1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Combofix stalls

Discussion in 'Windows - Virus and spyware problems' started by Paynor, Dec 25, 2013.

  1. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    just run the MBAR, my instructions may be out of date but click it update it and run it, save the logs and maybe can send them later.

    please let me know what happens, since I can't see it :)

    haven't tried this blind folded before may be fun. lol
     
  2. Paynor

    Paynor Newbie

    Joined:
    Dec 25, 2013
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    Going away until Sunday, will do as you suggest then, thanks for your patience!
     
  3. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    no prob I must be out for a while so see you later
     
  4. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Not Sunday yet but saw your post to malwarebytes.com.. Gringo is very qualified and is starting off with some of the adware/foistware removers that I will use next. it will clean up trash and will make the other logs easier to read. I didn't start with them because you were having so much trouble running the others.

    Were you able to get a MBAR or OTL Log?

    2oG
     
  5. ps355528

    ps355528 Active member

    Joined:
    Aug 17, 2010
    Messages:
    1,071
    Likes Received:
    28
    Trophy Points:
    78
    I can see the problem from the first successful log.. and I'm pretty sure where it came from (i have a copy of the malware installer or a close relative saved on my hdd) thing installs teamviewer and a nice backdoor.. it was designed to trick the moronic into paying for "help".. but it's since been exploited by the automation people (runs and hides.. not me this time Guv.. honest)

    as the machine dual boots linux that would be my way in.. but they made a real mess of clamav recently.. so personally antirootkit and manual complete scrub of nasty files would be my first choice (shred them muthas.. or overwrite with crap by sector directly using dd and a mash file) and then I would NOT trust this installation of windows for ANYTHING after removal.. seriously..
     
  6. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,167
    Likes Received:
    136
    Trophy Points:
    143
    ps355528, would you suggest a low level format of the drive & a complete re-install of windows?
     
  7. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    ccleaner has the ability to overwrite all free space on all partitions with as many as 35 passes. The only other way is to repave reinstall to be sure nothing is left in the files or apps. How far you take it depends of what you use it for...
     
  8. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,167
    Likes Received:
    136
    Trophy Points:
    143
    2oldGeek, who do you think introduced ccleaner to this site years ago?
     
  9. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    who cares? it works..
     
  10. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,167
    Likes Received:
    136
    Trophy Points:
    143
    i know.
     
  11. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    I know you know. that wasn't for your info.... lol
     
  12. Paynor

    Paynor Newbie

    Joined:
    Dec 25, 2013
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    Back again. Trying again to post OTL logs, mbar is now running a scan and will post mbar logs in a few minutes.

    OTL logs:

    OTL logfile created on: 27/12/2013 07:19:22 - Run 3
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\T42-Win7\Desktop
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16750)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 54.64% Memory free
    4.00 Gb Paging File | 3.02 Gb Available in Paging File | 75.53% Paging File free
    Paging file location(s): c:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 59.05 Gb Total Space | 15.56 Gb Free Space | 26.35% Space Free | Partition Type: NTFS
    Drive D: | 79.10 Gb Total Space | 3.96 Gb Free Space | 5.01% Space Free | Partition Type: NTFS
    Drive F: | 3.61 Gb Total Space | 1.33 Gb Free Space | 36.85% Space Free | Partition Type: FAT32

    Computer Name: T42-WIN7 | User Name: T42-Win7 | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/12/24 19:36:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\T42-Win7\Desktop\OTL.exe
    PRC - [2013/11/12 15:28:02 | 001,144,544 | ---- | M] (Druide informatique inc.) -- C:\Program Files\Druide\Antidote 8\Programmes32\AgentAntidote.exe
    PRC - [2013/10/01 07:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
    PRC - [2013/09/05 09:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2013/08/02 03:08:22 | 000,692,328 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
    PRC - [2013/05/28 11:50:02 | 000,218,112 | ---- | M] () -- C:\Program Files\GNU\GnuPG\dirmngr.exe
    PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2011/12/23 12:33:08 | 000,134,416 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    PRC - [2011/12/09 12:47:36 | 000,726,912 | ---- | M] (FileOpen Systems Inc.) -- C:\Program Files\FileOpen\Services\FileOpenBroker32.exe
    PRC - [2011/11/04 14:37:16 | 000,330,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    PRC - [2011/10/20 09:58:46 | 000,101,440 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
    PRC - [2011/07/12 17:03:32 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    PRC - [2011/07/12 16:17:04 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
    PRC - [2011/07/12 15:54:02 | 000,127,336 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
    PRC - [2011/07/12 15:53:48 | 000,131,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe
    PRC - [2011/07/12 15:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
    PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010/12/04 10:42:58 | 002,411,520 | ---- | M] (GoldenDict) -- C:\Program Files\GoldenDict\GoldenDict.exe
    PRC - [2010/10/27 12:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    PRC - [2010/08/25 04:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    PRC - [2010/07/04 19:07:40 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
    PRC - [2010/03/18 04:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    PRC - [2009/11/24 10:25:34 | 004,463,400 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Wacom_Tablet.exe
    PRC - [2009/11/24 10:25:34 | 001,823,528 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\Wacom_TabletUser.exe
    PRC - [2009/11/09 06:48:34 | 000,054,632 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\cammute.exe
    PRC - [2009/09/23 09:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files\Panda USB Vaccine\USBVaccine.exe
    PRC - [2007/03/26 09:00:26 | 000,069,632 | ---- | M] (Software 2000 Limited) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1005MC.EXE
    PRC - [2003/03/19 13:24:00 | 000,045,056 | ---- | M] (GNU) -- C:\Program Files\SC_TOOLS\visualCVS_server\exec\windows\cvsNt\cvsservice.exe
    PRC - [2003/03/19 13:24:00 | 000,045,056 | ---- | M] () -- C:\Program Files\SC_TOOLS\visualCVS_server\exec\windows\cvsNt\cvslock.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/08/07 14:25:24 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
    MOD - [2013/07/27 15:50:30 | 016,547,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\10ac4ed5a22a4882529e01cf7bd8b895\mscorlib.ni.dll
    MOD - [2010/12/03 16:03:12 | 000,007,168 | ---- | M] () -- C:\Program Files\GoldenDict\GdTextOutSpy.dll
    MOD - [2010/12/03 06:37:48 | 000,378,880 | ---- | M] () -- C:\Program Files\GoldenDict\imageformats\qtiff4.dll
    MOD - [2010/12/03 06:37:48 | 000,351,744 | ---- | M] () -- C:\Program Files\GoldenDict\imageformats\qmng4.dll
    MOD - [2010/12/03 06:37:48 | 000,286,720 | ---- | M] () -- C:\Program Files\GoldenDict\imageformats\qjpeg4.dll
    MOD - [2010/12/03 06:37:48 | 000,083,456 | ---- | M] () -- C:\Program Files\GoldenDict\imageformats\qico4.dll
    MOD - [2010/12/03 06:37:46 | 000,083,456 | ---- | M] () -- C:\Program Files\GoldenDict\imageformats\qgif4.dll
    MOD - [2010/12/03 06:32:46 | 000,399,360 | ---- | M] () -- C:\Program Files\GoldenDict\QtXml4.dll
    MOD - [2010/12/03 06:32:40 | 000,344,576 | ---- | M] () -- C:\Program Files\GoldenDict\phonon4.dll
    MOD - [2010/12/03 06:32:28 | 017,314,816 | ---- | M] () -- C:\Program Files\GoldenDict\QtWebKit4.dll
    MOD - [2010/12/03 06:32:22 | 001,149,440 | ---- | M] () -- C:\Program Files\GoldenDict\QtNetwork4.dll
    MOD - [2010/12/03 06:32:18 | 000,043,008 | ---- | M] () -- C:\Program Files\GoldenDict\libgcc_s_dw2-1.dll
    MOD - [2010/12/03 06:32:12 | 000,011,362 | ---- | M] () -- C:\Program Files\GoldenDict\mingwm10.dll
    MOD - [2010/12/03 06:32:00 | 009,889,792 | ---- | M] () -- C:\Program Files\GoldenDict\QtGui4.dll
    MOD - [2010/12/03 06:31:58 | 002,543,616 | ---- | M] () -- C:\Program Files\GoldenDict\QtCore4.dll
    MOD - [2009/05/16 00:22:42 | 000,716,800 | ---- | M] () -- C:\Program Files\Samsung\Samsung PC Studio 7\PCSCM_Samsung.dll
    MOD - [2008/12/06 01:41:50 | 000,619,008 | ---- | M] () -- C:\Program Files\Samsung\Samsung PC Studio 7\PhoneBrowser.dll
    MOD - [2005/04/19 18:38:00 | 000,396,288 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\BATINFEX.DLL


    ========== Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - File not found [Disabled | Stopped] -- C:\Program Files\SC_TOOLS\visualCVS_server\exec\windows\service\sc_sysService.exe -- (sc_sysService)
    SRV - File not found [Disabled | Stopped] -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
    SRV - File not found [Auto | Stopped] -- C:\Program Files\DisplayFusion\DisplayFusionService.exe -- (DisplayFusionService)
    SRV - File not found [Disabled | Stopped] -- C:\Program Files\Diafaan SMS Server\DiafaanMessageServer.exe -- (DiafaanMessageServer)
    SRV - [2013/12/23 22:25:14 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/12/11 08:49:55 | 000,119,408 | ---- | M] (Mozilla Foundation) [Auto | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/10/01 07:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
    SRV - [2013/09/05 09:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2013/08/02 03:08:22 | 000,692,328 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
    SRV - [2013/05/28 11:50:02 | 000,218,112 | ---- | M] () [Auto | Running] -- C:\Program Files\GNU\GnuPG\dirmngr.exe -- (DirMngr)
    SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2013/02/04 02:26:30 | 000,022,376 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
    SRV - [2013/01/08 04:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/12/25 11:26:16 | 000,246,112 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Zain Broadband\UpdateDog\ouc.exe -- (Zain Broadband. RunOuc)
    SRV - [2012/08/30 01:31:46 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
    SRV - [2012/07/20 00:04:13 | 001,045,256 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2011/12/09 12:47:42 | 000,213,888 | ---- | M] (FileOpen Systems Inc.) [Disabled | Stopped] -- C:\Program Files\FileOpen\Services\FileOpenManagerSvc32.exe -- (FileOpenManagerSvc)
    SRV - [2011/07/12 15:54:02 | 000,127,336 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
    SRV - [2011/07/12 15:53:48 | 000,131,432 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
    SRV - [2011/07/12 15:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
    SRV - [2011/07/12 15:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
    SRV - [2011/07/12 09:16:32 | 000,175,104 | ---- | M] (Samsung Electronics Co., Ltd.) [Disabled | Stopped] -- C:\Windows\System32\spool\drivers\w32x86\3\NetFaxServer.exe -- (Samsung Network Fax Server)
    SRV - [2011/06/26 01:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\FC.com\pev.3XE -- (PEVSystemStart)
    SRV - [2011/03/14 10:27:28 | 000,271,712 | ---- | M] () [Disabled | Stopped] -- C:\ProgramData\DataCardService\HWDeviceService.exe -- (HWDeviceService.exe)
    SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
    SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
    SRV - [2010/11/20 07:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
    SRV - [2010/07/11 09:24:39 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/07/11 05:53:46 | 000,606,208 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Traffic Shaper XP Server\bcserver.service -- (bcserver)
    SRV - [2010/07/04 19:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
    SRV - [2010/03/18 04:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [Disabled | Stopped] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
    SRV - [2009/11/24 10:25:34 | 004,463,400 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Wacom_Tablet.exe -- (TabletServiceWacom)
    SRV - [2009/11/09 06:48:34 | 000,054,632 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\cammute.exe -- (LENOVO.CAMMUTE)
    SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 20:14:48 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\WMSvc.exe -- (WMSVC)
    SRV - [2007/02/07 09:26:52 | 000,538,096 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\System32\dlbccoms.exe -- (dlbc_device)
    SRV - [2003/03/19 13:24:00 | 000,045,056 | ---- | M] (GNU) [Auto | Running] -- C:\Program Files\SC_TOOLS\visualCVS_server\exec\windows\cvsNt\cvsservice.exe -- (CVS)
    SRV - [2003/03/19 13:24:00 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\SC_TOOLS\visualCVS_server\exec\windows\cvsNt\cvslock.exe -- (CVSLock)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\rootrepeal.sys -- (rootrepeal)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\T42-Win7\AppData\Local\Temp\mfe_rr.sys -- (MFE_RR)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbfake.sys -- (hwusbfake)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\T42-Win7\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2013/08/02 02:37:50 | 000,027,648 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
    DRV - [2013/07/04 15:38:20 | 000,188,176 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
    DRV - [2013/07/04 15:37:08 | 000,115,984 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
    DRV - [2013/07/04 15:37:08 | 000,104,720 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
    DRV - [2013/07/04 15:37:08 | 000,094,480 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
    DRV - [2012/12/25 11:26:17 | 000,377,856 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbwwan.sys -- (ewusbmbb)
    DRV - [2012/12/25 11:26:17 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
    DRV - [2012/12/25 11:26:17 | 000,095,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
    DRV - [2012/12/25 11:26:17 | 000,076,544 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
    DRV - [2012/12/25 11:26:16 | 000,199,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV - [2012/09/01 06:46:32 | 000,026,864 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
    DRV - [2012/08/23 09:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV - [2012/08/23 09:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2012/07/22 12:41:38 | 000,022,624 | ---- | M] (Resplendence Software Projects Sp.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\rspLLL32.sys -- (rspLLL)
    DRV - [2012/06/11 03:33:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2011/12/26 20:10:35 | 000,033,080 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
    DRV - [2011/12/16 10:53:01 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
    DRV - [2011/11/21 15:33:57 | 000,073,096 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
    DRV - [2011/10/07 18:24:36 | 000,126,976 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
    DRV - [2011/09/28 05:55:54 | 000,061,568 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabser.sys -- (silabser)
    DRV - [2011/09/28 05:55:39 | 000,017,920 | ---- | M] (Silicon Laboratories, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabenm.sys -- (silabenm)
    DRV - [2011/08/30 01:35:44 | 000,138,264 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zgdcnet.sys -- (zgdcnet)
    DRV - [2011/08/30 01:35:44 | 000,113,168 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zgdcnmea.sys -- (zgdcnmea)
    DRV - [2011/08/30 01:35:44 | 000,113,168 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zgdcmdm.sys -- (zgdcmdm)
    DRV - [2011/08/30 01:35:44 | 000,113,168 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zgdcdiag.sys -- (zgdcdiag)
    DRV - [2011/08/30 01:35:44 | 000,113,168 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zgdcat.sys -- (zgdcat)
    DRV - [2011/08/30 01:35:44 | 000,015,896 | ---- | M] (HandSet Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter_LTE.sys -- (massfilter_lte)
    DRV - [2011/08/02 15:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
    DRV - [2011/05/04 04:36:32 | 000,027,192 | ---- | M] (Resplendence Software Projects Sp.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\rspSanity32.sys -- (rspSanity)
    DRV - [2011/03/29 18:14:08 | 000,122,992 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsX86.sys -- (Shockprf)
    DRV - [2011/03/29 18:12:16 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsHM86.sys -- (TPDIGIMN)
    DRV - [2011/03/18 08:46:26 | 000,061,704 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
    DRV - [2011/03/02 06:33:12 | 000,053,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BackupReader.sys -- (BackupReader)
    DRV - [2010/11/20 07:30:18 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
    DRV - [2010/11/20 05:50:40 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
    DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2010/09/07 07:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
    DRV - [2010/08/25 11:39:00 | 000,013,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\prwntdrv.sys -- (prwntdrv)
    DRV - [2010/07/28 22:25:02 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
    DRV - [2010/07/11 05:53:45 | 000,226,560 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcim.sys -- (Bcim)
    DRV - [2010/06/14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
    DRV - [2010/02/09 08:53:28 | 000,023,304 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MAudioLegacyKeyboard_DFU.sys -- (MADFULEGACYKEYBOARD)
    DRV - [2010/02/09 08:53:24 | 000,167,304 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MAudioLegacyKeyboard.sys -- (MAUSBLEGACYKEYBOARD)
    DRV - [2010/01/26 14:45:34 | 000,026,160 | ---- | M] (hantek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DSO2090X862.SYS -- (DSO20902)
    DRV - [2010/01/26 14:45:30 | 000,024,376 | ---- | M] (hantek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dso2090X861.sys -- (DSO20901)
    DRV - [2010/01/06 19:20:22 | 000,375,808 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTL8187)
    DRV - [2009/08/28 13:49:00 | 000,169,064 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
    DRV - [2009/08/27 14:06:32 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
    DRV - [2009/08/05 16:44:00 | 000,049,400 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
    DRV - [2009/08/05 14:55:00 | 000,061,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
    DRV - [2009/07/28 22:01:00 | 000,069,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
    DRV - [2009/07/24 13:31:00 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
    DRV - [2009/07/13 19:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
    DRV - [2009/07/13 17:13:46 | 000,242,176 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTICH3.SYS -- (VSTHWICH)
    DRV - [2009/07/13 17:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
    DRV - [2009/07/13 17:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2009/07/13 17:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2009/06/19 11:58:00 | 000,009,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Toshidpt.sys -- (toshidpt)
    DRV - [2009/06/19 11:57:00 | 000,079,872 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
    DRV - [2009/06/19 11:56:00 | 000,042,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
    DRV - [2009/06/17 13:59:00 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
    DRV - [2009/06/04 03:45:48 | 000,166,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV - [2009/05/20 10:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
    DRV - [2009/04/20 14:46:50 | 001,523,200 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2009/02/06 18:04:56 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
    DRV - [2008/07/28 21:45:00 | 000,904,192 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb)
    DRV - [2008/05/06 09:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
    DRV - [2007/12/19 04:40:34 | 000,053,760 | ---- | M] (Microchip Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mchpusb.sys -- (MCHPUSB)
    DRV - [2007/11/08 09:29:52 | 000,458,752 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302)
    DRV - [2007/07/04 19:57:54 | 000,873,472 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athru6.sys -- (athrusb6)
    DRV - [2007/03/06 19:08:46 | 002,595,840 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32)
    DRV - [2007/02/16 09:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
    DRV - [2005/04/19 18:38:00 | 000,016,384 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR.SYS -- (TPPWR)
    DRV - [2003/01/23 02:18:04 | 000,037,772 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ulink.sys -- (Usblink)
    DRV - [2002/05/16 21:41:46 | 000,024,776 | ---- | M] (Motorola) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\COMMSB96.sys -- (CommSB96)
    DRV - [2000/12/05 07:34:40 | 000,024,476 | ---- | M] (Motorola) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\COMMSBEP.sys -- (CommSBEP)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = removed link
    IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: removed link


