01 09:55:11 | 000,000,000 | ---D | C] -- C:\Program Files\Intergraph CAS
[2013/05/01 09:55:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2013/05/01 09:55:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Alias
[2013/04/30 11:44:11 | 000,000,000 | ---D | C] -- C:\Users\Ian James\Desktop\Scan
[2013/04/30 11:07:44 | 000,000,000 | ---D | C] -- C:\Users\Ian James\AppData\Roaming\Kyocera
[2013/04/30 01:28:50 | 000,102,448 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2013/04/28 08:28:49 | 000,000,000 | ---D | C] -- C:\Users\Ian James\Desktop\Personal Docs
[2013/04/25 12:05:45 | 000,000,000 | ---D | C] -- C:\J3035 SEP
[2013/04/25 10:05:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Any PDF to DWG Converter
[2013/04/25 10:05:50 | 000,000,000 | ---D | C] -- C:\Program Files\Any PDF to DWG Converter
[2013/04/25 09:11:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/04/24 16:17:40 | 000,000,000 | ---D | C] -- C:\Users\Ian James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
[2013/04/24 13:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2013/04/24 13:26:50 | 000,000,000 | ---D | C] -- C:\Users\Ian James\AppData\Local\Citrix
[2013/04/24 09:12:15 | 000,000,000 | ---D | C] -- C:\Users\Ian James\Desktop\N3 Upgrade
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/20 08:34:54 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/20 08:34:54 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/20 08:27:39 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/20 08:26:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/20 08:26:35 | 2407,944,192 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/20 08:22:04 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1966870287-2785114930-2950882033-1000UA.job
[2013/05/20 08:16:30 | 000,731,180 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/20 08:16:30 | 000,150,974 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/20 08:13:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ian James\Desktop\OTL.exe
[2013/05/20 08:13:36 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Ian James\Desktop\JRT.exe
[2013/05/20 08:07:19 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/19 14:22:01 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1966870287-2785114930-2950882033-1000Core.job
[2013/05/19 09:50:20 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/05/19 09:25:08 | 005,067,228 | R--- | M] (Swearware) -- C:\Users\Ian James\Desktop\ComboFix.exe
[2013/05/18 20:26:46 | 000,187,904 | ---- | M] () -- C:\Windows\System32\drivers\netbt.sys.dump
[2013/05/18 20:23:24 | 000,015,616 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2013/05/18 20:20:38 | 012,917,756 | ---- | M] () -- C:\Users\Ian James\Desktop\mbar-1.05.0.1001.zip
[2013/05/18 20:17:42 | 000,816,128 | ---- | M] () -- C:\Users\Ian James\Desktop\RogueKiller.exe
[2013/05/18 16:52:48 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Ian James\Desktop\dds.com
[2013/05/18 16:24:34 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/18 10:10:59 | 000,000,988 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/05/18 08:11:27 | 000,010,115 | ---- | M] () -- C:\Windows\lg_up.ini
[2013/05/15 19:15:26 | 000,454,641 | ---- | M] () -- C:\Users\Ian James\Desktop\Part1.pdf
[2013/05/15 15:46:36 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\Ora Time and Expense.lnk
[2013/05/15 06:52:06 | 000,002,020 | ---- | M] () -- C:\Users\Ian James\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2013/05/15 06:46:20 | 000,001,147 | ---- | M] () -- C:\Windows\lgcenter.ini
[2013/05/07 13:50:19 | 000,465,216 | ---- | M] (Hola Networks Ltd.) -- C:\Windows\System32\drivers\hola_drv.sys
[2013/05/07 13:50:19 | 000,071,360 | ---- | M] (Hola Networks Ltd.) -- C:\Windows\System32\drivers\hola_mon_drv.sys
[2013/05/06 14:20:41 | 000,000,835 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2013/05/06 11:07:23 | 000,413,440 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/05/06 08:49:30 | 000,000,218 | ---- | M] () -- C:\Users\Ian James\AppData\Local\recently-used.xbel
[2013/05/06 08:37:30 | 000,000,953 | ---- | M] () -- C:\Users\Ian James\Application Data\Microsoft\Internet Explorer\Quick Launch\Inkscape.lnk
[2013/05/06 08:37:30 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\Inkscape.lnk
[2013/05/01 09:55:28 | 000,002,091 | ---- | M] () -- C:\Users\Public\Desktop\CAESAR II 2011 Demo.lnk
[2013/04/30 11:12:37 | 000,000,027 | ---- | M] () -- C:\Windows\EZSET_SP.INI
[2013/04/30 01:28:50 | 000,102,448 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2013/04/25 10:05:53 | 000,000,950 | ---- | M] () -- C:\Users\Ian James\Desktop\Any PDF to DWG Converter.lnk
[2013/04/24 16:17:42 | 000,001,008 | ---- | M] () -- C:\Users\Ian James\Desktop\MSI Afterburner.lnk
[2013/04/24 13:44:11 | 000,002,394 | ---- | M] () -- C:\Users\Ian James\Desktop\Google Chrome.lnk
[2013/04/24 13:37:04 | 000,000,000 | ---- | M] () -- C:\Cookies
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/19 09:36:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/05/19 09:36:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/05/19 09:36:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/05/19 09:36:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/05/19 09:36:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/05/18 20:24:43 | 000,187,904 | ---- | C] () -- C:\Windows\System32\drivers\netbt.sys.dump
[2013/05/18 20:23:24 | 000,015,616 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2013/05/18 20:22:34 | 012,917,756 | ---- | C] () -- C:\Users\Ian James\Desktop\mbar-1.05.0.1001.zip
[2013/05/18 20:22:09 | 000,816,128 | ---- | C] () -- C:\Users\Ian James\Desktop\RogueKiller.exe
[2013/05/18 16:24:34 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/18 10:10:59 | 000,000,988 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/05/15 19:15:26 | 000,454,641 | ---- | C] () -- C:\Users\Ian James\Desktop\Part1.pdf
[2013/05/15 15:46:36 | 000,000,933 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ora Time and Expense.lnk
[2013/05/15 15:46:35 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\Ora Time and Expense.lnk
[2013/05/06 14:20:40 | 000,000,835 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2013/05/06 08:49:30 | 000,000,218 | ---- | C] () -- C:\Users\Ian James\AppData\Local\recently-used.xbel
[2013/05/06 08:38:17 | 000,000,953 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
[2013/05/06 08:37:30 | 000,000,953 | ---- | C] () -- C:\Users\Ian James\Application Data\Microsoft\Internet Explorer\Quick Launch\Inkscape.lnk
[2013/05/06 08:37:30 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\Inkscape.lnk
[2013/05/01 09:55:27 | 000,002,091 | ---- | C] () -- C:\Users\Public\Desktop\CAESAR II 2011 Demo.lnk
[2013/04/30 11:12:37 | 000,000,027 | ---- | C] () -- C:\Windows\EZSET_SP.INI
[2013/04/25 10:05:52 | 000,000,950 | ---- | C] () -- C:\Users\Ian James\Desktop\Any PDF to DWG Converter.lnk
[2013/04/24 16:17:42 | 000,001,008 | ---- | C] () -- C:\Users\Ian James\Desktop\MSI Afterburner.lnk
[2013/04/24 13:37:04 | 000,000,000 | ---- | C] () -- C:\Cookies
[2013/04/16 15:22:32 | 001,447,892 | ---- | C] () -- C:\Windows\System32\WindRose2.dll
[2013/04/16 15:22:32 | 000,872,507 | ---- | C] () -- C:\Windows\System32\mesa.dll
[2013/02/17 16:22:16 | 001,407,237 | ---- | C] () -- C:\Users\Ian James\SK-A1-001-2 Rev 03.dwg
[2013/02/04 14:19:39 | 000,007,606 | ---- | C] () -- C:\Users\Ian James\AppData\Local\resmon.resmoncfg
[2013/01/27 08:41:33 | 000,000,058 | ---- | C] () -- C:\Windows\System32\KmTwain.ini
[2012/10/29 12:22:29 | 001,167,360 | ---- | C] () -- C:\Windows\System32\HPM1210SM.exe
[2012/10/29 12:22:29 | 000,284,672 | ---- | C] () -- C:\Windows\System32\mvhlewsi.DLL
[2012/10/29 12:20:05 | 000,046,592 | ---- | C] () -- C:\Windows\System32\HPM1210SMs.dll
[2012/10/26 14:26:42 | 000,176,128 | ---- | C] () -- C:\Windows\System32\m1210nwia.dll
[2012/09/28 23:45:16 | 000,246,272 | ---- | C] () -- C:\Windows\System32\rtvcvfw64.dll
[2012/09/28 23:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\System32\rtvcvfw32.dll
[2012/08/26 19:14:14 | 000,165,376 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2012/08/26 19:13:46 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2012/07/09 17:18:29 | 000,125,056 | ---- | C] () -- C:\Windows\ecrypt.exe
[2012/06/05 17:05:32 | 000,192,474 | ---- | C] () -- C:\Windows\hpwins22.dat.temp
[2012/05/12 03:07:37 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2012/02/07 10:33:05 | 000,000,193 | ---- | C] () -- C:\Windows\wordpad.INI
[2011/10/23 14:30:38 | 000,000,160 | ---- | C] () -- C:\Windows\ALIGN-SETTING.INI
[2011/10/23 14:30:38 | 000,000,149 | ---- | C] () -- C:\Windows\ESTIMATE-SETTING.INI
[2011/10/23 14:30:38 | 000,000,106 | ---- | C] () -- C:\Windows\LIMIT-SETTING.INI
[2011/10/23 14:23:46 | 000,000,163 | ---- | C] () -- C:\Windows\MRU.ini
[2011/10/23 08:33:46 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin
[2011/10/15 02:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011/09/28 13:20:21 | 000,002,850 | ---- | C] () -- C:\Windows\hpwmdl22.dat.temp
[2011/09/12 18:21:49 | 000,075,776 | ---- | C] () -- C:\Windows\cadkasdeinst01e.exe
[2011/06/26 20:51:21 | 001,347,584 | ---- | C] () -- C:\Windows\System32\drivers\camdrv41.sys
[2011/06/24 11:59:55 | 000,187,904 | ---- | C] () -- C:\Windows\System32\drivers\netbt.sys
[2011/06/24 11:58:59 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010/07/29 14:34:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/14 08:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 08:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 16:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 05:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/10/10 05:50:00 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer
[2010/10/10 05:50:00 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer
[2012/01/25 21:33:43 | 000,000,000 | ---D | M] -- C:\Users\Ian James\AppData\Roaming\Azureus
[2011/04/27 14:40:46 | 000,000,000 | ---D | M] -- C:\Users\Ian James\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2013/05/19 14:45:44 | 000,000,000 | ---D | M] -- C:\Users\Ian James\AppData\Roaming\BitTorrent
[2011/09/12 18:21:57 | 000,000,000 | ---D | M] -- C:\Users\Ian James\AppData\Roaming\CAD-KAS
[2012/01/31 14:03:56 | 000,000,000 | ---D | M] -- C:\Users\Ian James\AppData\Roaming\Canon
[2013/05/15 15:46:39 | 000,000,000 | ---D | M] -- C:\Users\Ian James\AppData\Roaming\com.johnwu.ora.7C6CA62034ECEF7F45C524416D6FEE987A4E8AAB.1
[2011/08/17 21:19:04 | 000,000,000 | ---D | M] -- C:\Users\Ian James\AppData\Roaming\Downloaded Installations
[2013/05/18 16:53:12 | 000,000,000 | ---D | M] -- C:\Users\Ian James\AppData\Roaming\Dropbox
[2011/05/13 16:37:44 | 000,000,000 | ---D | M] -- C:\Users\Ian James\AppData\Roaming\EDrawings
[2011/07/28 13:10:14 | 000,000,000 | ---D | M] -- C:\Users\Ian James\AppData\Roaming\Greenshot
[2011/10/31 16:38:28 | 000,000,000 | ---D | M] -- C:\Users\Ian James\AppData\Roaming\HandBrake
[2013/05/06 08:41:51 | 000,000,000 | ---D | M] -- C:\Users\Ian James\AppData\Roaming\inkscape
[2013/04/30 11:07:44 | 000,000,000 | ---D | M] -- C:\Users\Ian James\AppData\Roaming\Kyocera
[2012/10/29 12:12:24 | 000,000,000 | ---D | M] -- C:\Users\Ian James\AppData\Roaming\Marvell
[2011/12/06 18:40:03 | 000,000,000 | ---D | M] -- C:\Users\Ian James\AppData\Roaming\MessageViewerPro
[2011/12/06 18:41:19 | 000,000,000 | ---D | M] -- C:\Users\Ian James\AppData\Roaming\MSGView
[2013/01/25 20:20:50 | 000,000,000 | ---D | M] -- C:\Users\Ian James\AppData\Roaming\Mumble
[2013/05/05 08:14:07 | 000,000,000 | ---D | M] -- C:\Users\Ian James\AppData\Roaming\Nitro PDF
[2011/10/23 13:53:14 | 000,000,000 | ---D | M] -- C:\Users\Ian James\AppData\Roaming\PC Unleashed Online
[2010/10/12 18:14:58 | 000,000,000 | ---D | M] -- C:\Users\Ian James\AppData\Roaming\PeaZip
[2010/10/31 21:39:52 | 000,000,000 | ---D | M] -- C:\Users\Ian James\AppData\Roaming\PlayFirst
[2011/11/14 17:06:46 | 000,000,000 | ---D | M] -- C:\Users\Ian James\AppData\Roaming\Raptr
[2013/04/02 22:33:19 | 000,000,000 | ---D | M] -- C:\Users\Ian James\AppData\Roaming\Research In Motion
[2011/12/06 17:50:48 | 000,000,000 | ---D | M] -- C:\Users\Ian James\AppData\Roaming\Scalabium
[2013/05/05 10:25:43 | 000,000,000 | ---D | M] -- C:\Users\Ian James\AppData\Roaming\Softland
[2011/05/01 10:27:39 | 000,000,000 | ---D | M] -- C:\Users\Ian James\AppData\Roaming\Stellarium
[2010/12/06 15:48:58 | 000,000,000 | ---D | M] -- C:\Users\Ian James\AppData\Roaming\TeamViewer
[2011/04/01 12:24:57 | 000,000,000 | ---D | M] -- C:\Users\Ian James\AppData\Roaming\Thunderbird
[2010/08/09 00:59:14 | 000,000,000 | ---D | M] -- C:\Users\Ian James\AppData\Roaming\Trusteer
[2013/05/17 21:59:36 | 000,000,000 | ---D | M] -- C:\Users\Ian James\AppData\Roaming\TS3Client
[2010/07/29 15:37:47 | 000,000,000 | ---D | M] -- C:\Users\Ian James\AppData\Roaming\Uniblue
[2012/12/12 17:20:33 | 000,000,000 | ---D | M] -- C:\Users\Ian James\AppData\Roaming\uTorrent
[2010/10/10 05:50:00 | 000,000,000 | ---D | M] -- C:\Users\TEMP\AppData\Roaming\Trusteer
[2010/10/10 05:50:00 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\AppData\Roaming\Trusteer
[2010/10/10 05:50:00 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser.IanJames-PC\AppData\Roaming\Trusteer

