Solved Win64/Patched.A

[Mark Lightfoot]

Hello


I appear to have acquired a virus or two. Firstly AVG reports that I have a Win64/Patched.A infection in windows\system32\services.exe. It is also reporting Generic15.AXLA in windows\assembly\GAC_32\desktop.ini and Generic28.ANIC in windows\assembly\GAC_32\desktop.ini. Are you able to help?
I am Using Windows Vista Home Premium.
Many thanks

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[Mark Lightfoot]

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by Mark at 18:03:39 on 2012-07-18
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.4094.1995 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Spybot - Search and Destroy *Enabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\PC Speed Up\PCSUService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\AASP\1.00.74\aaCenter.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtWlan.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG10\avgchsva.exe
C:\Program Files (x86)\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Windows\RAVCpl64.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Users\Mark\Program Files (x86)\DNA\btdna.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
C:\Users\Mark\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\Real\realplayer\Update\realsched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860
uStart Page = hxxp://www.bbc.co.uk/
uSearch Bar = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860
mURLSearchHooks: H - No File
BHO: Complitly: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - C:\Users\Mark\AppData\Roaming\Complitly\Complitly.dll
BHO: Shopping Assistant Plugin: {1631550f-191d-4826-b069-d9439253d926} - C:\Program Files (x86)\PriceGong\2.5.4\PriceGongIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: VMN Toolbar Astro Gemini: {a057a204-bacc-4d26-8287-79a187e26987} - C:\PROGRA~2\VMNTOO~1\VMNTOO~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: VMN Toolbar Astro Gemini: {a057a204-bacc-4d26-8287-79a187e26987} - C:\PROGRA~2\VMNTOO~1\VMNTOO~1.DLL
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Google Side Bar: {32004b8a-44a9-43e7-84e9-808838809519} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "C:\Users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [BitTorrent DNA] "C:\Users\Mark\Program Files (x86)\DNA\btdna.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [RockMelt Update] "C:\Users\Mark\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" /c
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRun: [VMonitorVMUVC] "C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe" VMUVC
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [Standby] "c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START
mRun: [TkBellExe] "C:\Program Files (x86)\Real\realplayer\update\realsched.exe" -osboot
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [googletalk] "C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /autostart
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HDWRIT~1.LNK - C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
LSP: mswsock.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{442137D7-940B-4FA1-AF2D-DD969AB89F17} : DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{D368AE70-9005-4B55-A5C2-9639009AC9D1} : DhcpNameServer = 208.67.222.222 208.67.220.220
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Complitly: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Mark\AppData\Roaming\Complitly\Complitly.dll
BHO-X64: Complitly - No File
BHO-X64: Shopping Assistant Plugin: {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.5.4\PriceGongIE.dll
BHO-X64: PriceGong - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: VMN Toolbar Astro Gemini: {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~2\VMNTOO~1\VMNTOO~1.DLL
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: VMN Toolbar Astro Gemini: {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~2\VMNTOO~1\VMNTOO~1.DLL
TB-X64: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB-X64: {32004B8A-44A9-43E7-84E9-808838809519} - No File
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRun-x64: [VMonitorVMUVC] "C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe" VMUVC
mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun-x64: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun-x64: [Standby] "c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\realplayer\update\realsched.exe" -osboot
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [googletalk] "C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /autostart
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\j2o6c452.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?babsrc=HP_ss&affID=107763&mntrId=28ab22e5000000000000801f0215f18d
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\j2o6c452.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\j2o6c452.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Roblox\Versions\version-87de5333d4254860\NPRobloxProxy.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Citrix\Secure Access Client\npagee.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Mark\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Mark\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll
FF - plugin: C:\Users\Mark\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Mark\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Users\Mark\Program Files (x86)\DNA\plugins\npbtdna.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - d1206e98-f879-4534-a8a2-47dca13a9332
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,DropDownDeals,
FF - user.js: extensions.BabylonToolbar_i.id - 28ab22e5000000000000801f0215f18d
FF - user.js: extensions.BabylonToolbar_i.hardId - 28ab22e5000000000000801f0215f18d
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15306
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:46:29
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=107763
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-6-11 8704]
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-1-31 7391072]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-6-27 2369960]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2009-10-7 655944]
R2 PCSUService;PC Speed Up Service;C:\Program Files (x86)\PC Speed Up\PCSUService.exe [2011-10-20 233184]
R2 Realtek11nSU;Realtek11nSU;C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe [2011-9-24 36864]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\system32\DRIVERS\RtNdPt60.sys --> C:\Windows\system32\DRIVERS\RtNdPt60.sys [?]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-3-8 1153368]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-7-11 1188896]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-7-11 1395736]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-7-11 166528]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-5-3 2666880]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S0 Soluto;Soluto;C:\Windows\system32\DRIVERS\Soluto.sys --> C:\Windows\system32\DRIVERS\Soluto.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-18 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]
S2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2012-4-24 584224]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-22 250056]
S3 ctxva51;Citrix Virtual Adapter;C:\Windows\system32\DRIVERS\ctxva51.sys --> C:\Windows\system32\DRIVERS\ctxva51.sys [?]
S3 FlashUSB;FlashUSB;C:\Windows\System32\drivers\FlashUsb_x64.sys [2010-5-10 20480]
S3 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-18 136176]
S3 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys --> C:\Windows\system32\drivers\npf.sys [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192cu.sys --> C:\Windows\system32\DRIVERS\RTL8192cu.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;C:\Windows\system32\DRIVERS\VBoxNetAdp.sys --> C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [?]
S3 VBoxUSB;VirtualBox USB;C:\Windows\system32\Drivers\VBoxUSB.sys --> C:\Windows\system32\Drivers\VBoxUSB.sys [?]
S3 VMUVC;Vimicro Camera Service VMUVC;C:\Windows\system32\Drivers\VMUVC.sys --> C:\Windows\system32\Drivers\VMUVC.sys [?]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;C:\Windows\system32\drivers\vvftUVC.sys --> C:\Windows\system32\drivers\vvftUVC.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-8-25 89920]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-07-15 15:55:11 -------- d-sh--w- C:\found.002
2012-07-14 17:50:43 -------- d-----w- C:\Users\Mark\AppData\Local\Macromedia
2012-07-11 18:28:02 -------- d-----w- C:\Ace of Spades
2012-07-11 09:05:59 754808 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2012-07-11 07:26:21 974848 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-07-11 06:44:55 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2012-07-11 06:44:50 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-07-10 17:27:31 -------- d-----w- C:\Users\Mark\AppData\Roaming\Mumble
2012-07-10 16:44:00 -------- d-----w- C:\Program Files (x86)\Mumble
2012-07-09 05:34:53 -------- d-sh--w- C:\found.001
2012-07-07 11:53:32 -------- d-----w- C:\Users\Mark\AppData\Local\SniperV2
2012-07-06 16:12:54 52736 ----a-w- C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\TechnicLauncher.exe
2012-06-27 15:23:24 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2012-06-24 17:54:07 -------- d-----w- C:\Program Files (x86)\OApps
2012-06-24 17:54:06 -------- d-----w- C:\Program Files (x86)\TorrentSearch
2012-06-24 17:53:50 -------- d-----w- C:\Program Files (x86)\intellidownload
2012-06-24 15:30:55 -------- d-----w- C:\Program Files (x86)\PCSX2 0.9.8
2012-06-22 20:35:10 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-21 15:01:01 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 15:00:07 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-21 15:00:07 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll
2012-06-21 14:59:42 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 14:59:42 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2012-06-21 14:59:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-21 14:59:42 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2012-06-18 17:22:06 -------- d-----w- C:\Users\Mark\AppData\Roaming\TS3Client
2012-06-18 17:18:06 -------- d-----w- C:\Users\Mark\AppData\Local\TeamSpeak 3 Client
.
==================== Find3M ====================
.
2012-07-12 16:23:25 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 12:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-13 13:58:27 2769408 ----a-w- C:\Windows\System32\win32k.sys
2012-06-05 16:47:28 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-05 16:22:47 1797120 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-05 16:22:46 1869824 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-04 15:29:59 516480 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 00:22:56 347136 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 00:22:10 254464 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 00:05:11 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 00:04:25 278528 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 00:03:42 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-05-16 16:18:25 955848 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-05-16 16:18:25 839112 ----a-w- C:\Windows\System32\deployJava1.dll
2012-05-01 14:29:44 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-24 16:13:24 54728 ----a-w- C:\Windows\System32\drivers\Soluto.sys
2012-04-23 16:25:30 174592 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-23 16:25:30 132096 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-23 16:25:30 1267200 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-23 16:00:53 984064 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-23 16:00:53 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-23 16:00:53 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
.
============= FINISH: 18:04:58.56 ===============