    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1118010790-1470065544-1912479761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = removed link
    IE - HKU\S-1-5-21-1118010790-1470065544-1912479761-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-1118010790-1470065544-1912479761-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: removed link
    IE - HKU\S-1-5-21-1118010790-1470065544-1912479761-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: removed link
    IE - HKU\S-1-5-21-1118010790-1470065544-1912479761-1000\..\SearchScopes\{5F970FDE-702B-4ef9-920C-5F2848A5AF26}: removed link
    IE - HKU\S-1-5-21-1118010790-1470065544-1912479761-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: removed link
    IE - HKU\S-1-5-21-1118010790-1470065544-1912479761-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaulturl: removed link
    FF - prefs.js..browser.search.update: false
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "https://ixquick.com/|https://ixquick.com/eng/?&cat=web&query=&r=681211"
    FF - prefs.js..extensions.enabledAddons: eliteproxyswitcher%40my-proxy.com:1.2.0.2
    FF - prefs.js..extensions.enabledAddons: externalappbutton%40teo.pl:0.11
    FF - prefs.js..extensions.enabledAddons: proxyselector%40mozilla.org:1.22
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
    FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3
    FF - prefs.js..network.proxy.autoconfig_url: removed link
    FF - prefs.js..network.proxy.gopher: ""
    FF - prefs.js..network.proxy.gopher_port: 0
    FF - prefs.js..network.proxy.type: 0


    FF - HKLM\Software\MozillaPlugins\@3ds.com/3dxml: C:\Program Files\Dassault Systemes\3D XML Player\intel_a\code\bin\NP3DXMLPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll File not found
    FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll File not found

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ocr@babylon.com: C:\Program Files\Babylon\Babylon-Pro\Utils\ocr@babylon.com
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/12/11 08:49:38 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/12/11 08:49:41 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.2.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.2.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/12/11 08:49:38 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/12/11 08:49:41 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.2.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.2.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

    [2011/04/28 04:00:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\T42-Win7\AppData\Roaming\Mozilla\Extensions
    [2011/04/28 04:00:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\T42-Win7\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2013/12/13 08:29:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\T42-Win7\AppData\Roaming\Mozilla\Firefox\Profiles\q7kao55z.default\extensions
    [2013/09/15 11:16:11 | 000,000,000 | ---D | M] (Autocopy) -- C:\Users\T42-Win7\AppData\Roaming\Mozilla\Firefox\Profiles\q7kao55z.default\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
    [2013/12/13 08:29:36 | 000,000,000 | ---D | M] (Module d'Antidote) -- C:\Users\T42-Win7\AppData\Roaming\Mozilla\Firefox\Profiles\q7kao55z.default\extensions\antidote7_win_firefox_103@druide.com
    [2013/07/11 18:53:10 | 000,016,275 | ---- | M] () (No name found) -- C:\Users\T42-Win7\AppData\Roaming\Mozilla\Firefox\Profiles\q7kao55z.default\extensions\eliteproxyswitcher@my-proxy.com.xpi
    [2013/09/15 11:13:20 | 000,037,223 | ---- | M] () (No name found) -- C:\Users\T42-Win7\AppData\Roaming\Mozilla\Firefox\Profiles\q7kao55z.default\extensions\externalappbutton@teo.pl.xpi
    [2013/10/24 16:00:04 | 000,833,307 | ---- | M] () (No name found) -- C:\Users\T42-Win7\AppData\Roaming\Mozilla\Firefox\Profiles\q7kao55z.default\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi
    [2013/08/18 15:27:36 | 000,046,885 | ---- | M] () (No name found) -- C:\Users\T42-Win7\AppData\Roaming\Mozilla\Firefox\Profiles\q7kao55z.default\extensions\proxyselector@mozilla.org.xpi
    [2013/07/11 19:14:22 | 000,690,228 | ---- | M] () (No name found) -- C:\Users\T42-Win7\AppData\Roaming\Mozilla\Firefox\Profiles\q7kao55z.default\extensions\proxytool@proxylist.co.xpi
    [2012/05/10 10:13:09 | 000,246,320 | ---- | M] () (No name found) -- C:\Users\T42-Win7\AppData\Roaming\Mozilla\Firefox\Profiles\q7kao55z.default\extensions\syncplaces@andyhalford.com.xpi
    [2011/10/14 10:09:56 | 000,002,071 | ---- | M] () -- C:\Users\T42-Win7\AppData\Roaming\Mozilla\Firefox\Profiles\q7kao55z.default\searchplugins\absearch-search.xml
    [2013/07/21 12:39:49 | 000,001,645 | ---- | M] () -- C:\Users\T42-Win7\AppData\Roaming\Mozilla\Firefox\Profiles\q7kao55z.default\searchplugins\ixquick-custom-search.xml
    [2013/10/22 15:53:51 | 000,001,819 | ---- | M] () -- C:\Users\T42-Win7\AppData\Roaming\Mozilla\Firefox\Profiles\q7kao55z.default\searchplugins\ixquick-https.xml
    [2013/12/11 08:49:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/12/11 08:49:39 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2013/12/11 08:49:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2013/12/11 08:49:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2011/05/17 14:46:03 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml.moz-backup
    [2012/04/29 16:45:59 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
    [2011/04/24 16:18:27 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
    [2011/05/17 14:46:03 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml.moz-backup
    [2011/05/17 14:46:03 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml.moz-backup
    [2011/05/17 14:46:03 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml.moz-backup