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:15024E60
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:A42A9F39
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:ABE89FFE

< End of report >
May 20th, 2013, 12:58 AM
shaunwkc

OTL Extras logfile created on: 5/20/2013 8:44:44 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ian James\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000409 | Country: South Africa | Language: ENS | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 51.71% Memory free
5.98 Gb Paging File | 3.72 Gb Available in Paging File | 62.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.00 Gb Total Space | 12.57 Gb Free Space | 8.49% Space Free | Partition Type: NTFS
Drive D: | 138.59 Gb Total Space | 109.71 Gb Free Space | 79.16% Space Free | Partition Type: NTFS
Drive F: | 5.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 1.90 Gb Total Space | 1.86 Gb Free Space | 97.77% Space Free | Partition Type: FAT

Computer Name: SHAUNPEARCE-PC | User Name: Ian James | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.scr [@ = ext1.File] -- C:\Program Files\Lakes\Screen View\Screen_View.exe ()

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05DC79C6-4213-45D3-BE8A-50B8B7C1F0E1}" = bpd_scan_Carrier
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}" = hppM1130M1210SeriesLaserJetService
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{13d868cf-47e9-4b3d-9366-a0c60f82e5aa}" = Striata Reader
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AF2684B-FD5C-4711-85DF-30F7119E728A}" = Kyocera TWAIN Driver
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D73DC7A-2D1D-45CF-8A67-24873925C716}" = bpd_scan
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4106D232-7B04-4431-9E0B-79B83AFDD25E}" = MySQL Server 5.5
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = LG Smart Recovery
"{45AD67F1-1585-4FE0-B0FD-7932EC452880}" = SolidWorks eDrawings 2012
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}" = NVIDIA PhysX
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{59F24743-2EA1-3A45-B8C2-6E0E1E078FA8}" = Microsoft Visual C# 2010 Express - ENU
"{5CDF6674-78CA-4B1F-A3CA-BA7EAC6E4E0B}" = Nitro PDF Professional
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6414E7C5-C329-4C99-A223-FCCDB499E3E9}" = D-Link AirPlus Xtreme G AP Manager for DWL-2100AP
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77531C63-4A48-4EB7-BCD2-5F3E1EFCC405}" = MPICH2
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7AB01C54-577D-4B5C-BA31-219D5B128E35}" = CAESAR II 2011-Demo
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{81717D01-32F6-449C-85E1-41AFD678E545}" = LG Intelligent Update
"{846447E6-F3CB-4DD9-B4AD-5CCBBB610982}" = LG Smart Care
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9672CAD2-F310-42D6-9147-E4A4B6ED8395}" = LG Magnifier
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FA4EE1D-5C37-4843-A36F-AB80A6943A21}" = Lakes Environmental AERMOD View V.7.6.1
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{AC76BA86-7AD7-2530-0000-A00000000004}" = Extended Asian Language font pack for Adobe Reader XI
"{ADB356E6-E15E-462A-B7BB-0DD9C0312D14}" = BREEZE AERMOD-ISC
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B5761811-28F3-4257-B537-815C5EEF472C}" = Vodafone Mobile Connect Lite
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{BE5B0450-DCCB-4FE9-93E2-3B38D88A745B}" = BlackBerry Desktop Software 7.1
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}" = hppLaserJetService
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D70FC282-9944-496D-AB45-7DF2104DB7D6}" = BREEZE 3D Analyst
"{DA6CC3A5-1F5B-4068-8BFF-C597BB6B8158}" = hppusgM1130M1210Series
"{DABD50F7-0001-0002-0003-ABCDEFABCDEF}" = LG Smart Indicator
"{DBE03A94-9ACB-C072-4A0B-0BA074E32181}" = Ora Time and Expense
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE0F5F48-B60F-4E7D-9B81-17CA3872A260}" = Tanks409d
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1585551-3CCD-48AA-BB4C-3E567107EDCF}" = LG OSD
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FA41AA0C-CB72-4CCB-9064-1DCF8B64233E}" = Lakes Environmental Screen View V.3.0.0
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Afterburner" = MSI Afterburner 2.3.1
"ALUpdate_is1" = ALTools Update
"ALZip_is1" = ALZip 8.51
"Any DWG DXF Converter_is1" = Any DWG DXF Converter 2013
"Any PDF to DWG Converter_is1" = Any PDF to DWG Converter 2013
"Battlelog Web Plugins" = Battlelog Web Plugins
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"BitTorrent" = BitTorrent
"BlackBerry_Desktop" = BlackBerry Desktop Software 7.1
"com.johnwu.ora.7C6CA62034ECEF7F45C524416D6FEE987A4E8AAB.1" = Ora Time and Expense
"ESN Sonar-0.70.4" = ESN Sonar
"EzManual" = EzManual
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"Greenshot_is1" = Greenshot
"Hola" = Hola™ 1.1.26 - Better Internet
"Inkscape" = Inkscape 0.48.4
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1AF2684B-FD5C-4711-85DF-30F7119E728A}" = Kyocera TWAIN Driver
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = LG Smart Recovery
"Kyocera Product Library" = Kyocera Product Library
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual C# 2010 Express - ENU" = Microsoft Visual C# 2010 Express - ENU
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"Mozilla Thunderbird 17.0.6 (x86 en-GB)" = Mozilla Thunderbird 17.0.6 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"Nitro PDF Professional" = Nitro PDF Professional 6.2
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Rapport_msi" = Rapport
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SoundPLAN 7.2" = SoundPLAN 7.2 (remove only)
"Steam App 205100" = Dishonored
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 8" = TeamViewer 8
"Time & Expense Sheet Manager V4.1" = Time & Expense Sheet Manager V4.1
"VLC media player" = VLC media player 2.0.6
"WindRose_is1" = WindRose ver.4.15-6.08
"WinDust Pro" = WinDust Pro
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1966870287-2785114930-2950882033-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Microsoft Office on Demand Browser Add-ons" = Microsoft Office on Demand Browser Add-ons
"SkyDriveSetup.exe" = Microsoft SkyDrive

< End of report >
May 20th, 2013, 01:01 AM
Broni
http://dev.discussions.virtualdr.forums.relay.cool/ Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:

:OTL DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\IANJAM~1\AppData\Local\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwrchid.sys -- (btwrchid) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwl2cap.sys -- (btwl2cap) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btwaudio.sys -- (btwaudio) FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found O4 - Startup: C:\Users\Ian James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = File not found O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm File not found O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:4CF61E54 @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:15024E60 @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:A42A9F39 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:ABE89FFE :Commands [purity] [emptytemp] [emptyjava] [emptyflash] [Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- You will get a log that shows the results of the fix. Please post it.
NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

Last scans....

http://dev.discussions.virtualdr.forums.relay.cool/ Download Security Check from here or here and save it to your Desktop.
- Double-click SecurityCheck.exe
- Follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

http://dev.discussions.virtualdr.forums.relay.cool/ Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
- Make sure the following options are checked:
  - Internet Services
  - Windows Firewall
  - System Restore
  - Security Center
  - Windows Update
  - Windows Defender
  - Other Services
- Press "Scan".
- It will create a log (FSS.txt) in the same directory the tool is run.
- Please copy and paste the log to your reply.
http://dev.discussions.virtualdr.forums.relay.cool/ Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
- Double click on TFC.exe to run the program.
- Click on Start button to begin cleaning process.
- TFC will close all running programs, and it may ask you to restart computer.
http://dev.discussions.virtualdr.forums.relay.cool/ Please run a free online scan with the ESET Online Scanner
- Disable your antivirus program
- Tick the box next to YES, I accept the Terms of Use
- Click Start
- Accept any security warnings from your browser.
- Check Scan archives
- Click Start
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- When the scan completes, click on List of found threats
- Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
- NOTE. If Eset won't find any threats, it won't produce any log.
May 20th, 2013, 01:21 AM
shaunwkc

OTL Fix Report

All processes killed
========== OTL ==========
Service USBCCID stopped successfully!
Service USBCCID deleted successfully!
File system32\DRIVERS\RtsUCcid.sys not found.
Service RtsUIR stopped successfully!
Service RtsUIR deleted successfully!
File system32\DRIVERS\Rts516xIR.sys not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\Users\IANJAM~1\AppData\Local\Temp\catchme.sys not found.
Service btwrchid stopped successfully!
Service btwrchid deleted successfully!
File system32\DRIVERS\btwrchid.sys not found.
Service btwl2cap stopped successfully!
Service btwl2cap deleted successfully!
File system32\DRIVERS\btwl2cap.sys not found.
Service btwaudio stopped successfully!
Service btwaudio deleted successfully!
File system32\drivers\btwaudio.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
C:\Users\Ian James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Send image to &Bluetooth Device...\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Send page to &Bluetooth Device...\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
ADS C:\ProgramData\Temp:4CF61E54 deleted successfully.
ADS C:\ProgramData\Temp:15024E60 deleted successfully.
ADS C:\ProgramData\Temp:A42A9F39 deleted successfully.
ADS C:\ProgramData\Temp:ABE89FFE deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 57472 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Ian James
->Temp folder emptied: 1172896 bytes
->Temporary Internet Files folder emptied: 1278118 bytes
->Java cache emptied: 973092 bytes
->FireFox cache emptied: 200994163 bytes
->Google Chrome cache emptied: 307287331 bytes
->Flash cache emptied: 58487 bytes

User: Public
->Temp folder emptied: 0 bytes

User: TEMP
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes

User: UpdatusUser.IanJames-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56466 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8405417 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 28464091 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 741 bytes
RecycleBin emptied: 394625 bytes

Total Files Cleaned = 524.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Ian James
->Java cache emptied: 0 bytes

User: Public

User: TEMP

User: UpdatusUser

User: UpdatusUser.IanJames-PC

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Ian James
->Flash cache emptied: 0 bytes

User: Public

User: TEMP

User: UpdatusUser

User: UpdatusUser.IanJames-PC
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 05202013_091532

Files\Folders moved on Reboot...
C:\Users\Ian James\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\gnserv.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\hlktmp scheduled to be moved on reboot.
File move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
May 20th, 2013, 01:26 AM
shaunwkc

Results of screen317's Security Check version 0.99.63
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Norton 360
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 21
Adobe Reader XI
Mozilla Firefox 14.0.1 Firefox out of Date!
Mozilla Thunderbird (17.0.6)
Google Chrome 26.0.1410.43
Google Chrome 26.0.1410.64
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
May 20th, 2013, 01:28 AM
shaunwkc

Farbar Service Scanner Version: 14-04-2013
Ran by Ian James (administrator) on 20-05-2013 at 09:27:33
Running from "C:\Users\Ian James\Desktop"
Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.

Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist.
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll
[2009-07-14 03:37] - [2009-07-14 05:15] - 0680960 ____A () D41D8CD98F00B204E9800998ECF8427E

ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll IS INFECTED AND SHOULD BE REPLACED.

C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****
May 20th, 2013, 04:17 AM
shaunwkc

ESET Result:

C:\Program Files\Hola\app\hola.exe probably unknown NewHeur_PE virus
May 20th, 2013, 07:40 PM
Broni
OK, we have couple of issues here.
Some registry keys are missing causing some Windows services to be off.
That's minor and we can fix it in a moment.

On a top of it we're dealing here with a new version of ZeroAccess rootkit which causes this issue:

Quote:

[2009-07-14 03:37] - [2009-07-14 05:15] - 0680960 ____A () D41D8CD98F00B204E9800998ECF8427E

ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll IS INFECTED AND SHOULD BE REPLACED.

We need to fix it first.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
- Double-click to run it. When the tool opens click Yes to disclaimer.[/*]
- Press Scan button.[/*]
- It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.[/*]
- The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.[/*]
May 21st, 2013, 12:17 AM
shaunwkc

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-05-2013 01
Ran by Ian James (administrator) on 21-05-2013 08:14:05
Running from C:\Users\Ian James\Desktop
Windows 7 Professional Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Firebird Project) C:\Program Files\firebird\firebird_2_1\bin\fbguard.exe
(SafeNet Inc.) C:\Windows\system32\hasplms.exe
(Hola Networks Ltd.) C:\Program Files\Hola\app\hola_updater.exe
(Mindteck India Limited) C:\Windows\system32\klpnm.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Argonne National Lab) C:\Program Files\MPICH2\bin\smpd.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
() C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\20.3.1.22\ccSvcHst.exe
(Nitro PDF Software) C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
(Nalpeiron Ltd.) C:\Windows\system32\NLSSRV32.EXE
(SafeNet, Inc.) C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Braunstein + Berndt GmbH) C:\Program Files\SoundPLAN 7.2\SPUpdateService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Firebird Project) C:\Program Files\firebird\firebird_2_1\bin\fbserver.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(LG Electronics Inc.) C:\Program Files\LG Software\LG OSD\HotKey.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(LG Electronics Inc.) C:\Program Files\LG Software\LG Magnifier\MagnifyingGlass.exe
(BIT LEADER) C:\Program Files\lg_swupdate\GiljabiStart.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Macrovision Corporation) C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
(Microsoft Corporation) C:\Users\Ian James\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\20.3.1.22\ccSvcHst.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(LG Electronics Inc.) C:\Program Files\LG Software\LG Magnifier\Maglev.exe
(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Farbar) C:\Users\Ian James\Desktop\FRST.exe
(Google Inc.) C:\Users\Ian James\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ian James\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ian James\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-15] (Synaptics Incorporated)
HKLM\...\Run: [zOSD] C:\Program Files\LG Software\LG OSD\HotKey.exe [3655168 2009-12-04] (LG Electronics Inc.)
HKLM\...\Run: [KeybdUtility] C:\Program Files\LG Software\LG OSD\HotKey.exe [3655168 2009-12-04] (LG Electronics Inc.)
HKLM\...\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM\...\Run: [LG Magnifier] %ProgramFiles%\LG Software\LG Magnifier\MagnifyingGlass.exe [144688 2008-05-20] (LG Electronics Inc.)
HKLM\...\Run: [LGSR_Menu] "C:\Program Files\LG Software\LG Smart Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\LG Software\LG Smart Recovery" UpdateWithCreateOnce Software\CyberLink\PowerRecover [222504 2009-05-20] (CyberLink Corp.)
HKLM\...\Run: [LG Intelligent Update] "C:\Program Files\lg_swupdate\giljabistart.exe" Gilautouc [312688 2010-07-29] (BIT LEADER)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [8092192 2009-11-17] (Realtek Semiconductor)
HKLM\...\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" [218408 2009-02-17] (CyberLink Corp.)
HKLM\...\Run: [HPUsageTrackingLEDM] "C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files\HP\HP UT LEDM\" [30264 2009-10-15] (Hewlett-Packard Company)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Winlogon: [System]
HKCU\...\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" [719672 2012-01-20] (Microsoft Corporation)
HKCU\...\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler [222128 2007-03-29] (Macrovision Corporation)
HKCU\...\Run: [SkyDrive] "C:\Users\Ian James\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background [256600 2013-04-03] (Microsoft Corporation)
HKCU\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/se...pvid=20.3.1.22
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/se...pvid=20.3.1.22
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.3.1.22\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.3.1.22\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.3.1.22\coIEPlg.dll (Symantec Corporation)
Handler: osf-roaming - {C57E9882-B128-4E07-BA2D-FF83B8989C76} - C:\Users\Ian James\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6215427E-E3AB-4AA3-A1C3-79FC4AE4FAF8}: [NameServer]127.0.0.1