    ========== Chrome ==========

    CHR - default_search_provider: ()
    CHR - default_search_provider: search_url =
    CHR - default_search_provider: suggest_url =
    CHR - homepage: removed link
    CHR - Extension: No name found = C:\Users\T42-Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.3.3_0\
    CHR - Extension: No name found = C:\Users\T42-Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0\
    CHR - Extension: No name found = C:\Users\T42-Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
    CHR - Extension: No name found = C:\Users\T42-Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: No name found = C:\Users\T42-Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
    CHR - Extension: No name found = C:\Users\T42-Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: No name found = C:\Users\T42-Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
    CHR - Extension: No name found = C:\Users\T42-Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2013/11/19 09:14:06 | 000,000,922 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 activate.adobe.com
    O1 - Hosts: 127.0.0.1 practivate.adobe.com
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll File not found
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (Astroburn Toolbar) - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - C:\Program Files\Astroburn Toolbar\ABToolbar.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
    O3 - HKU\S-1-5-21-1118010790-1470065544-1912479761-1000\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [AgentAntidote32] C:\Program Files\Druide\Antidote 8\Programmes32\AgentAntidote.exe (Druide informatique inc.)
    O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
    O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
    O4 - HKLM..\Run: [BMMGAG] C:\Program Files\ThinkPad\Utilities\PWRMONIT.DLL (IBM Corp.)
    O4 - HKLM..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE ()
    O4 - HKLM..\Run: [BMMMONWND] C:\Program Files\ThinkPad\Utilities\BATINFEX.DLL ()
    O4 - HKLM..\Run: [FileOpenBroker] C:\Program Files\FileOpen\Services\FileOpenBroker32.exe (FileOpen Systems Inc.)
    O4 - HKLM..\Run: [NPSStartup] File not found
    O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
    O4 - HKU\S-1-5-21-1118010790-1470065544-1912479761-1000..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKU\S-1-5-21-1118010790-1470065544-1912479761-1000..\Run: [AVG-Secure-Search-Update_0913b] C:\Users\T42-Win7\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 3b65b9b60f3d9a991f302eeef2ae2aa0-3d18f4ad89fcddc54426870831530db41067c46f --CMPID 0913b File not found
    O4 - HKU\S-1-5-21-1118010790-1470065544-1912479761-1000..\Run: [GoldenDict] C:\Program Files\GoldenDict\GoldenDict.exe (GoldenDict)
    O4 - HKU\S-1-5-21-1118010790-1470065544-1912479761-1000..\Run: [One.com] C:\Program Files\OnecomCloudDrive\Dlls\AppLauncher.exe File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\S-1-5-21-1118010790-1470065544-1912479761-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O9 - Extra Button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
    O9 - Extra 'Tools' menuitem : S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O13 - gopher Prefix: missing
    O15 - HKLM\..Trusted Domains: certifikat.dk ([]http in Trusted sites)
    O15 - HKLM\..Trusted Domains: certifikat.dk ([]https in Trusted sites)
    O15 - HKLM\..Trusted Domains: danid.dk ([]http in Trusted sites)
    O15 - HKLM\..Trusted Domains: danid.dk ([]https in Trusted sites)
    O15 - HKLM\..Trusted Domains: nets-danid.dk ([]http in Trusted sites)
    O15 - HKLM\..Trusted Domains: nets-danid.dk ([]https in Trusted sites)
    O15 - HKU\S-1-5-21-1118010790-1470065544-1912479761-1000\..Trusted Domains: certifikat.dk ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-1118010790-1470065544-1912479761-1000\..Trusted Domains: certifikat.dk ([]https in Trusted sites)
    O15 - HKU\S-1-5-21-1118010790-1470065544-1912479761-1000\..Trusted Domains: danid.dk ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-1118010790-1470065544-1912479761-1000\..Trusted Domains: danid.dk ([]https in Trusted sites)
    O15 - HKU\S-1-5-21-1118010790-1470065544-1912479761-1000\..Trusted Domains: nets-danid.dk ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-1118010790-1470065544-1912479761-1000\..Trusted Domains: nets-danid.dk ([]https in Trusted sites)
    O15 - HKU\S-1-5-21-1118010790-1470065544-1912479761-1000\..Trusted Domains: virk.dk ([]https in Trusted sites)
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0444CCCA-83EA-439C-A9C9-F2F5D0A3DFAB}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07D255C3-A699-413A-88A5-9EEF785E4DB3}: DhcpNameServer = 192.168.2.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2012/08/09 23:58:10 | 000,000,016 | -H-- | M] () - F:\AUTORUN.INF -- [ FAT32 ]
    O32 - AutoRun File - [2012/09/11 19:33:44 | 004,964,295 | ---- | M] () - F:\Autoclave_18L_guide_EN1.pdf -- [ FAT32 ]
    O32 - AutoRun File - [2012/08/09 23:58:10 | 000,000,016 | -H-- | M] () - F:\AUTORUN_.INF -- [ FAT32 ]
    O33 - MountPoints2\{0fcd5888-7270-11df-ac13-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{0fcd5888-7270-11df-ac13-806e6f6e6963}\Shell\AutoRun\command - "" = E:\
    O33 - MountPoints2\{0fcd5888-7270-11df-ac13-806e6f6e6963}\Shell\linuxlive\command - "" = VirtualBox\Virtualize_This_Key.exe
    O33 - MountPoints2\{0fcd5888-7270-11df-ac13-806e6f6e6963}\Shell\linuxlive2\command - "" = VirtualBox\VirtualBox.exe
    O33 - MountPoints2\{0fcd5888-7270-11df-ac13-806e6f6e6963}\Shell\linuxlive3\command - "" = G:\wubi.exe
    O33 - MountPoints2\{0fcd5888-7270-11df-ac13-806e6f6e6963}\Shell\linuxlive4\command - "" = H:\wubi.exe
    O33 - MountPoints2\{4431480a-0f9d-11e1-bbb2-00164113bfe4}\Shell - "" = AutoRun
    O33 - MountPoints2\{4431480a-0f9d-11e1-bbb2-00164113bfe4}\Shell\AutoRun\command - "" = E:\
    O33 - MountPoints2\{4431480a-0f9d-11e1-bbb2-00164113bfe4}\Shell\linuxlive\command - "" = VirtualBox\Virtualize_This_Key.exe
    O33 - MountPoints2\{4431480a-0f9d-11e1-bbb2-00164113bfe4}\Shell\linuxlive2\command - "" = VirtualBox\VirtualBox.exe
    O33 - MountPoints2\{4431480a-0f9d-11e1-bbb2-00164113bfe4}\Shell\linuxlive3\command - "" = G:\wubi.exe
    O33 - MountPoints2\{4431480a-0f9d-11e1-bbb2-00164113bfe4}\Shell\linuxlive4\command - "" = H:\wubi.exe
    O33 - MountPoints2\{44314817-0f9d-11e1-bbb2-00164113bfe4}\Shell - "" = AutoRun
    O33 - MountPoints2\{44314817-0f9d-11e1-bbb2-00164113bfe4}\Shell\AutoRun\command - "" = E:\
    O33 - MountPoints2\{44314817-0f9d-11e1-bbb2-00164113bfe4}\Shell\linuxlive\command - "" = VirtualBox\Virtualize_This_Key.exe
    O33 - MountPoints2\{44314817-0f9d-11e1-bbb2-00164113bfe4}\Shell\linuxlive2\command - "" = VirtualBox\VirtualBox.exe
    O33 - MountPoints2\{44314817-0f9d-11e1-bbb2-00164113bfe4}\Shell\linuxlive3\command - "" = G:\wubi.exe
    O33 - MountPoints2\{44314817-0f9d-11e1-bbb2-00164113bfe4}\Shell\linuxlive4\command - "" = H:\wubi.exe
    O33 - MountPoints2\{446333be-4f74-11e2-9c0c-001e101f8924}\Shell - "" = AutoRun
    O33 - MountPoints2\{446333be-4f74-11e2-9c0c-001e101f8924}\Shell\AutoRun\command - "" = E:\
    O33 - MountPoints2\{446333be-4f74-11e2-9c0c-001e101f8924}\Shell\linuxlive\command - "" = VirtualBox\Virtualize_This_Key.exe
    O33 - MountPoints2\{446333be-4f74-11e2-9c0c-001e101f8924}\Shell\linuxlive2\command - "" = VirtualBox\VirtualBox.exe
    O33 - MountPoints2\{446333be-4f74-11e2-9c0c-001e101f8924}\Shell\linuxlive3\command - "" = G:\wubi.exe
    O33 - MountPoints2\{446333be-4f74-11e2-9c0c-001e101f8924}\Shell\linuxlive4\command - "" = H:\wubi.exe
    O33 - MountPoints2\{9d156167-76e1-11e2-91f6-00164113bfe4}\Shell - "" = AutoRun
    O33 - MountPoints2\{9d156167-76e1-11e2-91f6-00164113bfe4}\Shell\AutoRun\command - "" = J:\
    O33 - MountPoints2\{9d156167-76e1-11e2-91f6-00164113bfe4}\Shell\linuxlive\command - "" = VirtualBox\Virtualize_This_Key.exe
    O33 - MountPoints2\{9d156167-76e1-11e2-91f6-00164113bfe4}\Shell\linuxlive2\command - "" = VirtualBox\VirtualBox.exe
    O33 - MountPoints2\{9d156167-76e1-11e2-91f6-00164113bfe4}\Shell\linuxlive3\command - "" = G:\wubi.exe
    O33 - MountPoints2\{9d156167-76e1-11e2-91f6-00164113bfe4}\Shell\linuxlive4\command - "" = H:\wubi.exe
    O33 - MountPoints2\{a5eacadb-7cd3-11e0-a7a6-00164113bfe4}\Shell - "" = AutoRun
    O33 - MountPoints2\{a5eacadb-7cd3-11e0-a7a6-00164113bfe4}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
    O33 - MountPoints2\G\Shell - "" = AutoRun
    O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\
    O33 - MountPoints2\G\Shell\linuxlive\command - "" = VirtualBox\Virtualize_This_Key.exe
    O33 - MountPoints2\G\Shell\linuxlive2\command - "" = VirtualBox\VirtualBox.exe
    O33 - MountPoints2\G\Shell\linuxlive3\command - "" = G:\wubi.exe
    O33 - MountPoints2\G\Shell\linuxlive4\command - "" = H:\wubi.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/12/26 21:45:34 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2013/12/26 21:40:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2013/12/26 21:34:53 | 000,000,000 | --SD | C] -- C:\FC.com
    [2013/12/26 19:29:57 | 000,000,000 | ---D | C] -- C:\FRST
    [2013/12/26 19:29:44 | 001,061,649 | ---- | C] (Farbar) -- C:\Users\T42-Win7\Desktop\FRST.exe
    [2013/12/26 18:57:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2013/12/26 18:57:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2013/12/26 18:57:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2013/12/26 18:57:10 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/12/26 18:50:05 | 001,937,144 | ---- | C] (Bleeping Computer, LLC) -- C:\rkill.exe.com
    [2013/12/26 18:49:34 | 001,937,144 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\T42-Win7\Desktop\rkill.exe.com
    [2013/12/26 18:30:08 | 000,000,000 | ---D | C] -- C:\Users\T42-Win7\Desktop\New Folder
    [2013/12/26 18:29:13 | 000,000,000 | ---D | C] -- C:\Users\T42-Win7\Desktop\rootrepeal
    [2013/12/26 16:02:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
    [2013/12/26 16:02:22 | 000,000,000 | ---D | C] -- C:\Users\T42-Win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
    [2013/12/26 16:02:18 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
    [2013/12/26 15:05:53 | 000,104,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    [2013/12/26 15:05:32 | 000,074,456 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
    [2013/12/26 14:58:33 | 081,224,032 | ---- | C] (Sophos Limited) -- C:\Users\T42-Win7\Desktop\Sophos Virus Removal Tool.exe
    [2013/12/26 14:58:33 | 000,782,640 | ---- | C] (McAfee, Inc.) -- C:\Users\T42-Win7\Desktop\rootkitremover.exe
    [2013/12/26 14:49:30 | 000,000,000 | ---D | C] -- C:\Users\T42-Win7\Desktop\mbam-chameleon-1.62.1.1000
    [2013/12/26 14:12:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\T42-Win7\Desktop\OTL.exe
    [2013/12/26 13:53:40 | 005,158,590 | R--- | C] (Swearware) -- C:\Users\T42-Win7\Desktop\FC.com.exe
    [2013/12/25 08:52:48 | 012,582,688 | ---- | C] (Malwarebytes Corp.) -- C:\Users\T42-Win7\Desktop\mbar-1.07.0.1008.exe
    [2013/12/24 19:28:08 | 004,121,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\T42-Win7\Desktop\tdsskiller.exe
    [2013/12/24 19:28:08 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\T42-Win7\Desktop\dds.com
    [2013/12/24 19:28:07 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\T42-Win7\Desktop\aswmbr.exe
    [2013/12/24 19:06:20 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2013/12/24 17:03:02 | 012,184,544 | ---- | C] (OPSWAT, Inc.) -- C:\Users\T42-Win7\Desktop\AppRemover.exe
    [2013/12/24 14:19:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    [2013/12/24 14:16:38 | 000,000,000 | ---D | C] -- C:\Users\T42-Win7\Desktop\mbar
    [2013/12/14 22:32:29 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2013/12/14 22:32:27 | 002,877,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
    [2013/12/14 22:32:26 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2013/12/14 22:32:24 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
    [2013/12/14 22:32:23 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2013/12/14 22:32:22 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2013/12/14 22:32:22 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
    [2013/12/14 22:32:22 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
    [2013/12/14 22:32:21 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
    [2013/12/14 22:32:21 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
    [2013/12/14 22:30:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
    [2013/12/14 22:30:10 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
    [2013/12/14 22:29:31 | 002,349,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2013/12/14 22:29:03 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
    [2013/12/14 22:29:03 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
    [2013/12/11 08:49:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013/12/10 22:54:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
    [2013/12/07 11:48:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung New PC Studio
    [2013/12/07 11:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Printers
    [2013/12/07 11:40:04 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
    [2013/12/07 11:35:54 | 000,000,000 | ---D | C] -- C:\Users\T42-Win7\AppData\Local\Downloaded Installations
    [2013/12/07 10:58:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung PC Studio 7
    [2013/12/02 10:22:10 | 000,000,000 | ---D | C] -- C:\Program Files\OpenVPN
    [2011/09/29 01:11:06 | 000,431,888 | R--- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\riched20.dll

    ========== Files - Modified Within 30 Days ==========

    [2013/12/27 06:47:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/12/26 21:47:07 | 000,710,674 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2013/12/26 21:47:07 | 000,140,752 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2013/12/26 21:45:24 | 000,030,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/12/26 21:45:24 | 000,030,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/12/26 21:41:02 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/12/26 21:40:18 | 000,000,022 | ---- | M] () -- C:\Windows\S.dirmngr
    [2013/12/26 21:39:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/12/26 21:39:48 | 1609,818,112 | -HS- | M] () -- C:\hiberfil.sys
    [2013/12/26 19:56:30 | 005,158,590 | R--- | M] (Swearware) -- C:\Users\T42-Win7\Desktop\FC.com.exe
    [2013/12/26 19:17:50 | 001,061,649 | ---- | M] (Farbar) -- C:\Users\T42-Win7\Desktop\FRST.exe
    [2013/12/26 18:43:08 | 001,937,144 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\T42-Win7\Desktop\rkill.exe.com
    [2013/12/26 18:43:08 | 001,937,144 | ---- | M] (Bleeping Computer, LLC) -- C:\rkill.exe.com
    [2013/12/26 16:02:23 | 000,003,209 | ---- | M] () -- C:\Users\T42-Win7\Desktop\Sophos Virus Removal Tool.lnk
    [2013/12/26 15:05:53 | 000,104,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    [2013/12/26 15:05:32 | 000,074,456 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
    [2013/12/26 14:49:21 | 001,440,846 | ---- | M] () -- C:\Users\T42-Win7\Desktop\mbam-chameleon-1.62.1.1000.zip
    [2013/12/26 14:48:26 | 081,224,032 | ---- | M] (Sophos Limited) -- C:\Users\T42-Win7\Desktop\Sophos Virus Removal Tool.exe
    [2013/12/26 14:46:26 | 000,377,856 | ---- | M] () -- C:\Users\T42-Win7\Desktop\x5GM00ERj.exe
    [2013/12/26 14:41:06 | 000,782,640 | ---- | M] (McAfee, Inc.) -- C:\Users\T42-Win7\Desktop\rootkitremover.exe
    [2013/12/25 10:49:09 | 000,000,512 | ---- | M] () -- C:\Users\T42-Win7\Desktop\MBR.dat
    [2013/12/25 08:53:25 | 012,582,688 | ---- | M] (Malwarebytes Corp.) -- C:\Users\T42-Win7\Desktop\mbar-1.07.0.1008.exe
    [2013/12/24 20:41:31 | 000,000,620 | ---- | M] () -- C:\Users\T42-Win7\Desktop\ComboFix - Shortcut.lnk
    [2013/12/24 19:36:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\T42-Win7\Desktop\OTL.exe
    [2013/12/24 19:08:22 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\T42-Win7\Desktop\aswmbr.exe
    [2013/12/24 18:31:56 | 004,121,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\T42-Win7\Desktop\tdsskiller.exe
    [2013/12/24 18:28:12 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\T42-Win7\Desktop\dds.com
    [2013/12/24 17:11:30 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/12/24 14:41:00 | 012,184,544 | ---- | M] (OPSWAT, Inc.) -- C:\Users\T42-Win7\Desktop\AppRemover.exe
    [2013/12/23 22:25:13 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2013/12/23 22:25:13 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2013/12/15 09:06:45 | 003,770,552 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2013/12/11 19:17:24 | 000,001,150 | ---- | M] () -- C:\Users\T42-Win7\Desktop\test.htm
    [2013/12/11 18:51:38 | 000,000,103 | ---- | M] () -- C:\Users\T42-Win7\Desktop\completed.htm
    [2013/12/11 18:50:38 | 000,000,103 | ---- | M] () -- C:\Users\T42-Win7\Desktop\cancelled.htm
    [2013/12/11 09:00:23 | 000,002,000 | ---- | M] () -- C:\Users\T42-Win7\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2013/12/10 12:06:07 | 000,131,072 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
    [2013/12/09 15:02:43 | 000,000,232 | ---- | M] () -- C:\Users\T42-Win7\Desktop\montrealweather.html
    [2013/12/07 11:48:19 | 000,002,084 | ---- | M] () -- C:\Users\T42-Win7\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung New PC Studio.lnk
    [2013/12/07 11:48:19 | 000,002,060 | ---- | M] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk
    [2013/12/07 10:58:42 | 000,002,551 | ---- | M] () -- C:\Users\Public\Desktop\Samsung PC Studio 7.lnk
    [2013/12/02 10:22:34 | 000,001,055 | ---- | M] () -- C:\Users\Public\Desktop\OpenVPN GUI.lnk