FireFox:
========
FF ProfilePath: C:\Users\Ian James\AppData\Roaming\Mozilla\Firefox\Profiles\axt9qb5g.default
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @esn.me/esnsonar,version=0.70.4 - C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin: @esn/esnlaunch,version=1.122.0 - C:\Program Files\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin: @esn/esnlaunch,version=2.1.2 - C:\Program Files\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Ian James\AppData\Roaming\Mozilla\Firefox\Profiles\axt9qb5g.default\Extensions\{c151d79e-e61b-4a90-a887-5a46d38fba99}.xpi

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.co.uk/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Ian James\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Ian James\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Ian James\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
CHR Plugin: (ESN Sonar API) - C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Entanglement) - C:\Users\Ian James\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0
CHR Extension: (Skype Click to Call) - C:\Users\Ian James\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.8.0.12323_0
CHR Extension: (Poppit) - C:\Users\Ian James\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0
CHR Extension: (Norton Identity Protection) - C:\Users\Ian James\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.3.3.19_0

========================== Services (Whitelisted) =================

R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-28] (LSI Corporation)
R3 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited)
R2 FirebirdGuardianDefaultInstance; C:\Program Files\firebird\firebird_2_1\bin\fbguard.exe [81920 2009-07-22] (Firebird Project)
R3 FirebirdServerDefaultInstance; C:\Program Files\firebird\firebird_2_1\bin\fbserver.exe [2736128 2009-07-22] (Firebird Project)
R2 hasplms; C:\Windows\system32\hasplms.exe [4466120 2013-03-15] (SafeNet Inc.)
S2 hola_svc; C:\Program Files\Hola\app\hola_svc.exe [4593728 2013-05-07] (Hola Networks Ltd.)
R2 hola_updater; C:\Program Files\Hola\app\hola_updater.exe [4279408 2013-02-18] (Hola Networks Ltd.)
S2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [136192 2009-10-15] (HP)
R2 instdt; C:\Windows\system32\klpnm.exe [20480 2012-04-24] (Mindteck India Limited)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 mpich2_smpd; C:\Program Files\MPICH2\bin\smpd.exe [458752 2009-11-18] (Argonne National Lab)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [43010392 2009-03-30] (Microsoft Corporation)
S4 MSSQLServerADHelper100; C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [47128 2009-07-23] (Microsoft Corporation)
R2 MySQL; C:\Program Files\MySQL\MySQL Server 5.5\my.ini [9098 2012-08-24] ()
R2 N360; C:\Program Files\Norton 360\Engine\20.3.1.22\diMaster.dll [554288 2013-03-29] (Symantec Corporation)
R2 NitroDriverReadSpool; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe [196928 2011-03-21] (Nitro PDF Software)
R2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2253120 2011-10-15] (NVIDIA Corporation)
R2 SentinelKeysServer; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [369952 2009-09-17] (SafeNet, Inc.)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289208 2013-04-15] (Skype Technologies S.A.)
R2 SPUpdService; C:\Program Files\SoundPLAN 7.2\SPUpdateService.exe [530432 2012-12-14] (Braunstein + Berndt GmbH)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [366936 2009-03-30] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 aksfridge; C:\Windows\System32\DRIVERS\aksfridge.sys [376200 2013-03-15] (SafeNet Inc.)
S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [244040 2013-03-15] (SafeNet Inc.)
S3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [53192 2013-03-15] (SafeNet Inc.)
S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [295944 2013-03-15] (SafeNet Inc.)
S3 ASPI; C:\Windows\System32\DRIVERS\ASPI32.sys [84832 2002-07-17] (Adaptec)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [165376 2012-08-27] ()
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130515.001\BHDrvx86.sys [1000024 2013-04-13] (Symantec Corporation)
R3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [279592 2010-01-20] (Broadcom Corporation.)
S3 camdrv41; C:\Windows\System32\DRIVERS\camdrv41.sys [1347584 2007-05-04] ()
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1403010.016\ccSetx86.sys [134304 2012-11-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-11-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-11-04] (Symantec Corporation)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [62216 2012-04-13] (FTDI Ltd.)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2010-02-03] (LogMeIn, Inc.)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [608136 2013-03-15] (SafeNet Inc.)
R1 hola-drv; C:\Windows\System32\DRIVERS\hola_drv.sys [465216 2013-05-07] (Hola Networks Ltd.)
R1 hola-mon-drv; C:\Windows\System32\DRIVERS\hola_mon_drv.sys [71360 2013-05-07] (Hola Networks Ltd.)
R1 hola_net; C:\Windows\System32\DRIVERS\hola_net.sys [72688 2013-02-19] (Hola Networks Ltd.)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130518.001\IDSvix86.sys [386720 2012-11-03] (Symantec Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [18048 2012-08-27] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130520.017\NAVENG.SYS [93296 2013-05-20] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130520.017\NAVEX15.SYS [1603824 2013-05-20] (Symantec Corporation)
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [187904 2010-11-20] ()
R1 RapportCerberus_51755; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_51755.sys [317112 2013-03-30] ()
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [103120 2013-04-30] (Trusteer Ltd.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [174320 2013-04-30] (Trusteer Ltd.)
S4 RsFx0103; C:\Windows\System32\DRIVERS\RsFx0103.sys [239336 2009-03-30] (Microsoft Corporation)
S3 RTCore32; C:\Program Files\MSI Afterburner\RTCore32.sys [5632 2011-09-06] ()
R3 SRTSP; C:\Windows\System32\Drivers\N360\1403010.016\SRTSP.SYS [602712 2013-01-29] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1403010.016\SRTSPX.SYS [32344 2013-01-29] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1403010.016\SYMDS.SYS [367704 2013-01-22] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1403010.016\SYMEFA.SYS [934488 2013-01-31] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2012-11-05] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1403010.016\Ironx86.SYS [175264 2012-11-16] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360\1403010.016\SYMNETS.SYS [338592 2013-01-31] (Symantec Corporation)
U3 TrueSight; C:\Windows\system32\drivers\TrueSight.sys [15616 2013-05-18] ()
S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-06-05] (CyberLink)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-05-21 08:13 - 2013-05-21 08:13 - 00000000 ____D C:\FRST
2013-05-21 08:12 - 2013-05-21 08:11 - 01318315 ____A (Farbar) C:\Users\Ian James\Desktop\FRST.exe
2013-05-20 09:33 - 2013-05-20 09:33 - 00000000 ____D C:\Program Files\ESET
2013-05-20 09:15 - 2013-05-20 09:15 - 00000000 ____D C:\_OTL
2013-05-20 08:35 - 2013-05-20 08:35 - 00000000 ____D C:\Windows\ERUNT
2013-05-20 08:35 - 2013-05-20 08:35 - 00000000 ____D C:\JRT
2013-05-20 08:24 - 2013-05-20 08:24 - 00003473 ____A C:\AdwCleaner[R2].txt
2013-05-20 08:24 - 2013-05-20 08:24 - 00002969 ____A C:\AdwCleaner[S1].txt
2013-05-20 08:22 - 2013-05-20 08:23 - 00003413 ____A C:\AdwCleaner[R1].txt
2013-05-19 13:53 - 2013-05-20 16:06 - 00037106 ____A C:\Users\Ian James\Desktop\Timesheet Dev (Recovered).xlsm
2013-05-19 12:47 - 2013-03-06 12:38 - 00055257 ____N C:\Users\Ian James\Desktop\PartLocDBComboRibbonDepend.xlsm
2013-05-19 09:56 - 2013-05-19 09:56 - 00032129 ____A C:\ComboFix.txt
2013-05-19 09:36 - 2011-06-26 10:45 - 00256000 ____A C:\Windows\PEV.exe
2013-05-19 09:36 - 2010-11-07 21:20 - 00208896 ____A C:\Windows\MBR.exe
2013-05-19 09:36 - 2009-04-20 08:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-05-19 09:36 - 2000-08-31 04:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-05-19 09:36 - 2000-08-31 04:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-05-19 09:36 - 2000-08-31 04:00 - 00098816 ____A C:\Windows\sed.exe
2013-05-19 09:36 - 2000-08-31 04:00 - 00080412 ____A C:\Windows\grep.exe
2013-05-19 09:36 - 2000-08-31 04:00 - 00068096 ____A C:\Windows\zip.exe
2013-05-19 09:35 - 2013-05-19 09:56 - 00000000 ___AD C:\Qoobox
2013-05-19 09:34 - 2013-05-19 09:54 - 00000000 ____D C:\Windows\erdnt
2013-05-19 09:07 - 2013-05-19 09:08 - 00000000 ____D C:\Users\Ian James\Desktop\J3048
2013-05-19 08:05 - 2013-05-20 12:47 - 00000000 ____D C:\Users\Ian James\Desktop\AV Reports
2013-05-18 20:24 - 2013-05-18 20:26 - 00187904 ____A C:\Windows\System32\Drivers\netbt.sys.dump
2013-05-18 20:24 - 2013-05-18 20:24 - 00000000 ____D C:\Windows\snack
2013-05-18 20:23 - 2013-05-18 20:26 - 00000000 ____D C:\Users\Ian James\Desktop\RK_Quarantine
2013-05-18 20:23 - 2013-05-18 20:23 - 00015616 ____A C:\Windows\System32\Drivers\TrueSight.sys
2013-05-18 16:24 - 2013-05-18 16:24 - 00000000 ____D C:\Users\Ian James\AppData\Roaming\Malwarebytes
2013-05-18 16:24 - 2013-05-18 16:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-05-18 16:24 - 2013-05-18 16:24 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-05-18 16:24 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-05-18 10:10 - 2013-05-18 10:10 - 00000988 ____A C:\Users\Public\Desktop\VLC media player.lnk
2013-05-17 23:43 - 2013-05-18 00:05 - 00000000 ____D C:\Users\Ian James\Downloads\All About Anna
2013-05-17 23:37 - 2013-05-19 13:34 - 00000000 ____D C:\Users\Ian James\Downloads\New_And_Some_Old_Nude_Celebrity_Clips_-_High_Quality-2007-DJNilo
2013-05-15 16:05 - 2013-05-15 16:06 - 00000000 ____D C:\Users\Ian James\AppData\Local\Temporary Projects
2013-05-15 15:46 - 2013-05-15 15:46 - 00000921 ____A C:\Users\Public\Desktop\Ora Time and Expense.lnk
2013-05-15 15:46 - 2013-05-15 15:46 - 00000000 ____D C:\Users\Ian James\AppData\Roaming\com.johnwu.ora.7C6CA62034ECEF7F45C524416D6FEE987A4E8AAB.1
2013-05-15 15:46 - 2013-05-15 15:46 - 00000000 ____D C:\Program Files\Ora Time and Expense
2013-05-15 15:31 - 2009-07-23 07:08 - 00050200 ____A (Microsoft Corporation) C:\Windows\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2013-05-15 15:30 - 2013-05-15 15:30 - 00000000 ____D C:\Windows\System32\RsFx
2013-05-15 15:30 - 2009-07-23 07:08 - 00079896 ____A (Microsoft Corporation) C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2013-05-15 15:28 - 2013-05-15 15:28 - 00000000 ____D C:\Windows\System32\1033
2013-05-15 15:28 - 2013-05-15 15:28 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 9.0
2013-05-15 15:25 - 2013-05-15 15:30 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2013-05-15 15:24 - 2013-05-15 15:24 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2013-05-15 15:23 - 2013-05-15 16:05 - 00000000 ____D C:\Users\Ian James\Documents\Visual Studio 2010
2013-05-15 15:21 - 2013-05-15 15:33 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 10.0
2013-05-15 15:21 - 2013-05-15 15:21 - 00000000 ____D C:\Program Files\Microsoft SDKs
2013-05-15 15:21 - 2013-05-15 15:21 - 00000000 ____D C:\Program Files\Microsoft Help Viewer
2013-05-14 23:37 - 2013-05-15 06:52 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-05-14 22:35 - 2013-05-15 09:15 - 00000000 ____D C:\Users\Ian James\Downloads\celeb
2013-05-14 15:26 - 2013-05-14 15:26 - 00000000 ____D C:\Program Files\Time & Expense Sheet Manager V4.1
2013-05-12 08:57 - 2013-05-12 08:57 - 00000000 ____D C:\Users\Ian James\Downloads\Shortbus [2006] dir John Cameron Mitchell
2013-05-12 08:33 - 2013-05-12 08:48 - 735516148 ____A C:\Users\Ian James\Downloads\SHORTBUS.avi
2013-05-09 12:51 - 2013-05-09 13:58 - 00000000 ____D C:\Users\Ian James\Downloads\How I Met Your Mother Season 1, 2, 3, 4, 5, & 6 + Extras DVDRip TSV
2013-05-06 17:20 - 2008-10-15 06:22 - 04379984 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll
2013-05-06 17:20 - 2008-10-15 06:22 - 02036576 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll
2013-05-06 17:20 - 2008-10-15 06:22 - 00452440 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_40.dll
2013-05-06 14:21 - 2013-05-06 14:21 - 00000000 ____D C:\Program Files\dumps
2013-05-06 14:20 - 2013-05-08 13:27 - 00000000 ____D C:\Program Files\Steam
2013-05-06 14:20 - 2013-05-06 14:20 - 00000835 ____A C:\Users\Public\Desktop\Steam.lnk
2013-05-06 14:20 - 2013-05-06 14:20 - 00000000 ____D C:\Program Files\Common Files\Steam
2013-05-06 08:49 - 2013-05-06 08:49 - 00000218 ____A C:\Users\Ian James\AppData\Local\recently-used.xbel
2013-05-06 08:41 - 2013-05-06 08:41 - 00000000 ____D C:\Users\Ian James\AppData\Roaming\inkscape
2013-05-06 08:37 - 2013-05-06 08:37 - 00000929 ____A C:\Users\Public\Desktop\Inkscape.lnk
2013-05-06 08:31 - 2013-05-06 08:39 - 00000000 ____D C:\Program Files\Inkscape
2013-05-05 10:25 - 2013-05-05 16:08 - 00000000 ____D C:\Users\Ian James\AppData\Local\PDF Annotator
2013-05-05 10:25 - 2013-05-05 10:25 - 00000000 ____D C:\Users\Ian James\AppData\Roaming\Softland
2013-05-05 10:25 - 2010-02-05 14:00 - 01700352 ____A (Microsoft Corporation) C:\Windows\System32\GdiPlus.dll
2013-05-01 09:55 - 2013-05-01 09:55 - 00002091 ____A C:\Users\Public\Desktop\CAESAR II 2011 Demo.lnk
2013-05-01 09:55 - 2013-05-01 09:55 - 00000000 ____D C:\ProgramData\Intergraph CAS
2013-05-01 09:55 - 2013-05-01 09:55 - 00000000 ____D C:\Program Files\Intergraph CAS
2013-05-01 09:55 - 2013-05-01 09:55 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2013-05-01 09:55 - 2013-05-01 09:55 - 00000000 ____D C:\Program Files\Common Files\Alias
2013-04-30 11:44 - 2013-05-16 13:28 - 00000000 ____D C:\Users\Ian James\Desktop\Scan
2013-04-30 11:12 - 2013-04-30 11:12 - 00000027 ____A C:\Windows\EZSET_SP.INI
2013-04-30 11:10 - 2013-04-30 11:10 - 00000033 ____A C:\setup.log
2013-04-30 11:07 - 2013-04-30 11:07 - 00000000 ____D C:\Users\Ian James\AppData\Roaming\Kyocera
2013-04-30 01:28 - 2013-04-30 01:28 - 00102448 ____A (Trusteer Ltd.) C:\Windows\System32\Drivers\RapportKELL.sys
2013-04-28 08:28 - 2013-04-28 11:19 - 00000000 ____D C:\Users\Ian James\Desktop\Personal Docs
2013-04-25 12:05 - 2013-05-08 12:26 - 00000000 ____D C:\J3035 SEP
2013-04-25 10:05 - 2013-04-25 10:05 - 00000950 ____A C:\Users\UpdatusUser.IanJames-PC\Desktop\Any PDF to DWG Converter.lnk
2013-04-25 10:05 - 2013-04-25 10:05 - 00000950 ____A C:\Users\Ian James\Desktop\Any PDF to DWG Converter.lnk
2013-04-25 10:05 - 2013-04-25 10:05 - 00000000 ____D C:\Program Files\Any PDF to DWG Converter
2013-04-25 09:11 - 2013-04-25 09:11 - 00000000 ____D C:\Program Files\Common Files\Java
2013-04-25 09:11 - 2013-04-04 05:35 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-04-25 09:11 - 2013-04-04 05:30 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-04-25 09:11 - 2013-04-04 05:29 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-04-25 09:10 - 2013-04-25 09:11 - 00003903 ____A C:\Windows\System32\jupdate-1.7.0_21-b11.log
2013-04-24 16:18 - 2010-06-02 04:55 - 00527192 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
2013-04-24 16:18 - 2010-06-02 04:55 - 00239960 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_7.dll
2013-04-24 16:18 - 2010-06-02 04:55 - 00074072 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
2013-04-24 16:18 - 2010-05-26 11:41 - 02106216 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2013-04-24 16:18 - 2010-05-26 11:41 - 01998168 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll
2013-04-24 16:18 - 2010-05-26 11:41 - 01868128 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_43.dll
2013-04-24 16:18 - 2010-05-26 11:41 - 00470880 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll
2013-04-24 16:18 - 2010-05-26 11:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
2013-04-24 16:18 - 2010-02-04 10:01 - 00528216 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll
2013-04-24 16:18 - 2010-02-04 10:01 - 00238936 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll
2013-04-24 16:18 - 2010-02-04 10:01 - 00074072 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll
2013-04-24 16:18 - 2010-02-04 10:01 - 00022360 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll
2013-04-24 16:18 - 2009-09-04 17:44 - 00238936 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll
2013-04-24 16:18 - 2009-09-04 17:29 - 05501792 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll
2013-04-24 16:18 - 2009-09-04 17:29 - 01974616 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll
2013-04-24 16:18 - 2009-09-04 17:29 - 00235344 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll
2013-04-24 16:18 - 2009-03-16 14:18 - 00517448 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_4.dll
2013-04-24 16:18 - 2009-03-16 14:18 - 00235352 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_4.dll
2013-04-24 16:18 - 2009-03-16 14:18 - 00022360 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_6.dll
2013-04-24 16:18 - 2009-03-09 15:27 - 04178264 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_41.dll
2013-04-24 16:18 - 2008-07-31 10:41 - 00238088 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll
2013-04-24 16:18 - 2008-07-31 10:41 - 00068616 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll
2013-04-24 16:18 - 2008-07-31 10:40 - 00509448 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll
2013-04-24 16:17 - 2013-04-24 16:17 - 00001008 ____A C:\Users\Ian James\Desktop\MSI Afterburner.lnk
2013-04-24 13:27 - 2013-04-28 08:50 - 00000000 ____D C:\Program Files\Citrix
2013-04-24 13:26 - 2013-04-24 13:26 - 00000000 ____D C:\Users\Ian James\AppData\Local\Citrix
2013-04-24 09:12 - 2013-05-19 14:15 - 00000000 ____D C:\Users\Ian James\Desktop\N3 Upgrade
2013-04-22 08:02 - 2013-05-01 21:36 - 00000000 ____D C:\Users\Ian James\Downloads\Newbie