    ========== Files Created - No Company Name ==========

    [2013/12/26 21:29:26 | 000,000,022 | ---- | C] () -- C:\Windows\S.dirmngr
    [2013/12/26 18:57:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013/12/26 18:57:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013/12/26 18:57:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013/12/26 18:57:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013/12/26 18:57:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013/12/26 16:02:23 | 000,003,209 | ---- | C] () -- C:\Users\T42-Win7\Desktop\Sophos Virus Removal Tool.lnk
    [2013/12/26 14:58:39 | 000,377,856 | ---- | C] () -- C:\Users\T42-Win7\Desktop\x5GM00ERj.exe
    [2013/12/26 14:49:09 | 001,440,846 | ---- | C] () -- C:\Users\T42-Win7\Desktop\mbam-chameleon-1.62.1.1000.zip
    [2013/12/25 10:49:09 | 000,000,512 | ---- | C] () -- C:\Users\T42-Win7\Desktop\MBR.dat
    [2013/12/24 20:41:31 | 000,000,620 | ---- | C] () -- C:\Users\T42-Win7\Desktop\ComboFix - Shortcut.lnk
    [2013/12/11 18:53:56 | 000,001,150 | ---- | C] () -- C:\Users\T42-Win7\Desktop\test.htm
    [2013/12/11 18:38:30 | 000,000,103 | ---- | C] () -- C:\Users\T42-Win7\Desktop\completed.htm
    [2013/12/11 18:38:02 | 000,000,103 | ---- | C] () -- C:\Users\T42-Win7\Desktop\cancelled.htm
    [2013/12/09 14:56:29 | 000,000,232 | ---- | C] () -- C:\Users\T42-Win7\Desktop\montrealweather.html
    [2013/12/07 12:31:53 | 000,131,072 | ---- | C] () -- C:\Windows\System32\Ikeext.etl
    [2013/12/07 11:48:19 | 000,002,084 | ---- | C] () -- C:\Users\T42-Win7\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung New PC Studio.lnk
    [2013/12/07 11:48:19 | 000,002,060 | ---- | C] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk
    [2013/12/07 10:58:42 | 000,002,551 | ---- | C] () -- C:\Users\Public\Desktop\Samsung PC Studio 7.lnk
    [2013/11/01 16:45:06 | 000,001,471 | ---- | C] () -- C:\Users\T42-Win7\AppData\Local\recently-used.xbel
    [2013/10/12 14:33:21 | 000,000,148 | -H-- | C] () -- C:\Windows\System32\WP007377.bin
    [2013/10/12 14:33:21 | 000,000,148 | -H-- | C] () -- C:\Windows\AF683760.bin
    [2013/10/01 15:35:29 | 000,216,064 | ---- | C] () -- C:\Windows\System32\gcapi_dll.dll
    [2013/07/20 14:19:05 | 000,000,258 | RHS- | C] () -- C:\Users\T42-Win7\ntuser.pol
    [2013/07/12 11:08:04 | 000,002,327 | ---- | C] () -- C:\Users\T42-Win7\bx86.bat
    [2013/07/12 10:42:06 | 000,707,354 | ---- | C] () -- C:\Windows\unins000.exe
    [2013/07/12 10:42:06 | 000,003,638 | ---- | C] () -- C:\Windows\unins000.dat
    [2013/06/04 08:40:37 | 000,000,293 | ---- | C] () -- C:\Windows\dellstat.ini
    [2013/06/04 08:39:34 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlbcserv.dll
    [2013/06/04 08:39:34 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlbcusb1.dll
    [2013/06/04 08:39:34 | 000,413,696 | ---- | C] () -- C:\Windows\System32\dlbcutil.dll
    [2013/06/04 08:39:34 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlbcinpa.dll
    [2013/06/04 08:39:34 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlbciesc.dll
    [2013/06/04 08:39:34 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\DLBChcp.dll
    [2013/06/04 08:39:34 | 000,274,432 | ---- | C] () -- C:\Windows\System32\DLBCinst.dll
    [2013/06/04 08:39:33 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlbcpmui.dll
    [2013/06/04 08:39:33 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlbclmpm.dll
    [2013/06/04 08:39:33 | 000,483,328 | ---- | C] ( ) -- C:\Windows\System32\dlbcjswr.dll
    [2013/06/04 08:39:33 | 000,386,544 | ---- | C] ( ) -- C:\Windows\System32\dlbcih.exe
    [2013/06/04 08:39:33 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlbcprox.dll
    [2013/06/04 08:39:33 | 000,155,648 | ---- | C] () -- C:\Windows\System32\dlbcinsb.dll
    [2013/06/04 08:39:33 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlbcpplc.dll
    [2013/06/04 08:39:32 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlbchbn3.dll
    [2013/06/04 08:39:32 | 000,538,096 | ---- | C] ( ) -- C:\Windows\System32\dlbccoms.exe
    [2013/06/04 08:39:32 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dlbccur.dll
    [2013/06/04 08:39:32 | 000,073,728 | ---- | C] ( ) -- C:\Windows\System32\dlbccu.dll
    [2013/06/04 08:39:31 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlbccomc.dll
    [2013/06/04 08:39:31 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlbccomm.dll
    [2013/06/04 08:39:31 | 000,382,448 | ---- | C] ( ) -- C:\Windows\System32\dlbccfg.exe
    [2013/06/04 08:38:24 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlbcvs.dll
    [2013/06/04 08:38:23 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlbccoin.dll
    [2013/05/21 15:06:32 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
    [2013/03/01 09:01:26 | 000,038,495 | ---- | C] () -- C:\Users\T42-Win7\AppData\Roaming\Comma Separated Values (Windows).ADR
    [2013/01/01 04:36:10 | 000,099,400 | ---- | C] () -- C:\Windows\System32\setupprwdrv03.exe
    [2013/01/01 04:36:10 | 000,013,704 | ---- | C] () -- C:\Windows\System32\prwntdrv.sys
    [2012/09/19 04:07:52 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2012/08/14 04:28:55 | 000,073,728 | ---- | C] () -- C:\Windows\System32\HPMLVS60.dll
    [2012/08/12 04:03:58 | 000,092,160 | ---- | C] () -- C:\Windows\smgrinst.exe
    [2012/08/12 04:03:53 | 000,124,792 | ---- | C] () -- C:\Windows\Wiainst.exe
    [2012/08/12 03:38:17 | 000,026,624 | ---- | C] () -- C:\Windows\System32\sso2ml3.dll
    [2012/08/03 09:08:31 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
    [2012/08/03 09:08:30 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
    [2012/07/30 06:16:18 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
    [2012/07/30 06:16:18 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
    [2012/07/30 06:16:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
    [2012/07/30 06:16:18 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
    [2012/07/28 11:03:42 | 000,009,379 | ---- | C] () -- C:\Users\T42-Win7\AppData\Local\Temp28.html
    [2012/07/26 04:05:39 | 000,010,103 | ---- | C] () -- C:\Users\T42-Win7\AppData\Local\Temp54.html
    [2012/07/26 04:05:28 | 000,003,193 | ---- | C] () -- C:\Users\T42-Win7\AppData\Local\Temp35.html
    [2012/07/25 04:37:47 | 000,001,293 | ---- | C] () -- C:\Users\T42-Win7\AppData\Local\Temp1.html
    [2012/07/20 00:10:37 | 000,027,520 | ---- | C] () -- C:\Users\T42-Win7\AppData\Local\dt.dat
    [2012/07/14 09:04:00 | 000,037,772 | ---- | C] () -- C:\Windows\System32\drivers\ulink.sys
    [2012/07/14 09:04:00 | 000,005,406 | ---- | C] () -- C:\Windows\System32\drivers\M5633.BIN
    [2012/07/02 03:52:54 | 000,184,320 | ---- | C] () -- C:\Windows\TPBATHLP.EXE
    [2012/06/23 10:28:50 | 000,001,533 | ---- | C] () -- C:\Users\T42-Win7\.davmail.properties
    [2012/06/19 14:05:03 | 000,303,104 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
    [2012/05/23 16:55:02 | 000,001,801 | ---- | C] () -- C:\Windows\unvpeye.ini
    [2012/05/23 16:51:44 | 000,000,392 | ---- | C] () -- C:\Windows\WebEye.ini
    [2012/05/23 14:47:41 | 000,040,960 | ---- | C] () -- C:\Windows\98Setup.exe
    [2012/05/23 14:47:39 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP7302.ini
    [2012/05/15 07:36:05 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
    [2012/02/29 10:59:15 | 000,046,592 | ---- | C] () -- C:\Windows\io.dll
    [2012/02/16 09:42:15 | 000,098,304 | ---- | C] () -- C:\Windows\System32\jspWin.dll
    [2012/02/13 05:31:00 | 000,081,920 | ---- | C] () -- C:\Windows\System32\MPMapTrace.dll
    [2012/02/13 04:40:18 | 000,364,544 | ---- | C] () -- C:\Windows\System32\mpPathan.dll
    [2012/02/01 11:42:32 | 000,008,704 | ---- | C] () -- C:\Users\T42-Win7\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/11/12 18:44:07 | 000,006,746 | ---- | C] () -- C:\Users\T42-Win7\logo.png
    [2011/11/02 11:44:41 | 000,007,608 | ---- | C] () -- C:\Users\T42-Win7\AppData\Local\Resmon.ResmonCfg
    [2011/10/31 08:27:13 | 000,000,551 | ---- | C] () -- C:\Users\T42-Win7\AppData\Roaming\AutoGK.ini
    [2011/04/25 15:44:52 | 000,000,001 | ---- | C] () -- C:\Users\T42-Win7\temp.dat
    [2010/04/17 15:52:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

    ========== ZeroAccess Check ==========

    [2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2013/01/11 01:35:45 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
    [2013/01/11 01:35:45 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
    [2013/01/11 01:35:45 | 000,000,000 | ---D | M] -- C:\Users\DefaultAppPool\AppData\Roaming\TuneUp Software
    [2013/07/18 15:24:58 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\.kde
    [2013/03/09 08:11:42 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\4Team
    [2012/09/08 12:17:08 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\Artisteer
    [2011/05/09 17:12:20 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\Astroburn Lite
    [2013/08/24 14:49:59 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\Audacity
    [2011/10/31 14:37:28 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\Broderbund
    [2013/10/22 19:27:02 | 000,000,000 | -HSD | M] -- C:\Users\T42-Win7\AppData\Roaming\Common
    [2012/02/09 11:46:02 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\ControlCenter4
    [2011/04/27 14:27:16 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\Cryptomathic
    [2013/06/10 13:28:31 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\DAEMON Tools Lite
    [2013/04/01 12:53:52 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\DassaultSystemes
    [2011/04/23 03:49:38 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\DriverFinder
    [2013/07/19 07:55:08 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\Dropbox
    [2013/10/12 14:23:13 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\Druide
    [2013/04/18 09:07:55 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\EndNote
    [2011/10/14 10:05:52 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\FileOpen
    [2013/12/11 20:39:05 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\FileZilla
    [2013/10/09 18:05:15 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\Foxit Software
    [2013/11/05 10:04:08 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\gnupg
    [2013/12/26 21:24:36 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\GoldenDict
    [2012/07/02 12:40:12 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\gtk-2.0
    [2012/03/11 09:59:17 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\HandyTimer
    [2013/09/24 09:56:40 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\ImgBurn
    [2013/08/29 10:59:13 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\InfraRecorder
    [2011/04/24 16:15:34 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\IrfanView
    [2013/07/25 12:10:03 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\Juniper Networks
    [2013/10/08 12:57:53 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\LibreOffice
    [2012/07/20 04:27:34 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\MapInfo
    [2012/07/19 02:47:55 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\MapWindow
    [2013/09/23 09:45:37 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\Microchip
    [2013/03/01 13:01:01 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\MyPhoneExplorer
    [2012/08/17 08:15:22 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\Nokia
    [2012/01/08 12:20:23 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\Nuance
    [2013/11/01 16:26:12 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\OnecomCloudDrive
    [2010/06/11 01:57:13 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\OpenOffice.org
    [2012/08/17 08:15:25 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\PC Suite
    [2013/08/20 08:59:52 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\PDF Architect
    [2012/05/16 03:14:06 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\PDF Software
    [2013/03/28 15:41:48 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\pdfforge
    [2012/04/24 12:43:07 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\PrimoPDF
    [2012/06/11 11:07:30 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\PwrMgr
    [2013/12/07 11:41:08 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\Samsung
    [2013/06/16 17:08:02 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\SketchUp
    [2011/11/20 23:28:36 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\Softplicity
    [2011/11/03 07:55:51 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\SystemRequirementsLab
    [2013/04/02 03:41:31 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\TeamViewer
    [2013/06/28 21:19:24 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\Termite
    [2012/07/04 10:32:46 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\Thunderbird
    [2013/05/20 02:55:44 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\Tracktion
    [2012/12/17 10:18:56 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\TuneUp Software
    [2013/05/21 13:58:49 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\URSoft
    [2013/10/22 19:44:47 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\uTorrent
    [2013/09/17 21:52:44 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\VideoEditor
    [2011/11/08 11:59:33 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\WinZip
    [2012/01/08 12:20:39 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\Zeon

    ========== Purity Check ==========

    < End of report >

    OTL Extras logfile created on: 27/12/2013 07:19:22 - Run 3
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\T42-Win7\Desktop
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16750)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 54.64% Memory free
    4.00 Gb Paging File | 3.02 Gb Available in Paging File | 75.53% Paging File free
    Paging file location(s): c:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 59.05 Gb Total Space | 15.56 Gb Free Space | 26.35% Space Free | Partition Type: NTFS
    Drive D: | 79.10 Gb Total Space | 3.96 Gb Free Space | 5.01% Space Free | Partition Type: NTFS
    Drive F: | 3.61 Gb Total Space | 1.33 Gb Free Space | 36.85% Space Free | Partition Type: FAT32