==================== One Month Modified Files and Folders ========

2013-05-21 08:14 - 2010-07-29 14:33 - 00000000 ____D C:\Users\Ian James\AppData\Roaming\Skype
2013-05-21 08:13 - 2013-05-21 08:13 - 00000000 ____D C:\FRST
2013-05-21 08:11 - 2013-05-21 08:12 - 01318315 ____A (Farbar) C:\Users\Ian James\Desktop\FRST.exe
2013-05-21 08:10 - 2010-05-06 12:16 - 01349914 ____A C:\Windows\WindowsUpdate.log
2013-05-21 08:08 - 2012-09-20 15:34 - 00000000 ___RD C:\Users\Ian James\SkyDrive
2013-05-21 08:08 - 2010-08-17 17:07 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-21 08:07 - 2010-05-06 12:20 - 00000000 ____D C:\ProgramData\NVIDIA
2013-05-21 08:07 - 2009-07-14 08:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-21 08:07 - 2009-07-14 08:39 - 00176732 ____A C:\Windows\setupact.log
2013-05-21 07:22 - 2010-11-24 15:57 - 00000924 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1966870287-2785114930-2950882033-1000UA.job
2013-05-21 07:06 - 2010-08-17 17:07 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-20 22:45 - 2011-02-25 14:45 - 00000000 ____D C:\Users\Ian James\AppData\Roaming\vlc
2013-05-20 22:21 - 2012-02-01 10:26 - 00000000 ____D C:\Users\Ian James\Desktop\New folder
2013-05-20 18:02 - 2009-07-14 08:34 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-20 18:02 - 2009-07-14 08:34 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-20 16:06 - 2013-05-19 13:53 - 00037106 ____A C:\Users\Ian James\Desktop\Timesheet Dev (Recovered).xlsm
2013-05-20 14:22 - 2010-11-24 15:57 - 00000872 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1966870287-2785114930-2950882033-1000Core.job
2013-05-20 12:47 - 2013-05-19 08:05 - 00000000 ____D C:\Users\Ian James\Desktop\AV Reports
2013-05-20 12:03 - 2012-02-07 14:34 - 00000000 ____D C:\Users\Ian James\Desktop\001 Resources - shaun
2013-05-20 09:33 - 2013-05-20 09:33 - 00000000 ____D C:\Program Files\ESET
2013-05-20 09:15 - 2013-05-20 09:15 - 00000000 ____D C:\_OTL
2013-05-20 08:35 - 2013-05-20 08:35 - 00000000 ____D C:\Windows\ERUNT
2013-05-20 08:35 - 2013-05-20 08:35 - 00000000 ____D C:\JRT
2013-05-20 08:24 - 2013-05-20 08:24 - 00003473 ____A C:\AdwCleaner[R2].txt
2013-05-20 08:24 - 2013-05-20 08:24 - 00002969 ____A C:\AdwCleaner[S1].txt
2013-05-20 08:23 - 2013-05-20 08:22 - 00003413 ____A C:\AdwCleaner[R1].txt
2013-05-20 08:16 - 2010-01-21 21:39 - 00872704 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-19 14:45 - 2013-02-02 12:43 - 00000000 ____D C:\Users\Ian James\AppData\Roaming\BitTorrent
2013-05-19 14:15 - 2013-04-24 09:12 - 00000000 ____D C:\Users\Ian James\Desktop\N3 Upgrade
2013-05-19 13:34 - 2013-05-17 23:37 - 00000000 ____D C:\Users\Ian James\Downloads\New_And_Some_Old_Nude_Celebrity_Clips_-_High_Quality-2007-DJNilo
2013-05-19 10:17 - 2012-02-22 01:40 - 00000000 ____D C:\Users\Ian James\Desktop\Working
2013-05-19 09:56 - 2013-05-19 09:56 - 00032129 ____A C:\ComboFix.txt
2013-05-19 09:56 - 2013-05-19 09:35 - 00000000 ___AD C:\Qoobox
2013-05-19 09:56 - 2009-07-14 06:37 - 00000000 __RHD C:\users\Default
2013-05-19 09:56 - 2009-07-14 06:37 - 00000000 ___RD C:\users\Public
2013-05-19 09:54 - 2013-05-19 09:34 - 00000000 ____D C:\Windows\erdnt
2013-05-19 09:50 - 2009-07-14 06:04 - 00000215 ____A C:\Windows\system.ini
2013-05-19 09:49 - 2010-05-06 12:11 - 00353034 ____A C:\Windows\PFRO.log
2013-05-19 09:28 - 2010-08-02 21:01 - 00000000 ____D C:\Users\Ian James\AppData\Local\CrashDumps
2013-05-19 09:08 - 2013-05-19 09:07 - 00000000 ____D C:\Users\Ian James\Desktop\J3048
2013-05-19 09:08 - 2013-02-25 09:07 - 00000000 ____D C:\Users\Ian James\Desktop\FIV Calculator
2013-05-18 21:40 - 2009-07-14 06:37 - 00000000 ___DC C:\Windows\$NtUninstallKB5584$
2013-05-18 20:26 - 2013-05-18 20:24 - 00187904 ____A C:\Windows\System32\Drivers\netbt.sys.dump
2013-05-18 20:26 - 2013-05-18 20:23 - 00000000 ____D C:\Users\Ian James\Desktop\RK_Quarantine
2013-05-18 20:24 - 2013-05-18 20:24 - 00000000 ____D C:\Windows\snack
2013-05-18 20:23 - 2013-05-18 20:23 - 00015616 ____A C:\Windows\System32\Drivers\TrueSight.sys
2013-05-18 16:53 - 2012-04-03 17:04 - 00000000 ____D C:\Users\Ian James\AppData\Roaming\Dropbox
2013-05-18 16:44 - 2009-07-14 08:52 - 00000000 ____D C:\Windows\twain_32
2013-05-18 16:24 - 2013-05-18 16:24 - 00000000 ____D C:\Users\Ian James\AppData\Roaming\Malwarebytes
2013-05-18 16:24 - 2013-05-18 16:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-05-18 16:24 - 2013-05-18 16:24 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-05-18 10:25 - 2012-08-03 13:09 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-05-18 10:10 - 2013-05-18 10:10 - 00000988 ____A C:\Users\Public\Desktop\VLC media player.lnk
2013-05-18 08:11 - 2010-07-29 14:52 - 00010115 ____A C:\Windows\lg_up.ini
2013-05-18 08:11 - 2010-01-21 22:45 - 00000000 ____D C:\Program Files\lg_swupdate
2013-05-18 08:11 - 2009-07-14 06:04 - 00000461 ____A C:\Windows\win.ini
2013-05-18 00:05 - 2013-05-17 23:43 - 00000000 ____D C:\Users\Ian James\Downloads\All About Anna
2013-05-17 21:59 - 2012-05-01 20:55 - 00000000 ____D C:\Users\Ian James\AppData\Roaming\TS3Client
2013-05-17 21:37 - 2012-05-01 20:54 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-05-16 13:28 - 2013-04-30 11:44 - 00000000 ____D C:\Users\Ian James\Desktop\Scan
2013-05-15 19:31 - 2009-07-14 06:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-05-15 16:06 - 2013-05-15 16:05 - 00000000 ____D C:\Users\Ian James\AppData\Local\Temporary Projects
2013-05-15 16:05 - 2013-05-15 15:23 - 00000000 ____D C:\Users\Ian James\Documents\Visual Studio 2010
2013-05-15 15:46 - 2013-05-15 15:46 - 00000921 ____A C:\Users\Public\Desktop\Ora Time and Expense.lnk
2013-05-15 15:46 - 2013-05-15 15:46 - 00000000 ____D C:\Users\Ian James\AppData\Roaming\com.johnwu.ora.7C6CA62034ECEF7F45C524416D6FEE987A4E8AAB.1
2013-05-15 15:46 - 2013-05-15 15:46 - 00000000 ____D C:\Program Files\Ora Time and Expense
2013-05-15 15:40 - 2011-04-27 14:40 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2013-05-15 15:33 - 2013-05-15 15:21 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 10.0
2013-05-15 15:30 - 2013-05-15 15:30 - 00000000 ____D C:\Windows\System32\RsFx
2013-05-15 15:30 - 2013-05-15 15:25 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2013-05-15 15:28 - 2013-05-15 15:28 - 00000000 ____D C:\Windows\System32\1033
2013-05-15 15:28 - 2013-05-15 15:28 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 9.0