    Computer Name: T42-WIN7 | User Name: T42-Win7 | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\S-1-5-21-1118010790-1470065544-1912479761-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0850BD82-8ED3-4140-B3CC-B260BE0D10AF}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{148F1974-F09C-4EE3-A317-A1748763F55D}" = rport=139 | protocol=6 | dir=out | app=system |
    "{19CA4154-0E02-4E2F-A0C4-D210EA6213D5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{1DEFB0C3-8C49-47A8-AD13-39BBB5B297F8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{21610ECB-B5F6-47DF-A314-607E6E0CA2FE}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{2179ED44-6063-4EB7-83BD-7B091BA77F79}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{2C0B4213-139C-4989-9EBD-49DE899179AA}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{2C2BB185-5B1E-4572-A04A-089A9F433FAB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{374DCBA9-6287-4576-BE26-80083306784C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{3802637D-D3DF-4855-B309-157B8E11D682}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{3E4241D2-E11C-474C-89FF-CD80C9995686}" = lport=137 | protocol=17 | dir=in | app=system |
    "{4179677A-3023-4103-8AE3-8419B9910163}" = rport=137 | protocol=17 | dir=out | app=system |
    "{4CD30EBB-DFD6-4510-B522-1AFDC257FC98}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{5E3C2345-A7A2-4564-AB7E-A0E4296D73F5}" = lport=3702 | protocol=17 | dir=in | app=c:\program files\microsoft visual studio 11.0\common7\ide\wdexpress.exe |
    "{6419BEEA-67DB-4219-A975-5F67156AA858}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
    "{718EA571-E36B-46F0-A8E0-C94C78038238}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{75EC0FA1-B361-46FB-98AB-8CCE8F6A85CA}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{78D6B1C7-28CB-4B5B-95D8-89549FA5374A}" = lport=139 | protocol=6 | dir=in | app=system |
    "{7DB501A3-30A5-4C2B-A531-8E760809E741}" = lport=445 | protocol=6 | dir=in | app=system |
    "{860AA3CB-F6D5-4792-8092-8150B8590B19}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{8E0E6FB1-AEEA-4F8F-83CC-B8CDDD943EC5}" = lport=138 | protocol=17 | dir=in | app=system |
    "{909BD4BE-2E54-4198-969A-33A9D7AE2BF7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{98AD13AD-40F7-415F-BD32-B7D5D0CCD059}" = rport=2869 | protocol=6 | dir=out | app=system |
    "{A6A53265-0E17-42B2-ADC4-44BA5712AD35}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
    "{A726362D-BA9F-428A-A574-7BEE2B4A60C1}" = rport=138 | protocol=17 | dir=out | app=system |
    "{A834D71C-4BFF-47E4-92AF-4E8E18056E94}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{AE090CFD-383D-4EB3-BF61-5DBC8E87A73E}" = rport=445 | protocol=6 | dir=out | app=system |
    "{B1B2067A-3DDE-4633-B6A9-CC49823CF4BE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{B4C02D5A-0C25-4243-B6D0-6919AAA82848}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{BD53AAD4-5146-4AB0-8EE8-A4EB51EB06D7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{C0A186E0-FD45-4E2C-AC7F-8C75AD6F2D9D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{D9E6DA02-F88D-4778-B254-D893B6437D88}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{F59EE8D3-4CA0-48AB-9BEA-1DF9F6F9C310}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{F862B7A9-13A0-41E4-87BD-9CAA44D71864}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{031AEC9D-57FB-4E60-99E5-79A099BA6B19}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scx4623\sscan2io.exe |
    "{0B563C93-BCC2-45E2-9D2B-0605A9A09B2E}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe |
    "{10D3A599-02FA-442E-A4D8-6A2D03138A11}" = protocol=6 | dir=in | app=c:\program files\openvpn\bin\openvpnserv.exe |
    "{14C1905C-BA71-4ED9-968E-FF15544CECD3}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scx4623\sscan2io.exe |
    "{15DD81BB-0929-4FC8-888D-617C1D039657}" = protocol=6 | dir=in | app=c:\belkin\printserver\setup.exe |
    "{1922411B-4BD1-49A9-B737-A1CBFB082920}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dlbcpswx.exe |
    "{19F4A129-C067-44C9-84D2-99504BD24E4E}" = protocol=17 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe |
    "{1C0FC120-46A7-43F4-8FED-672B056C0B3B}" = protocol=6 | dir=in | app=c:\program files\diafaan sms server\diafaanmessageserver.exe |
    "{1C44A4FE-7F66-44CC-95DD-05CDCF4F37A7}" = dir=in | app=c:\program files\hp\hp photosmart 7510 series\bin\hpnetworkcommunicator.exe |
    "{1D32AD94-E86C-4233-9AEA-9C8249FBC354}" = protocol=6 | dir=in | app=c:\program files\flashintegro\videoeditor\videoeditor.exe |
    "{1D64267B-9A51-40E4-BE1E-E13E4EF65353}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{21FE640F-E289-4FFD-8C47-72BEA9109078}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{242D01E1-9D71-4231-8F69-8620C25D3C59}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{2C89315C-80DC-4070-AC4C-2C38A3A1471A}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scx4623\scan2pc.exe |
    "{2CB55D73-9F0D-485F-A6D9-39C7B91C57AF}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
    "{3D8DACB0-732F-459C-BB09-28F94D653B1F}" = protocol=6 | dir=in | app=c:\users\t42-win7\appdata\roaming\dropbox\bin\dropbox.exe |
    "{3E213315-3DD6-4EB2-AF3B-189575834AE1}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
    "{4159D090-7E52-4200-88E9-4DDE6551C1A3}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
    "{42069D39-36C7-4AE5-AF38-9628B5826704}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
    "{460C55A1-8010-4283-A51D-EF7344B2B749}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{467C80C3-5B34-4072-84AB-8A6EA57228D8}" = protocol=17 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe |
    "{4AF5FC25-E44D-433A-A199-41D2126F2E3B}" = protocol=17 | dir=in | app=c:\windows\system32\dlbccoms.exe |
    "{4CABA915-2BCF-4B2D-A77B-5211F59E43D9}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
    "{4E43BD39-727F-4EDE-9F3B-35FF06D4D829}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{4FEFBF82-2497-4F53-9164-DE69BDCE0626}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
    "{509FAD5D-BC13-4FB9-AC12-82F2D75998C1}" = protocol=17 | dir=in | app=c:\program files\openvpn\bin\openvpn.exe |
    "{52A26245-AC3F-4312-AC94-001DF55FD7BB}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{53B64D00-4FEA-4B3B-9869-EACF2B756660}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
    "{5C26C26B-7801-4F6D-BBDC-03775135CEA1}" = protocol=17 | dir=in | app=c:\users\t42-win7\appdata\roaming\dropbox\bin\dropbox.exe |
    "{64FA24A3-7C8B-4256-99C5-A6ACB3FDD998}" = protocol=17 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe |
    "{66A8E8C0-9257-48A8-B559-07CB228DFCC0}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1005mc.exe |
    "{68EC30E2-97BC-4F35-A231-2D1510060A14}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1005mc.exe |
    "{698E80AC-A296-4C15-87FD-D5C467F440F8}" = dir=in | app=c:\program files\hp\hp photosmart 7510 series\bin\hpnetworkcommunicatorcom.exe |
    "{6FA082BB-8C6D-4905-A119-540F0A5C1A8D}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
    "{734900E4-441B-4949-BEF0-645B166623B3}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
    "{79839120-6DF9-49A2-9CF6-2CB6878AC567}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
    "{7DC79D44-0041-4959-8160-5FBD38E299CB}" = protocol=6 | dir=in | app=c:\program files\openvpn\bin\openvpn.exe |
    "{7EFE63FD-5FBF-46EB-8AD0-CBBA449F1092}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{842F21EA-688F-465A-8512-13C6EFB53744}" = protocol=6 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe |
    "{8A154F44-B513-4BFC-827C-C413DB8C9981}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe |
    "{8D4D0C76-3BF7-4293-8DEA-B1C83AB63E59}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{9031C30F-A33C-46A8-8385-A459E3890C8C}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
    "{92E36746-BB9D-4F3E-B0DE-CEF78E1C6993}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
    "{96279E4F-223C-4145-9FC3-3B8655FB5BD1}" = dir=in | app=c:\program files\hp\hp photosmart 7510 series\bin\devicesetup.exe |
    "{9AFEE02F-57AB-4276-BD12-FEBB76F9EE72}" = protocol=17 | dir=in | app=c:\program files\flashintegro\videoeditor\videoeditor.exe |
    "{9C9AD73F-7637-4F3D-A2D2-A156FA27B724}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
    "{9C9EB9B7-F813-40EE-8C5A-C3F37A3F5A9F}" = protocol=6 | dir=in | app=c:\windows\system32\dlbccoms.exe |
    "{9FB9E672-38FC-4A73-A96E-4F7A3392A8BF}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
    "{A0448A53-AC2B-4778-B02A-2F9DAE7EF227}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{A4263AAB-E26D-4AD9-8A68-EF58F012A270}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
    "{AC3F7CA1-B223-447F-8F44-E78F5CDA2F5D}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
    "{AD8D3524-7F01-4D57-8EC4-BF69D56242A3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{AD960EDF-9711-4B9E-A604-6A06DEF129E6}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
    "{B3FC84E7-6AB9-4231-954C-D0E4263F9338}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
    "{B6CBFB29-D6C4-4F5C-8E42-327FD2FD5B2E}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
    "{B9CC6020-194F-48B6-BA27-558136C0EEE8}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{BBC90C3A-90D2-4F85-BF05-0725E6782933}" = protocol=17 | dir=in | app=c:\belkin\printserver\setup.exe |
    "{BFD7DAE1-84FA-4D9C-B671-1834D72AD09F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
    "{C0FC43C2-92E7-4B07-9011-8E335AC4E2C4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{C2FEE7D5-CD39-45B9-86E6-CDBE43B2CF62}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
    "{C3F625EA-5684-45A0-8E01-1E25B501C847}" = protocol=6 | dir=in | app=c:\program files\openvpn\bin\openvpn-gui-1.0.3.exe |
    "{C69EF43C-AA8C-4172-B0C7-70520F8A976F}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
    "{C7EF6C03-DDFA-4794-BAEC-064D12D372CF}" = protocol=6 | dir=in | app=c:\program files\flashintegro\videoeditor\updater.exe |
    "{C9780EF7-72A5-42B1-A889-4A2129B7E5F9}" = protocol=17 | dir=in | app=c:\program files\flashintegro\videoeditor\updater.exe |
    "{CD75C8F4-7B62-4630-A778-15EFE495BF36}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
    "{CEEDB9F5-0523-4620-81F6-4929EFA967EE}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
    "{CFDFCE34-6BB4-4159-9F30-F3F1F26A6113}" = protocol=17 | dir=in | app=c:\program files\openvpn\bin\openvpn-gui-1.0.3.exe |
    "{D0433A79-A1BC-4650-9F85-C02EE31C4356}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
    "{D11F95FE-6426-48ED-AE79-14DF5246FD42}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
    "{D1864BB4-283A-4B50-861F-77702DFAA0E6}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
    "{D8C2A12C-E59C-4D3C-8853-36655AC31C84}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scx4623\scan2pc.exe |
    "{DE64DBCE-3433-4873-94EC-5061AAA494D3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{E714B649-43B9-41C0-A0D3-B11DBD9F5081}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
    "{E89B8134-271D-4AB8-BF70-664F50B0CA64}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dlbcpswx.exe |
    "{E9F4D1E9-0A2C-4CDD-911D-085B611768DD}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
    "{EA5A3AC6-5FA8-4593-AA8E-7254610236E5}" = protocol=6 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe |
    "{EA742AFF-6198-463C-88F5-D21B4ECFD991}" = protocol=17 | dir=in | app=c:\program files\openvpn\bin\openvpnserv.exe |
    "{ECA01903-617C-4B52-903E-665ED919C6A4}" = protocol=6 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe |
    "{EDD62561-55F0-4C43-BA14-7103B9A6AB88}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{EFA127D6-1297-47B3-8800-1D1D0EBBC14B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
    "{F3A137A6-E387-4FED-857C-BE0F9CA89632}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{F97A0228-70D0-4CAC-8021-15F344FA0A39}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{FCA8F266-CA6A-4CB1-8F07-27A095F8B178}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{FEC0B59F-E3D3-457E-B43E-ABA3392F2CC6}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
    "{FFE15238-99F8-4DD8-B405-D63B3DF2693B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "TCP Query User{1E6E6D7C-A499-48E1-8F74-1DE841E7CC10}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
    "TCP Query User{22A74F26-013F-4C56-8EE6-4FA4FDA8D5E0}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
    "TCP Query User{2A87FA2D-14F9-4C1D-B8DB-0CDE291178C6}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
    "TCP Query User{42899ADC-C149-409B-913C-4DF75CCBAE10}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
    "TCP Query User{5F78E6EE-9FA4-4219-AC8C-0E65F1C78774}C:\program files\davmail\davmail.exe" = protocol=6 | dir=in | app=c:\program files\davmail\davmail.exe |
    "TCP Query User{649B5754-E4FE-4DCD-98B1-9636B2151065}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
    "TCP Query User{8380A434-1B7B-475B-A153-546AB96686DE}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
    "TCP Query User{8D915036-25F3-4FD5-A49D-D21DA7B7C613}C:\program files\davmail\davmail.exe" = protocol=6 | dir=in | app=c:\program files\davmail\davmail.exe |
    "TCP Query User{98030F19-2418-4DF1-92AD-8BDB4EC7F4AA}C:\vp-eye\avi\avi.exe" = protocol=6 | dir=in | app=c:\vp-eye\avi\avi.exe |
    "TCP Query User{9D7ADDC8-BA45-496D-BAFA-DA382385725F}C:\users\t42-win7\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\t42-win7\appdata\roaming\dropbox\bin\dropbox.exe |
    "TCP Query User{AE12BFFD-CB6D-46DE-93BA-91A814E32F9C}C:\program files\webeye\webeye.exe" = protocol=6 | dir=in | app=c:\program files\webeye\webeye.exe |
    "TCP Query User{B467A9AB-6913-418F-943C-8F4AE5597177}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
    "TCP Query User{B613A939-DF86-4301-A7A7-195B6F80C0F1}C:\belkin\printserver\setup.exe" = protocol=6 | dir=in | app=c:\belkin\printserver\setup.exe |
    "TCP Query User{C6E980F5-F876-4246-93B7-57F6CDBE29BF}D:\utility\pd\bin\pd.com" = protocol=6 | dir=in | app=d:\utility\pd\bin\pd.com |
    "TCP Query User{D137C079-A8A0-47D4-9ED1-99142A77CFA2}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
    "TCP Query User{D63E3AB6-1CC5-4762-9CFD-EDCC46DC2309}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
    "TCP Query User{F9C3C05D-984F-422F-A6AB-814257BC4D09}C:\program files\bel\realterm\realterm.exe" = protocol=6 | dir=in | app=c:\program files\bel\realterm\realterm.exe |
    "UDP Query User{10DEAADE-DA29-4291-A749-9D1C9ECAA27D}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
    "UDP Query User{1F54BAFE-9043-4FD8-B997-9899254C6487}C:\belkin\printserver\setup.exe" = protocol=17 | dir=in | app=c:\belkin\printserver\setup.exe |
    "UDP Query User{309F7BA4-5831-46F5-B131-4A7E6F0A1097}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
    "UDP Query User{3FAEC8F4-6356-45DD-BA74-068F87C99660}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
    "UDP Query User{4BAAE511-87D6-47B5-91D8-CE5F1781393B}C:\users\t42-win7\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\t42-win7\appdata\roaming\dropbox\bin\dropbox.exe |
    "UDP Query User{4DF93DA3-5A65-4398-BD31-91E2F90FB60F}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
    "UDP Query User{5D8C6122-AAFF-46DB-BF65-243F212888BF}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
    "UDP Query User{73A081CB-611F-4E0A-827F-83BA4200ACCC}D:\utility\pd\bin\pd.com" = protocol=17 | dir=in | app=d:\utility\pd\bin\pd.com |
    "UDP Query User{760B2928-1E77-453F-AD7F-23CE27B1D6A4}C:\program files\webeye\webeye.exe" = protocol=17 | dir=in | app=c:\program files\webeye\webeye.exe |
    "UDP Query User{7BAFBD3C-E71D-44A9-8634-87F1AE23C83A}C:\program files\davmail\davmail.exe" = protocol=17 | dir=in | app=c:\program files\davmail\davmail.exe |
    "UDP Query User{7E15291B-E2F0-4C7A-92B2-671588458E23}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
    "UDP Query User{83D29DF5-E36A-4F0B-9EE4-A70F9F6350E7}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
    "UDP Query User{952F9C29-929F-4550-93F6-655B48ABB880}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
    "UDP Query User{ADC4A69C-CD9D-43C7-92A3-29244A3D091E}C:\program files\bel\realterm\realterm.exe" = protocol=17 | dir=in | app=c:\program files\bel\realterm\realterm.exe |
    "UDP Query User{BEB1D4E1-20F1-4FF4-A12F-19FC7CD7EE77}C:\vp-eye\avi\avi.exe" = protocol=17 | dir=in | app=c:\vp-eye\avi\avi.exe |
    "UDP Query User{D230E068-EF63-42CE-AF48-56F6CD3B7C62}C:\program files\davmail\davmail.exe" = protocol=17 | dir=in | app=c:\program files\davmail\davmail.exe |
    "UDP Query User{EBFF3129-90DB-4216-93EE-CE5910BC3B4B}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
    "{0018DC60-E4CB-4884-81EC-52CF2BAF54EF}_is1" = MapWindow GIS
    "{00C1EF09-B5B7-4082-B1F4-C35CE7A7FCA9}" = ZTE LTE Device USB Driver
    "{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer
    "{03B20126-F3C2-11D5-A6D2-00C026001DCA}" = WebEye
    "{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
    "{077A3898-EB5A-49DF-989B-6E41A7C31EC8}" = ID Flow 5.0 Trial
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{09412B73-6159-40D6-B0B9-C11B30A7531E}" = Microsoft Visual Studio 2012 Preparation
    "{09AAAB09-6DBA-4DD9-9865-54597D3FBCA8}" = Antidote 8
    "{0A960933-4D39-4495-A3F5-E5149943D761}" = EasyFace Logon
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{0F3C9093-6C13-484D-8385-93AA21BEC025}" = Microsoft Visual C++ 2012 32bit Compilers - ENU Resources
    "{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1" = gpedt.msc 1.0
    "{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad Ultranav-funktioner
    "{1948E039-EC79-4591-951D-9867A8C14C90}" = Microsoft .NET Framework 4.5 SDK
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
    "{1B9BBB23-65CB-3AEE-BFC6-633E7CA299FD}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU
    "{1BC1208B-4A69-4789-AD98-4510A527F4F3}" = B&W Port Scanner
    "{1BE2AFE6-209E-3862-AE45-DA9D3D21BD65}" = Microsoft Visual Studio Express 2012 for Windows Desktop
    "{1C163D33-33B3-33EB-A617-0D4D852BE8E1}" = Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727
    "{1C5E35C2-583E-436B-AFC8-FB3F9B917C33}" = FileOpen Client
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
    "{222C5507-AC43-388F-808E-2266EC57E043}" = Microsoft Visual Studio Express 2012 for Windows Desktop - ENU
    "{226837D8-0BF8-4CBE-BAB2-8F07E2C2B4DD}" = HP Deskjet 1050 J410 series Basic Device Software
    "{23176E97-26CB-C72A-19EB-BFB21AC1D15A}" = Windows Software Development Kit DirectX x86 Remote
    "{25478065-4CB1-448C-80E4-8C4529017EE3}" = ArcSoft WebCam Companion 3
    "{25C64847-B900-48AD-A164-1B4F9B774650}" = Lenovo System Update
    "{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 45
    "{27D28586-BEF1-4E06-8787-3B1FC3A41489}" = Mobile Broadband
    "{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{2A01368B-231F-3FF9-9CCB-03A99223E1CC}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model
    "{2A321FD8-4345-48AD-B438-DFD7887CD19B}" = XD-2 SoftApp
    "{2B11DE71-52D5-4D2F-9B90-5793BE9FF99F}" = Professional GP300/GM300 Series CPS (R03.09.03_EN)
    "{2C0CC01A-DDBC-3AED-AF18-E741242FD727}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources
    "{2DEC3D95-BEB0-4BFA-A322-7C2B3AFAA01A}" = HP Photosmart 7510 series Basic Device Software
    "{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
    "{32136776-FE3F-453D-80DA-CDD993BDB2A3}" = Entity Framework Designer for Visual Studio 2012 - enu