2013-05-15 15:28 - 2010-07-29 14:43 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-05-15 15:28 - 2009-07-14 06:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-05-15 15:24 - 2013-05-15 15:24 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2013-05-15 15:24 - 2010-07-29 13:52 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2013-05-15 15:21 - 2013-05-15 15:21 - 00000000 ____D C:\Program Files\Microsoft SDKs
2013-05-15 15:21 - 2013-05-15 15:21 - 00000000 ____D C:\Program Files\Microsoft Help Viewer
2013-05-15 09:15 - 2013-05-14 22:35 - 00000000 ____D C:\Users\Ian James\Downloads\celeb
2013-05-15 06:52 - 2013-05-14 23:37 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-05-15 06:51 - 2013-03-24 12:11 - 00001380 ____A C:\fpRedmon.log
2013-05-15 06:51 - 2010-07-30 23:20 - 00000000 ____D C:\Users\Ian James\AppData\Local\FreePDF_XP
2013-05-15 06:46 - 2010-01-21 22:37 - 00001147 ____A C:\Windows\lgcenter.ini
2013-05-15 00:14 - 2009-07-14 08:53 - 00032638 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-14 15:26 - 2013-05-14 15:26 - 00000000 ____D C:\Program Files\Time & Expense Sheet Manager V4.1
2013-05-12 08:57 - 2013-05-12 08:57 - 00000000 ____D C:\Users\Ian James\Downloads\Shortbus [2006] dir John Cameron Mitchell
2013-05-12 08:48 - 2013-05-12 08:33 - 735516148 ____A C:\Users\Ian James\Downloads\SHORTBUS.avi
2013-05-09 16:52 - 2011-01-12 07:33 - 00000000 ____D C:\Users\Ian James\AppData\Local\Windows Live
2013-05-09 13:58 - 2013-05-09 12:51 - 00000000 ____D C:\Users\Ian James\Downloads\How I Met Your Mother Season 1, 2, 3, 4, 5, & 6 + Extras DVDRip TSV
2013-05-08 13:27 - 2013-05-06 14:20 - 00000000 ____D C:\Program Files\Steam
2013-05-08 12:26 - 2013-04-25 12:05 - 00000000 ____D C:\J3035 SEP
2013-05-08 09:43 - 2013-04-18 11:12 - 00000000 ____D C:\Users\Ian James\Documents\SoundPLAN Globdata 7.2
2013-05-07 13:50 - 2013-02-18 08:06 - 00465216 ____A (Hola Networks Ltd.) C:\Windows\System32\Drivers\hola_drv.sys
2013-05-07 13:50 - 2013-02-18 08:06 - 00071360 ____A (Hola Networks Ltd.) C:\Windows\System32\Drivers\hola_mon_drv.sys
2013-05-06 17:21 - 2012-05-12 00:43 - 00000000 ____D C:\Users\Ian James\Documents\My Games
2013-05-06 17:20 - 2010-08-02 14:44 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-05-06 14:21 - 2013-05-06 14:21 - 00000000 ____D C:\Program Files\dumps
2013-05-06 14:20 - 2013-05-06 14:20 - 00000835 ____A C:\Users\Public\Desktop\Steam.lnk
2013-05-06 14:20 - 2013-05-06 14:20 - 00000000 ____D C:\Program Files\Common Files\Steam
2013-05-06 11:08 - 2012-08-03 13:09 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-06 11:08 - 2011-09-06 16:02 - 00000000 ___RD C:\Program Files\Skype
2013-05-06 11:08 - 2010-07-29 14:32 - 00000000 ____D C:\ProgramData\Skype
2013-05-06 11:07 - 2009-07-14 08:33 - 00413440 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-06 08:49 - 2013-05-06 08:49 - 00000218 ____A C:\Users\Ian James\AppData\Local\recently-used.xbel
2013-05-06 08:41 - 2013-05-06 08:41 - 00000000 ____D C:\Users\Ian James\AppData\Roaming\inkscape
2013-05-06 08:39 - 2013-05-06 08:31 - 00000000 ____D C:\Program Files\Inkscape
2013-05-06 08:37 - 2013-05-06 08:37 - 00000929 ____A C:\Users\Public\Desktop\Inkscape.lnk
2013-05-05 22:14 - 2010-07-29 13:49 - 00109600 ____A C:\Users\Ian James\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-05 16:08 - 2013-05-05 10:25 - 00000000 ____D C:\Users\Ian James\AppData\Local\PDF Annotator
2013-05-05 10:53 - 2013-04-16 15:22 - 00000000 ____D C:\Program Files\WindRose
2013-05-05 10:25 - 2013-05-05 10:25 - 00000000 ____D C:\Users\Ian James\AppData\Roaming\Softland
2013-05-05 08:14 - 2011-08-17 21:21 - 00000000 ____D C:\Users\Ian James\AppData\Roaming\Nitro PDF
2013-05-01 21:36 - 2013-04-22 08:02 - 00000000 ____D C:\Users\Ian James\Downloads\Newbie
2013-05-01 09:55 - 2013-05-01 09:55 - 00002091 ____A C:\Users\Public\Desktop\CAESAR II 2011 Demo.lnk
2013-05-01 09:55 - 2013-05-01 09:55 - 00000000 ____D C:\ProgramData\Intergraph CAS
2013-05-01 09:55 - 2013-05-01 09:55 - 00000000 ____D C:\Program Files\Intergraph CAS
2013-05-01 09:55 - 2013-05-01 09:55 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2013-05-01 09:55 - 2013-05-01 09:55 - 00000000 ____D C:\Program Files\Common Files\Alias
2013-05-01 09:55 - 2009-07-14 06:37 - 00000000 ____D C:\Windows\system
2013-04-30 11:12 - 2013-04-30 11:12 - 00000027 ____A C:\Windows\EZSET_SP.INI
2013-04-30 11:12 - 2013-01-27 08:40 - 00000000 ____D C:\Program Files\Kyocera
2013-04-30 11:10 - 2013-04-30 11:10 - 00000033 ____A C:\setup.log
2013-04-30 11:07 - 2013-04-30 11:07 - 00000000 ____D C:\Users\Ian James\AppData\Roaming\Kyocera
2013-04-30 01:28 - 2013-04-30 01:28 - 00102448 ____A (Trusteer Ltd.) C:\Windows\System32\Drivers\RapportKELL.sys
2013-04-28 11:19 - 2013-04-28 08:28 - 00000000 ____D C:\Users\Ian James\Desktop\Personal Docs
2013-04-28 08:54 - 2010-07-29 14:20 - 00000000 ____D C:\Users\Ian James\AppData\Local\Google
2013-04-28 08:54 - 2010-01-21 22:33 - 00000000 ____D C:\Program Files\Google
2013-04-28 08:50 - 2013-04-24 13:27 - 00000000 ____D C:\Program Files\Citrix
2013-04-25 10:05 - 2013-04-25 10:05 - 00000950 ____A C:\Users\UpdatusUser.IanJames-PC\Desktop\Any PDF to DWG Converter.lnk
2013-04-25 10:05 - 2013-04-25 10:05 - 00000950 ____A C:\Users\Ian James\Desktop\Any PDF to DWG Converter.lnk
2013-04-25 10:05 - 2013-04-25 10:05 - 00000000 ____D C:\Program Files\Any PDF to DWG Converter
2013-04-25 09:11 - 2013-04-25 09:11 - 00000000 ____D C:\Program Files\Common Files\Java
2013-04-25 09:11 - 2013-04-25 09:10 - 00003903 ____A C:\Windows\System32\jupdate-1.7.0_21-b11.log
2013-04-25 09:11 - 2011-03-14 07:47 - 00000000 ____D C:\Program Files\Java
2013-04-24 16:19 - 2013-03-04 15:26 - 00000000 ____D C:\Program Files\MSI Afterburner
2013-04-24 16:18 - 2013-03-04 15:26 - 00000000 ____D C:\Windows\System32\directx
2013-04-24 16:17 - 2013-04-24 16:17 - 00001008 ____A C:\Users\Ian James\Desktop\MSI Afterburner.lnk
2013-04-24 13:44 - 2010-11-24 15:59 - 00002394 ____A C:\Users\Ian James\Desktop\Google Chrome.lnk
2013-04-24 13:26 - 2013-04-24 13:26 - 00000000 ____D C:\Users\Ian James\AppData\Local\Citrix
2013-04-24 09:12 - 2013-02-18 19:19 - 00000000 ____D C:\Users\Ian James\Desktop\Drafts Sent

Other Malware:
===========
C:\ProgramData\ezsidmv.dat

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

Last Boot: 2013-05-15 00:10

==================== End Of Log ============================
May 21st, 2013, 12:17 AM
shaunwkc

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-05-2013 01
Ran by Ian James at 2013-05-21 08:15:10 Run:
Running from C:\Users\Ian James\Desktop
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