    "{3472693C-6EC5-41FA-B5B9-A22B11AEFE72}" = HHD Software Free Serial Port Monitor 3.31
    "{38FC6E9A-F719-431A-A83D-4C86D5FD6555}" = Microsoft Visual Studio 2012 Shell (Minimum) Resources
    "{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}" = Brother MFL-Pro Suite DCP-7065DN
    "{3B2A7E23-AC7E-46BB-B725-65C555F8FFC5}" = Oracle VM VirtualBox 4.2.16
    "{3E833A3C-19CB-48EE-BD52-AE7896435AFF}" = Commercial Series Customer Programming Software
    "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
    "{42F61556-29ED-8122-F39E-6F04EA5FF279}" = Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
    "{45A8F8FF-ED9B-40B2-B923-94F46FCF6135}" = Microsoft SQL Server 2012 Command Line Utilities
    "{46561F4C-8C4B-3B79-81FA-074CD2E14584}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU
    "{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
    "{482A01F8-A9C9-4DB6-84DE-265A2B763F20}_is1" = LogMeTT 2.9.9
    "{49402ED1-A795-4435-A745-1B781BE621A6}" = Microsoft NuGet - Visual Studio Express 2012 for Windows Desktop
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4BC8EA7A-7426-42C3-8753-83300BDD225E}" = HTTPS Tunnel Agent Installer
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
    "{4F2B8233-35EE-4197-8C3B-EACCBF712029}" = Microsoft SQL Server Data Tools - enu (11.1.20828.01)
    "{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
    "{564C81A7-10D5-46F5-91C5-64B156499EA6}_is1" = PD version 0.38.4-extended-RC8 & YAMI 0.19
    "{5B2E111B-0DEC-46C3-A6FA-BB4E4D2F76EB}_is1" = Agrolog2500 ver 1.2
    "{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Help
    "{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}" = Microsoft .NET Framework 4.5 Multi-Targeting Pack
    "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    "{5EE250C7-08C8-44A6-8472-F0893122A7FA}" = Professional GP300/GM300 Series CPS (R03.11.03_EN)
    "{60D5EF2A-4E0C-2C30-38F6-59C26E134F4A}" = Windows Software Development Kit
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{644F4910-E812-49AD-93EC-86828CB81A0D}" = PC Connectivity Solution
    "{652881BB-D5B3-4490-8AA2-AC4AEC27CD9F}" = Professional GP300/GM300 Series CPS (R03.11.15_EN)
    "{656E8ADB-805B-4E88-AF68-D01BBB44594D}" = YAT
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12
    "{6C11089A-E23F-4E9B-B12C-316BF1A4376B}" = Pdfedit
    "{6D6D43E5-218C-4B05-92D3-2240810F4760}" = Microsoft SQL Server 2012 T-SQL Language Service
    "{6DAB46E3-D017-3E2B-85D8-F57A230384C0}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
    "{6E6E7725-C7BC-4C39-8B3F-14B67331A120}" = Lenovo Patch Utility
    "{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}" = PaperPort Image Printer
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{72B622C9-AA10-47D7-A10C-377CF9BC8502}" = SketchUp 2013
    "{757CC236-67FF-421E-A2B5-3C0C8B76E625}" = Mavis Beacon Deluxe - 25th Anniv. Ed.
    "{76423878-BF55-4C2F-AC25-2A82CE9AFB7A}" = Windows 7 Logon Background Changer
    "{773AC1E4-5F27-4DF6-A932-7FDDE35C069D}" = Microsoft SQL Server Compact 4.0 SP1 ENU
    "{79B49428-E9B0-4479-A0FA-3EFF8AFA9F07}" = Microsoft SQL Server 2012 Transact-SQL Compiler Service
    "{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
    "{800F484E-9D69-492D-B656-7BAA32586142}" = Microsoft Visual Studio 2012 Shell (Minimum)
    "{820C677A-41B2-48C3-8136-FEE35A052E73}" = Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
    "{83C7F964-AC58-4104-B613-B4D0F61DA8CD}" = Microsoft SQL Server 2012 Native Client
    "{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}" = Nokia PC Suite
    "{86B3F2D6-AC2B-0016-8AE1-F2F77F781B0C}" = EndNote X6
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8B24D932-F22D-4CBF-93B2-740CE30D4DE2}" = Alpha Series Radios CPS
    "{8BADD53C-3A6D-4D22-B8C5-56ACD699C17D}" = NemID CSP
    "{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
    "{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1" = Free Alarm Clock 2.7.1
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0015-0406-0000-0000000FF1CE}" = Microsoft Office Access MUI (Danish) 2007
    "{90120000-0015-0406-0000-0000000FF1CE}_OMUI.da-dk_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{E5976D99-7E98-4495-98A3-53E177560905}" =
    "{90120000-0016-0406-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Danish) 2007
    "{90120000-0016-0406-0000-0000000FF1CE}_OMUI.da-dk_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0017-0406-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Danish) 2007
    "{90120000-0017-0406-0000-0000000FF1CE}_OMUI.da-dk_{6127DAC2-962C-44CA-9ABD-0D5A65473A1C}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
    "{90120000-0018-0406-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Danish) 2007
    "{90120000-0018-0406-0000-0000000FF1CE}_OMUI.da-dk_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0406-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Danish) 2007
    "{90120000-0019-0406-0000-0000000FF1CE}_OMUI.da-dk_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{E5976D99-7E98-4495-98A3-53E177560905}" =
    "{90120000-001A-0406-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Danish) 2007
    "{90120000-001A-0406-0000-0000000FF1CE}_OMUI.da-dk_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0406-0000-0000000FF1CE}" = Microsoft Office Word MUI (Danish) 2007
    "{90120000-001B-0406-0000-0000000FF1CE}_OMUI.da-dk_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0406-0000-0000000FF1CE}" = Microsoft Office Proof (Danish) 2007
    "{90120000-001F-0406-0000-0000000FF1CE}_OMUI.da-dk_{8F771259-9037-4097-AA88-8613F3BE5627}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
    "{90120000-001F-0407-0000-0000000FF1CE}_OMUI.da-dk_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{E5976D99-7E98-4495-98A3-53E177560905}" =
    "{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{E5976D99-7E98-4495-98A3-53E177560905}" =
    "{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{E5976D99-7E98-4495-98A3-53E177560905}" =
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{E5976D99-7E98-4495-98A3-53E177560905}" =
    "{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{E5976D99-7E98-4495-98A3-53E177560905}" =
    "{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{E5976D99-7E98-4495-98A3-53E177560905}" =
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{E5976D99-7E98-4495-98A3-53E177560905}" =
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPRO_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPRO_{E5976D99-7E98-4495-98A3-53E177560905}" =
    "{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{E5976D99-7E98-4495-98A3-53E177560905}" =
    "{90120000-002C-0406-0000-0000000FF1CE}" = Microsoft Office Proofing (Danish) 2007
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
    "{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
    "{90120000-0044-0406-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Danish) 2007
    "{90120000-0044-0406-0000-0000000FF1CE}_OMUI.da-dk_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{E5976D99-7E98-4495-98A3-53E177560905}" =
    "{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
    "{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
    "{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
    "{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{7DA87C7E-E8A7-473E-ADFF-1B6BECCCADA7}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
    "{90120000-006E-0406-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Danish) 2007
    "{90120000-006E-0406-0000-0000000FF1CE}_OMUI.da-dk_{11584158-91C7-4B1B-BFD1-F47D680F13CF}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0406-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Danish) 2007
    "{90120000-00A1-0406-0000-0000000FF1CE}_OMUI.da-dk_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{E5976D99-7E98-4495-98A3-53E177560905}" =
    "{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    "{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
    "{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{F3CD3F3F-726C-4414-A1FE-5CD0968313EA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0406-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Danish) 2007
    "{90120000-00BA-0406-0000-0000000FF1CE}_OMUI.da-dk_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{E5976D99-7E98-4495-98A3-53E177560905}" =
    "{90120000-0100-0406-0000-0000000FF1CE}" = Microsoft Office O MUI (Danish) 2007
    "{90120000-0100-0406-0000-0000000FF1CE}_OMUI.da-dk_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0101-0406-0000-0000000FF1CE}" = Microsoft Office X MUI (Danish) 2007
    "{90120000-0101-0406-0000-0000000FF1CE}_OMUI.da-dk_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-00D1-0409-0000-0000000FF1CE}" = Microsoft Access database engine 2010 (English)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{9169C939-ED01-446A-BD0C-29873BAF4E48}" = Prerequisites for SSDT
    "{92154A3C-9BB7-49D7-A571-4EB6373FA5AD}" = Assistant de téléchargement
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{947852CE-C9E9-E7AF-E547-5AC29E923A98}" = ccc-utility
    "{961C5B66-92B7-47C6-923B-AB492B5E55D4}" = Intel(R) Processor ID Utility
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9F612429-4A00-3D44-88CF-146DA2EE1F92}" = Microsoft .NET Framework 4.5
    "{A1785BD4-3486-4E7E-8074-E3FC61B8F315}" = Microsoft Visual C++ 2012 x86-x64 Compilers
    "{A262095C-F03B-4611-AE87-7156859DC7F9}" = M-Audio Legacy Keyboard Driver 5.0.0 (x86)
    "{A2E2BBFF-E26E-4889-B8BE-B7208B23E5C6}_is1" = ExpSuite - ITDSync 4.0.10.0
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
    "{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}" = PC Camera
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB6F6C80-1C35-4672-BDEF-F26FF214C409}" = Samsung PC Studio 7
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
    "{AC76BA86-7AD7-5760-0000-A00000000003}" = Japanese Fonts Support For Adobe Reader X
    "{ADA94B31-C2F9-8EE1-79A3-E3A854B58ED2}" = Catalyst Control Center Graphics Previews Common
    "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
    "{B362A397-B38A-3A23-A190-611F9C7EB4F9}" = Microsoft Visual C++ 2012 Core Libraries
    "{B5811946-60F6-434A-A9B8-A7673631E72B}" = GC-Prevue
    "{B6A89577-E474-ACCB-FF8B-9B3874A8E227}" = Catalyst Control Center InstallProxy
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
    "{BB1E3B57-40C4-4C11-A01B-4580FD1C48C2}" = 3D XML Player
    "{BDA71601-8B09-4B2C-8C35-D2A905790AF5}" = Professional GP300/GM300 Series CPS (R03.07.04_EN)
    "{C1BE4600-7D15-3D1E-8AA2-B3241DB1D063}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
    "{C7DEE429-4C9B-4126-894F-50B4F54FF196}" = inSSIDer
    "{CADEAC59-9D63-4E13-A22B-D6BFBFB30174}" = MapInfo Professional 11.0
    "{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
    "{CD920828-2B95-49A4-8BFD-1D34BCBF5A27}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D11F66FF-82B3-DDB8-1146-525370552BE1}" = Windows Software Development Kit for Windows Store Apps
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D50400AA-D25A-463B-98BF-E09585325711}" = DesignSpark PCB
    "{D58D3C8E-2B39-455C-AE79-878AEA3D38FC}" = HP Unified IO
    "{D8B95283-E9A3-4ACE-BD3F-AFB08CC336EF}" = Anonyproz Server Speed Checker
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{D9DA2981-3298-4F1A-9192-F2CF5BD91145}" = Microsoft SQL Server 2012 Express LocalDB
    "{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}" = Microsoft SQL Server 2012 Management Objects
    "{DAC0B889-5359-4FDC-893A-2B8EF6B71B6F}" = SIM MAX
    "{DD3CB916-F91A-41B9-B276-CAC090E91021}" = LibreOffice 4.1.2.3
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{e0efdce9-a486-4676-8aa5-65bb08cbf34c}" = Microsoft Visual Studio Express 2012 for Windows Desktop - ENU
    "{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}" = Microsoft System CLR Types for SQL Server 2012
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E813B921-055A-2467-1190-697A557ECA8E}" = Catalyst Control Center
    "{E818AE7C-244B-4A50-9C86-C0E4A8B69159}" = Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
    "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
    "{F0255E9A-E5CA-44AF-B7D1-04A168A64DC5}" = Professional GP300/GM300 Series CPS (R03.08.03_EN)
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
    "{F3994C37-1C7E-11D6-BD0D-00B0D0E30C5F}" = Motorola Professional Radio CPS-R03.00.00
    "{FAE0523E-08A4-4717-8E8E-6EC6F32CBE88}" = Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01)
    "{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}" = Microsoft SQL Server 2012 Data-Tier App Framework
    "{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
    "{FE2AE129-A29B-4C52-AC5A-24EF4F579700}" = MPLAB Tools v8.84
    "{FEB375AB-6EEC-3929-8FAF-188ED81DD8B5}" = Microsoft Help Viewer 2.0
    "17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows Driver Package - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)
    "72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9)
    "7E15D8A4-746B-4D44-8D59-93785F491A95_is1" = Unlock Document License version 1.1
    "7-Zip" = 7-Zip 9.20
    "92F0D145-AF7A-43BD-9C3D-1807A3F5221E" = SleepTracker3
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Photoshop 7.0" = Adobe Photoshop 7.0
    "Artisteer 3" = Artisteer 3
    "ASF-AVI-RM-WMV Repair_is1" = ASF-AVI-RM-WMV Repair 2.01
    "Astroburn Lite" = Astroburn Lite
    "Astroburn Toolbar" = Astroburn Toolbar
    "ATI Display Driver" = ATI Display Driver
    "Audacity_is1" = Audacity 2.0.3
    "AutoGK" = Auto Gordian Knot 2.55
    "AviSynth" = AviSynth 2.5
    "AVS Update Manager_is1" = AVS Update Manager 1.0
    "AVS Video Editor_is1" = AVS Video Editor 6
    "AVS Video Recorder_is1" = AVS Video Recorder 2.5
    "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
    "AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
    "CCleaner" = CCleaner
    "CDex" = CDex - Open Source Digital Audio CD Extractor
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "DavMail" = DavMail 3.9.8-1921
    "Dekart SIM Reader 3" = Dekart SIM Reader 3.1
    "Dell Photo Printer 720" = Dell Photo Printer 720
    "Diafaan SMS Server" = Diafaan SMS Server
    "Digital Signatur" = Digital Signatur
    "DivX Setup" = DivX Setup
    "DriverFinder" = DriverFinder
    "DSO-2090 USB(Ver7.0.0.2)" = DSO-2090 USB(Ver7.0.0.2)
    "dumeter3_is1" = DU Meter
    "DVDFab 8 Qt_is1" = DVDFab 8.2.2.8 (26/02/2013) Qt
    "DVDx 4.0" = DVDx 4.0
    "E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows Driver Package - Nokia Modem (02/25/2011 4.7)
    "Ear Test_is1" = Ear Test 1.00
    "EaseUS Partition Recovery_is1" = EaseUS Partition Recovery 5.6.1
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "ESET Online Scanner" = ESET Online Scanner v3
    "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30
    "F9F51294-C0A2-4715-B7F7-A0BBF642C785_is1" = Home Audiometer Hearing Test
    "FFmpeg for Audacity_is1" = FFmpeg v0.6.2 for Audacity
    "FileTip" = FileTip
    "FileZilla Client" = FileZilla Client 3.7.3
    "Foxit Reader_is1" = Foxit Reader
    "GIMP-2_is1" = GIMP 2.8.6
    "GoldenDict" = GoldenDict
    "Google Chrome" = Google Chrome
    "GPG4Win" = Gpg4win (2.1.1)
    "HaaliMkx" = Haali Media Splitter
    "ImgBurn" = ImgBurn
    "InfraRecorder" = InfraRecorder
    "InstallShield_{D50400AA-D25A-463B-98BF-E09585325711}" = DesignSpark PCB Version 4.0
    "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
    "InstallShield_{FE2AE129-A29B-4C52-AC5A-24EF4F579700}" = MPLAB Tools v8.84
    "IrfanView" = IrfanView (remove only)
    "IsoBuster_is1" = IsoBuster 1.6
    "jEdit_is1" = jEdit 4.5.1
    "Juniper Network Connect 7.3.0" = Juniper Networks Network Connect 7.3.0
    "Juniper_Setup_Client Activex Control" = Juniper Networks, Inc. Setup Client Activex Control
    "Lær førstehjælp" = Lær førstehjælp
    "LAME for Audacity_is1" = LAME v3.98.3 for Audacity
    "LatencyMon_is1" = LatencyMon 4.02
    "LENOVO.SMIIF" = Lenovo System Interface Driver
    "LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
    "LinuxLive USB Creator" = LinuxLive USB Creator
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "melabs Programmer Beta_is1" = melabs Programmer Beta version 4.41.0
    "MicroCode Studio (MCSX)_is1" = MicroCode Studio (MCSX)
    "Microsoft Help Viewer 2.0" = Microsoft Help Viewer 2.0
    "Mobile Partner" = Mobile Partner
    "Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
    "Mozilla Thunderbird 24.2.0 (x86 en-US)" = Mozilla Thunderbird 24.2.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MPE" = MyPhoneExplorer
    "Multidictionnaire" = Multidictionnaire
    "NemID CSP" = NemID CSP
    "nLite_is1" = nLite 1.4.9.1
    "Nokia PC Suite" = Nokia PC Suite
    "OMUI.da-dk" = Microsoft Office Language Pack 2007 - Danish/dansk
    "OnScreenDisplay" = On Screen Display
    "OpenVPN" = OpenVPN 2.2.2
    "PBP3_is1" = PICBASIC PRO(tm) Compiler 3.0.1.0
    "pdfFactory" = pdfFactory
    "pdfsam" = pdfsam
    "PICC 9.81" = HI-TECH C Compiler for the PIC10/12/16 MCUs V9.81PL0
    "Power Features" = IBM ThinkPad Battery MaxiMiser and Power Management Features
    "Power Management Driver" = ThinkPad Power Management Driver
    "PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
    "PRJPRO" = Microsoft Office Project Professional 2007
    "Professional GP300/GM300_CPS (R03.01.00_EN)" = Professional GP300/GM300 Series CPS (R03.01.00_EN)
    "ProRadio CPS R06.01.00" = Motorola Professional Radio CPS-R06.01.00
    "ProRadio CPS R06.04.00" = Motorola Professional Radio CPS-R06.04.00
    "ProRadio CPS R06.05.00" = Motorola Professional Radio CPS-R06.05.00
    "ProRadio CPS R06.10.02" = Motorola Professional Radio CPS-R06.10.02
    "QuickGamma_is1" = QuickGamma 4.0.0.1
    "Realterm" = Realterm 2.0.0.57
    "RealVNC_is1" = VNC Free Edition 4.1.3
    "ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
    "Samsung CLP-310 Series" = Samsung CLP-310 Series
    "Samsung Network PC Fax" = Samsung Network PC Fax
    "Samsung PC Studio 7" = Samsung PC Studio 7
    "Samsung SCX-4623 Series" = Maintenance Samsung SCX-4623 Series
    "SanityCheck_is1" = SanityCheck 2.02
    "SimEditor (UB01)" = SimEditor (UB01) v.2.6.3 (remove only)
    "SKYFILE" = SkyFile Mail
    "SLABCOMM&10C4&EA60" = Leadtek GPS USB to UART Bridge (Driver Removal)
    "Sleeptracker_is1" = Sleeptracker 3.13
    "SynTPDeinstKey" = ThinkPad UltraNav Driver
    "TeamViewer 8" = TeamViewer 8
    "Tera Term_is1" = Tera Term 4.71
    "Termite" = Termite
    "ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
    "Tiff Combine_is1" = Tiff Combine
    "Traffic Shaper XP Client" = Traffic Shaper XP Client
    "Traffic Shaper XP Server" = Traffic Shaper XP Server
    "Tunnelier" = Bitvise Tunnelier 4.40 (remove only)
    "uTorrent" = µTorrent
    "uTorrentBar Toolbar" = uTorrentBar Toolbar
    "VISPRO" = Microsoft Office Visio Professional 2007
    "visualCVS Client Version 4.02c_is1" = visualCVS Client
    "visualCVS Server Version 4.02c_is1" = visualCVS Server
    "VLC media player" = VLC media player 1.1.7
    "VobSub" = VobSub v2.23 (Remove Only)
    "VSDC Free Video Editor_is1" = VSDC Free Video Editor version 1.2.5.4
    "Wacom Tablet Driver" = Wacom Tablet
    "Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
    "Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
    "WinRAR archiver" = WinRAR 4.01 (32-bit)
    "XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
    "YU2010_is1" = Your Uninstaller! 7
    "Zain Broadband" = Zain Broadband

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1118010790-1470065544-1912479761-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Amazon Kindle" = Amazon Kindle
    "Dropbox" = Dropbox
    "Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
    "OnecomCloudDrive" = One.com Cloud Drive 0.3.38.36584

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 26/12/2013 20:43:19 | Computer Name = T42-Win7 | Source = Brother BrLog | ID = 1001
    Description = STI BrtSTI: [2013/12/26 19:43:19.567]: [00002076]: SendSKeySettingToDevice::
    Snmp Load Error[-1] To[192.168.2.100]

    Error - 26/12/2013 20:44:28 | Computer Name = T42-Win7 | Source = Brother BrLog | ID = 1001
    Description = STI BrtSTI: [2013/12/26 19:44:28.737]: [00002076]: SendSKeySettingToDevice::
    Snmp Load Error[-1] To[192.168.2.100]

    Error - 26/12/2013 20:45:37 | Computer Name = T42-Win7 | Source = Brother BrLog | ID = 1001
    Description = STI BrtSTI: [2013/12/26 19:45:37.916]: [00002076]: SendSKeySettingToDevice::
    Snmp Load Error[-1] To[192.168.2.100]

    Error - 27/12/2013 05:25:13 | Computer Name = T42-Win7 | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Druide\Antidote
    8\Programmes64\Antidote.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 27/12/2013 05:25:28 | Computer Name = T42-Win7 | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Druide\Antidote
    8\Programmes64\GesAnt.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 27/12/2013 05:25:43 | Computer Name = T42-Win7 | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Druide\Antidote
    8\Programmes64\Integrateur.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 27/12/2013 05:25:53 | Computer Name = T42-Win7 | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Druide\Antidote
    8\Programmes64\MoteurIntegration.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 27/12/2013 05:26:05 | Computer Name = T42-Win7 | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Druide\Antidote
    8\Programmes64\ReparationAntidote.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 27/12/2013 05:26:31 | Computer Name = T42-Win7 | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Druide\Antidote
    8\Programmes64\AgentAntidote.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 27/12/2013 05:28:21 | Computer Name = T42-Win7 | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Samsung\Samsung
    PC Studio 7\TIS_VistaPIM.dll". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    [ Media Center Events ]
    Error - 22/05/2011 12:26:55 | Computer Name = T42-Win7 | Source = MCUpdate | ID = 0
    Description = 18:26:37 - Error connecting to the internet. 18:26:37 - Unable
    to contact server..

    Error - 22/05/2011 13:27:37 | Computer Name = T42-Win7 | Source = MCUpdate | ID = 0
    Description = 19:27:37 - Error connecting to the internet. 19:27:37 - Unable
    to contact server..

    Error - 22/05/2011 13:28:14 | Computer Name = T42-Win7 | Source = MCUpdate | ID = 0
    Description = 19:28:06 - Error connecting to the internet. 19:28:06 - Unable
    to contact server..

    Error - 22/05/2011 14:28:47 | Computer Name = T42-Win7 | Source = MCUpdate | ID = 0
    Description = 20:28:47 - Error connecting to the internet. 20:28:47 - Unable
    to contact server..

    Error - 22/05/2011 14:29:23 | Computer Name = T42-Win7 | Source = MCUpdate | ID = 0
    Description = 20:29:16 - Error connecting to the internet. 20:29:16 - Unable
    to contact server..

    Error - 22/05/2011 15:29:56 | Computer Name = T42-Win7 | Source = MCUpdate | ID = 0
    Description = 21:29:56 - Error connecting to the internet. 21:29:56 - Unable
    to contact server..