32 Bit HP CIO Components Installer (Version: 7.1.8)
Adobe AIR (Version: 3.7.0.1860)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.278)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Adobe Shockwave Player 11.6 (Version: 11.6.4.634)
ALTools Update (Version: v11.4.28.1)
ALZip 8.51 (Version: v8.51)
Any DWG DXF Converter 2013
Any PDF to DWG Converter 2013
Apple Application Support (Version: 2.3)
Apple Mobile Device Support (Version: 3.4.0.25)
Apple Software Update (Version: 2.1.3.127)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.22)
Battlelog Web Plugins (Version: 2.1.2)
BitTorrent (Version: 7.8.0.29626)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.41)
bpd_scan (Version: 3.00.0000)
bpd_scan_Carrier (Version: 3.00.0000)
BREEZE 3D Analyst (Version: 2.2.4)
BREEZE AERMOD-ISC (Version: 7.6.0)
CAESAR II 2011-Demo (Version: 5.30.000)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
CyberLink YouCam (Version: 2.0.3304a)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dishonored (Version: 1.0)
D-Link AirPlus Xtreme G AP Manager for DWL-2100AP
Dropbox (Version: 1.6.16)
ESET Online Scanner v3
ESN Sonar (Version: 0.70.4)
Extended Asian Language font pack for Adobe Reader XI (Version: 11.0.0)
EzManual
Feedback Tool (Version: 1.1.0)
Google Chrome (Version: 26.0.1410.64)
Google Earth (Version: 7.0.3.8542)
Google Update Helper (Version: 1.3.21.145)
GPL Ghostscript 8.71
Greenshot
Hola™ 1.1.26 - Better Internet (Version: 1.1.26)
HP Update (Version: 5.005.000.002)
hppLaserJetService (Version: 001.003.000145)
hppM1130M1210SeriesLaserJetService (Version: 001.003.00073)
hppusgM1130M1210Series (Version: 1.0.0.2)
Inkscape 0.48.4 (Version: 0.48.4)
Intel(R) Control Center (Version: 1.2.0.1006)
Intel(R) Rapid Storage Technology (Version: 10.1.0.1008)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
Junk Mail filter update (Version: 15.4.3502.0922)
Kyocera Product Library (Version: 2.0.0713)
Kyocera TWAIN Driver (Version: 1.7.2030)
Lakes Environmental AERMOD View V.7.6.1 (Version: 7.6.1)
Lakes Environmental Screen View V.3.0.0 (Version: 3.0.0)
LG Intelligent Update (Version: 4.02.0305.01)
LG Magnifier (Version: 8.05.1901)
LG OSD (Version: 9.12.0401)
LG Smart Care (Version: 1.0.1006.0901)
LG Smart Indicator (Version: 10.01.0801)
LG Smart Recovery (Version: 5.5.3220)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office Live Add-in 1.3 (Version: 2.0.2313.0)
Microsoft Office on Demand Browser Add-ons (Version: 15.0.4481.1510)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SkyDrive (Version: 17.0.2006.0314)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Native Client (Version: 10.1.2531.0)
Microsoft SQL Server 2008 R2 Management Objects (Version: 10.50.1447.4)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Setup Support Files (Version: 10.1.2731.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft SQL Server System CLR Types (Version: 10.50.1447.4)
Microsoft SQL Server VSS Writer (Version: 10.1.2531.0)
Microsoft Visual C# 2010 Express - ENU (Version: 10.0.30319)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (Version: 10.0.30319)
MozBackup 1.5.1
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 17.0.6)
Mozilla Thunderbird 17.0.6 (x86 en-GB) (Version: 17.0.6)
MPICH2 (Version: 1.2.1)
MSI Afterburner 2.3.1 (Version: 2.3.1)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Mumble 1.2.3 (Version: 1.2.3)
MySQL Server 5.5 (Version: 5.5.12)
Nitro PDF Professional (Version: 6.2.1.10)
Nitro PDF Professional 6.2 (Version: 6.2)
Norton 360 (Version: 20.3.1.22)
Norton Internet Security (Version: 17.0.0.136)
NVIDIA 3D Vision Driver 285.62 (Version: 285.62)
NVIDIA Control Panel 285.62 (Version: 285.62)
NVIDIA Display Control Panel (Version: 6.14.12.5984)
NVIDIA Graphics Driver 285.62 (Version: 285.62)
NVIDIA HD Audio Driver 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.109.718)
NVIDIA PhysX (Version: 9.11.1111)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.8562)
NVIDIA Update 1.5.20 (Version: 1.5.20)
NVIDIA Update Components (Version: 1.5.20)
Ora Time and Expense (Version: 1.1.15)
QuickTime (Version: 7.73.80.64)
Rapport (Version: 3.5.1208.36)
Realtek High Definition Audio Driver (Version: 6.0.1.5982)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30101)
REALTEK Wireless LAN Driver (Version: 1.00.0130)
RedMon - Redirection Port Monitor
Service Pack 1 for SQL Server 2008 (KB968369) (Version: 10.1.2531.0)
Skype Click to Call (Version: 6.8.12323)
Skype™ 6.3 (Version: 6.3.105)
SolidWorks eDrawings 2012 (Version: 12.3.113)
SoundPLAN 7.2 (remove only) (Version: 7.2)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0)
Steam (Version: 1.0.0.0)
Striata Reader (Version: 2.9-1)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 13.2.4.12)
Tanks409d (Version: 0.4.0.9)
TeamSpeak 3 Client (Version: 3.0.10.1)
TeamViewer 8 (Version: 8.0.17292)
Time & Expense Sheet Manager V4.1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (Version: 4.0.8080.0)
VLC media player 2.0.6 (Version: 2.0.6)
Vodafone Mobile Connect Lite (Version: 3.2.1.156)
WIDCOMM Bluetooth Software (Version: 6.3.0.4400)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WindRose ver.4.15-6.08
WinDust Pro
WinRAR 4.20 (32-bit) (Version: 4.20.0)
WinZip 14.5 (Version: 14.5.9095)
Yahoo! Detect

==================== Restore Points =========================

==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Hands-free Audio
Description: Bluetooth Hands-free Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: btwaudio
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth L2CAP Interface
Description: Bluetooth L2CAP Interface
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Broadcom Corp.
Service: btwl2cap
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: Bluetooth Remote Control
Description: Bluetooth Remote Control
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Broadcom
Service: btwrchid
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Officejet Pro 8500 A909g
Description: Officejet Pro 8500 A909g
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP LaserJet Professional M1217nfw MFP
Description: HP LaserJet Professional M1217nfw MFP
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (05/21/2013 08:08:50 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (05/21/2013 08:08:45 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/21/2013 08:08:40 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (05/21/2013 08:08:40 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (05/21/2013 08:08:01 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (05/21/2013 08:07:42 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (05/21/2013 08:07:42 AM) (Source: Service Control Manager) (User: )
Description: The atksgt service failed to start due to the following error:
%%1275

Error: (05/21/2013 08:07:42 AM) (Source: Application Popup) (User: )
Description: Driver atksgt.sys has been blocked from loading.

Error: (05/21/2013 08:07:42 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (05/21/2013 08:07:40 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 07:27:21 AM on ?2013/?05/?21 was unexpected.

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 54%
Total physical RAM: 3061.86 MB
Available physical RAM: 1380.02 MB
Total Pagefile: 6119.95 MB
Available Pagefile: 3440.12 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.18 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148 GB) (Free:12.57 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:138.59 GB) (Free:109.71 GB) NTFS
Drive f: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive g: () (Removable) (Total:1.9 GB) (Free:1.86 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: AF1F2A52)
Partition 1: (Not Active) - (Size=2 GB) - (Type=12)
Partition 2: (Active) - (Size=148 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=139 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=10 GB) - (Type=12)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 301E9B3A)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)

==================== End Of Log ============================
May 21st, 2013, 12:49 AM
Broni

1 Attachment(s)

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
May 21st, 2013, 01:00 AM
shaunwkc

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-05-2013 01
Ran by Ian James at 2013-05-21 08:59:56 Run:1
Running from C:\Users\Ian James\Desktop
Boot Mode: Normal

==============================================

permissions for C:\Program Files\Windows Defender were reset successfully

========================= Folder: C:\Program Files\Windows Defender ========================

2009-07-14 08:56 - 2009-07-14 08:56 - 0000000 ___AD () C:\Program Files\Windows Defender\en-US
2009-07-14 03:37 - 2009-07-14 05:15 - 0009216 ____A () C:\Program Files\Windows Defender\MpAsDesc.dll
2009-07-14 03:37 - 2009-07-14 05:15 - 0392704 ____A () C:\Program Files\Windows Defender\MpClient.dll
2009-07-14 03:37 - 2009-07-14 05:14 - 0157184 ____A () C:\Program Files\Windows Defender\MpCmdRun.exe
2011-06-24 11:59 - 2010-11-20 16:19 - 0224768 ____A () C:\Program Files\Windows Defender\MpCommu.dll
2009-07-14 03:37 - 2009-07-14 05:06 - 0052224 ____A () C:\Program Files\Windows Defender\MpEvMsg.dll
2009-07-14 03:37 - 2009-07-14 05:15 - 0054784 ____A () C:\Program Files\Windows Defender\MpOAV.dll
2009-07-14 03:37 - 2009-07-14 05:15 - 0153088 ____A () C:\Program Files\Windows Defender\MpRTP.dll
2009-07-14 03:37 - 2009-07-14 05:15 - 0680960 ____A () C:\Program Files\Windows Defender\MpSvc.dll
2009-07-14 03:37 - 2009-07-14 05:14 - 0660480 ____A () C:\Program Files\Windows Defender\MSASCui.exe
2011-06-24 11:59 - 2010-11-20 16:19 - 0052736 ____A () C:\Program Files\Windows Defender\MsMpCom.dll
2009-07-14 03:37 - 2009-07-14 05:07 - 0004608 ____A () C:\Program Files\Windows Defender\MsMpLics.dll
2009-07-14 03:37 - 2009-07-14 05:15 - 0487424 ____A () C:\Program Files\Windows Defender\MsMpRes.dll

====== End of Folder: ======

==== End of Fixlog ====

Show 40 post(s) from this thread on one page