    Error - 22/05/2011 15:30:28 | Computer Name = T42-Win7 | Source = MCUpdate | ID = 0
    Description = 21:30:25 - Error connecting to the internet. 21:30:25 - Unable
    to contact server..

    Error - 14/06/2011 03:55:02 | Computer Name = T42-Win7 | Source = MCUpdate | ID = 0
    Description = 09:55:02 - Error connecting to the internet. 09:55:02 - Unable
    to contact server..

    Error - 14/06/2011 03:55:40 | Computer Name = T42-Win7 | Source = MCUpdate | ID = 0
    Description = 09:55:31 - Error connecting to the internet. 09:55:31 - Unable
    to contact server..

    Error - 18/06/2011 14:16:15 | Computer Name = T42-Win7 | Source = MCUpdate | ID = 0
    Description = 20:16:15 - Error connecting to the internet. 20:16:15 - Unable
    to contact server..

    [ OSession Events ]
    Error - 10/06/2011 12:49:56 | Computer Name = T42-Win7 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6214.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6595
    seconds with 180 seconds of active time. This session ended with a crash.

    Error - 22/06/2012 22:42:02 | Computer Name = T42-Win7 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 15027
    seconds with 1200 seconds of active time. This session ended with a crash.

    Error - 15/07/2012 18:18:36 | Computer Name = T42-Win7 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 34974
    seconds with 3120 seconds of active time. This session ended with a crash.

    Error - 09/03/2013 09:12:59 | Computer Name = T42-Win7 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 24/05/2013 03:08:43 | Computer Name = T42-Win7 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 53204
    seconds with 600 seconds of active time. This session ended with a crash.

    Error - 02/09/2013 16:36:54 | Computer Name = T42-Win7 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1003
    seconds with 60 seconds of active time. This session ended with a crash.

    Error - 21/10/2013 14:58:29 | Computer Name = T42-Win7 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6683.5001, Microsoft Office Version: 12.0.6612.1000. This session lasted 46
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 14/11/2013 22:52:13 | Computer Name = T42-Win7 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
    Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
    lasted 274075 seconds with 420 seconds of active time. This session ended with
    a crash.

    Error - 09/12/2013 13:01:14 | Computer Name = T42-Win7 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 61
    seconds with 0 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 26/12/2013 22:25:43 | Computer Name = T42-Win7 | Source = ati2mtag | ID = 52225
    Description =

    Error - 26/12/2013 22:26:02 | Computer Name = T42-Win7 | Source = Service Control Manager | ID = 7000
    Description = The DisplayFusionService service failed to start due to the following
    error: %%2

    Error - 26/12/2013 22:27:37 | Computer Name = T42-Win7 | Source = DCOM | ID = 10016
    Description =

    Error - 26/12/2013 22:29:06 | Computer Name = T42-Win7 | Source = ati2mtag | ID = 52225
    Description =

    Error - 26/12/2013 22:29:24 | Computer Name = T42-Win7 | Source = Service Control Manager | ID = 7000
    Description = The DisplayFusionService service failed to start due to the following
    error: %%2

    Error - 26/12/2013 22:30:54 | Computer Name = T42-Win7 | Source = DCOM | ID = 10016
    Description =

    Error - 26/12/2013 22:39:57 | Computer Name = T42-Win7 | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 21:36:10 on ?26-?12-?2013 was unexpected.

    Error - 26/12/2013 22:39:53 | Computer Name = T42-Win7 | Source = ati2mtag | ID = 52225
    Description =

    Error - 26/12/2013 22:40:16 | Computer Name = T42-Win7 | Source = Service Control Manager | ID = 7000
    Description = The DisplayFusionService service failed to start due to the following
    error: %%2

    Error - 26/12/2013 22:41:49 | Computer Name = T42-Win7 | Source = DCOM | ID = 10016
    Description =


    < End of report >
     
  13. Paynor

    Paynor Newbie

    Joined:
    Dec 25, 2013
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    ps355528: This machine has a legit installation of TeamViewer.
     
  14. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    That's part of the problem, Paynor. TeamViewer is a free tool that makes it incredibly easy to set and use a VPN connection; a Virtual Private Network that lets you take complete control of another PC from your own computer, whether they're separated by a soda can or a continent.

    This Bot sets up a server and then has complete control of your computer.

    Looked over the OTL log and we will head out when we can get more logs. I will send more instructions in a while..
     
  15. Paynor

    Paynor Newbie

    Joined:
    Dec 25, 2013
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
     
  16. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    OK paynor, let's clean out some trash to clear the way.. This may take some time so please bare with me and pay no (or not much) attention to the pea-nut gallery. LOL


    -Security Check-

    Download Security Check by screen317.
    Save it to your Desktop.

    Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.




    --AdwCleaner--

    Please download AdwCleaner by Xplode to your Desktop.

    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete tab follow the prompts.
    • A log file will automatically open after the scan has finished.
    • Please post the content of that log file with your next answer.
    • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).



    [​IMG] —Junkware Removal Tool--

    Please download Junkware Removal Tool to your Desktop.
    Please close your security software to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete, depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    • Please post the contents of JRT.txt into your reply.




    --RogueKiller--

    • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until pre-scan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+


    Please paste the logs in your next reply.
    Let me know what problem persists.

    2oG
     
  17. Paynor

    Paynor Newbie

    Joined:
    Dec 25, 2013
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    Yes, I realise that TeamViewer may make things easier for malicious tools, but it was a tradeoff cost/benefit, or rather benefit/penalty :-(
    VNC and other remote desktop tools probably have their own vulnerabilities too, even though they are not under direct corporate control to the extent that TeamViewer is because of its central "nameserver" model.

    Oh, and while we are talking VPN, the machine also has OpenVPN installed, but only client side, not server.
     
  18. Paynor

    Paynor Newbie

    Joined:
    Dec 25, 2013
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    2oG - Here are the log files from SecurityCheck and ADWcleaner. Running the other 2 tools now...

    Results of screen317's Security Check version 0.99.77
    Windows 7 Service Pack 1 x86 (UAC is enabled)
    Internet Explorer 10 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.75.0.1300
    CCleaner
    Java 7 Update 45
    Adobe Flash Player 11.9.900.170
    Adobe Reader XI
    Mozilla Firefox (26.0)
    Mozilla Thunderbird (24.2.0)
    Google Chrome 31.0.1650.57
    Google Chrome 31.0.1650.63
    ````````Process Check: objlist.exe by Laurent````````
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 2%
    ````````````````````End of Log``````````````````````



    # AdwCleaner v3.016 - Report created 29/12/2013 at 19:25:04
    # Updated 23/12/2013 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
    # Username : T42-Win7 - T42-WIN7
    # Running from : C:\Users\T42-Win7\Desktop\tools\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Program Files\uTorrentBar
    Folder Deleted : C:\Users\T42-Win7\AppData\Local\Conduit
    Folder Deleted : C:\Users\T42-Win7\AppData\Local\PackageAware
    Folder Deleted : C:\Users\T42-Win7\AppData\LocalLow\AVG Security Toolbar
    Folder Deleted : C:\Users\T42-Win7\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\T42-Win7\AppData\LocalLow\uTorrentBar
    Folder Deleted : C:\Users\T42-Win7\AppData\Roaming\pdfforge
    Folder Deleted : C:\Users\T42-Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj
    [!] Folder Deleted : C:\Users\T42-Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj
    File Deleted : C:\Users\T42-Win7\AppData\Roaming\Mozilla\Firefox\Profiles\q7kao55z.default\.autoreg
    File Deleted : C:\Users\T42-Win7\AppData\Roaming\Mozilla\Firefox\Profiles\q7kao55z.default\invalidprefs.js
    File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
    File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
    File Deleted : C:\Users\T42-Win7\AppData\Roaming\Mozilla\Firefox\Profiles\q7kao55z.default\user.js

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ocr@babylon.com]
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
    Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{947217BD-E967-400A-B14A-BA851A8EDCBB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A97B89CD-B65C-49DD-AF46-2B772C627456}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A97B89CD-B65C-49DD-AF46-2B772C627456}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A97B89CD-B65C-49DD-AF46-2B772C627456}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A97B89CD-B65C-49DD-AF46-2B772C627456}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEB45705-DCFC-4177-A361-0A354C6E5F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B898549-3D42-4654-8395-D7702E4BC8F5}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5F970FDE-702B-4EF9-920C-5F2848A5AF26}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
    Key Deleted : HKCU\Software\Ask.com
    Key Deleted : HKCU\Software\AVG Nation toolbar
    Key Deleted : HKCU\Software\FLEXnet
    Key Deleted : HKCU\Software\Myfree Codec
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKCU\Software\AppDataLow\Toolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar
    Key Deleted : HKLM\Software\AVG Nation toolbar
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\dt soft\daemon tools toolbar
    Key Deleted : HKLM\Software\uTorrentBar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

    ***** [ Browsers ] *****

    -\\ Internet Explorer v10.0.9200.16750


    -\\ Mozilla Firefox v26.0 (en-US)

    [ File : C:\Users\T42-Win7\AppData\Roaming\Mozilla\Firefox\Profiles\q7kao55z.default\prefs.js ]

    Line Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
    Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14149");
    Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);
    Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
    Line Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
    Line Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
    Line Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 7);
    Line Deleted : user_pref("extensions.BabylonToolbar.cntry", "");
    Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
    Line Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
    Line Deleted : user_pref("extensions.BabylonToolbar.ffxUnstlRst", true);
    Line Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "63C3DB4244ACA58CECD4896649BBD9DC");
    Line Deleted : user_pref("extensions.BabylonToolbar.id", "552c792100000000000000fff05b7387");
    Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15962");
    Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "na");
    Line Deleted : user_pref("extensions.BabylonToolbar.lastActv", "7");
    Line Deleted : user_pref("extensions.BabylonToolbar.lastB", "hxxp://search.babylon.com/home");
    Line Deleted : user_pref("extensions.BabylonToolbar.lastDP", 7);
    Line Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.8.24.616:29:05");
    Line Deleted : user_pref("extensions.BabylonToolbar.newTab", false);
    Line Deleted : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"74\",\"lastVrsn\":\"74\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
    Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
    Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
    Line Deleted : user_pref("extensions.BabylonToolbar.rvrt", "false");
    Line Deleted : user_pref("extensions.BabylonToolbar.sg", "czb");
    Line Deleted : user_pref("extensions.BabylonToolbar.sid", "eb976fb385f640a8aaf304b16d9dc761");
    Line Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");
    Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
    Line Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=552c792100000000000000fff05b7387&q=");
    Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.24.6");
    Line Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.24.617:20:30");
    Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.24.6");
    Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
    Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "");
    Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "");
    Line Deleted : user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20,{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21,{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24,avg@igeared:6.103.018.00[...]
    Line Deleted : user_pref("extensions.proxytool.referers", "www.google.com,google.com,smallseotools.com,yahoo.com,bing.com,ask.com,currate.com,facebook.com,twitter.com,craigslist.org");

    -\\ Google Chrome v31.0.1650.63

    [ File : C:\Users\T42-Win7\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [10291 octets] - [29/12/2013 19:22:39]
    AdwCleaner[S0].txt - [10366 octets] - [29/12/2013 19:25:04]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10427 octets] ##########
     
  19. Paynor

    Paynor Newbie

    Joined:
    Dec 25, 2013
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    RogueKiller found a couple of interesting registry keys, with the values:
    "DisableTaskManager"
    "DisableRegistryTools"
    and some leftover AVG remnants and browser plugins (most of which I recognize). All deleted now with the RogueKiller Delete function.
    The JRT and RogueKiller logs:
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.0.8 (11.05.2013:1)
    OS: Windows 7 Home Premium x86
    Ran by T42-Win7 on 29/12/2013 at 19:37:06.08
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\runtask_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\runtask_RASMANCS



    ~~~ Files



    ~~~ Folders



    ~~~ FireFox

    Failed to delete: [File] "C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml"
    Successfully deleted: [File] C:\Users\T42-Win7\AppData\Roaming\mozilla\firefox\profiles\q7kao55z.default\searchplugins\absearch-search.xml
    Successfully deleted the following from C:\Users\T42-Win7\AppData\Roaming\mozilla\firefox\profiles\q7kao55z.default\prefs.js

    user_pref("browser.startup.homepage", "hxxps://ixquick.com/|hxxps://ixquick.com/eng/?&cat=web&query=&r=681211");
    Emptied folder: C:\Users\T42-Win7\AppData\Roaming\mozilla\firefox\profiles\q7kao55z.default\minidumps [294 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 29/12/2013 at 19:43:43.62
    Computer was rebooted
    End of JRT log


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
    Started in : Normal mode
    User : T42-Win7 [Admin rights]
    Mode : Remove -- Date : 12/29/2013 19:52:19
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 5 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : AVG-Secure-Search-Update_0913b (C:\Users\T42-Win7\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 3b65b9b60f3d9a991f302eeef2ae2aa0-3d18f4ad89fcddc54426870831530db41067c46f --CMPID 0913b [x][x][x]) -> DELETED
    [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
    [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Browser Addons : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0xc0000033] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 activate.adobe.com
    127.0.0.1 practivate.adobe.com


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG HM160HC ATA Device +++++
    --- User ---
    [MBR] fea3587ec07de1e327bca659278745cc
    [BSP] dec26c570de3a1f3e1f2db83800e8158 : Linux MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 63 | Size: 219 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 453600 | Size: 60466 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 124291440 | Size: 81000 Mo
    3 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 290183101 | Size: 10936 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_D_12292013_195219.txt >>
    RKreport[0]_S_12292013_194938.txt
     
  20. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    I am going to watch Sunday night Football now. lol will go over all the logs a little later.

    I would like for you to run the following. It's a different method for Combofix that might work.

    Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    Go to -> Here for your reference.

    1. Download Combo fix from one of these locations.
    * IMPORTANT !!! Place combofix.exe on your Desktop

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    http://subs.geekstogo.com/ComboFix.exe

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    Click start > run and Copy and Paste this in exactly, using the picture below for reference, then click OK.
    Code:
    "%userprofile%\desktop\combofix.exe" /killall 
    



    [​IMG]

    3. Combo will begin to run DO NOTHING while this is happening.

    Do not attempt to use the internet or anything else while it's running.
    Do not mouseclick combofix's window while it's running. That may cause it to stall.
    • It will kill a few processes and disconnect you from the internet.
    • If by chance it stops prematurely you can re-establish your internet connection by restarting your computer. It does set a restore point before running.
    • This needs to be done so the program can work most efficiently for you.


    **Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.

    If when it's completed you can not get on the internet just reboot the computer

    Post the log from comboFix for me located in
    c:\comboFix.txt



    2oG
     

Share This Page