 

[Mark Lightfoot]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 24/02/2009 19:15:23
System Uptime: 18/07/2012 13:08:35 (5 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M3A78-EM
Processor: AMD Phenom(tm) 8450 Triple-Core Processor | AM2 | 2100/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 126.13 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 190 GiB total, 178.786 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
3D Bungalow Aquarium Screensaver 1.1
3D Haunted Halloween Screensaver 1.0
3D Merry Christmas Screensaver 1.0
3D Spooky Halloween Screensaver 1.0
3D Titanic Screensaver 1.0
3D Waterfall Screensaver 1.0
ABBYY FineReader 6.0 Sprint
abgx360 v1.0.5
AC3Filter (remove only)
Ace of Spades
Acrobat.com
Adobe After Effects CS5.5
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.0)
Adobe Shockwave Player 11.5
Adobe Story
Adventure Maker v4.5.2 (build1)
Advertising Center
Age of Empires Online
AI Nap
Alliance of Valiant Arms
AMCap
Ancient Castle 3D Screensaver 1.1
Apple Application Support
Apple Software Update
Astro Gemini Screensaver Manager 2.0
ASUS VGA Driver
ASUSUpdate
Atlantis 3D Screensaver 1.0
Audacity 1.3.9 (Unicode)
avi.NET
AviSynth 2.5
AVS Image Converter 2.1.1.168
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.4
Bandicam
Bandisoft MPEG-1 Decoder
Batman: Arkham Asylum - Demo
BBC iPlayer Desktop
BitTorrent
Braid Demo
BrickForce 1.4.40
Call of Juarez: Bound in Blood Demo
CamStudio
CamStudio Lossless Codec v1.4
Camtasia Studio 7
Canon RAW Codec
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
ccc-core-static
CCC Help English
Christmas Eve 3D Screensaver 1.0
Christmas Time 3D Screensaver 1.0
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CloneCD
Cobalt
Community Smartbar
Complitly
Contents
Cool & Quiet
Corel VideoStudio Pro X3
CraftBukkit
D3DX10
Dan Elwell's Broadband Speed Test
Dark Halloween Night 3D Screensaver 1.0
Debut Video Capture Software
DeviceIO
Digital microscope
Dinosaurs 3D Screensaver 1.0
DiRT 2 - Demo
DiRT 3
DivX Setup
DNA
Doremi FLV to MP3 Converter 1.6
Doxillion Document Converter
DVD Architect Studio 5.0
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Easter 3D Screensaver 1.0
Easy Burner
Edimax Wireless LAN Driver and Utility
Empire Earth
EpicBot
Epson Easy Photo Print 2
Epson Event Manager
Epson Printer Software Downloader
EPSON Scan
Epson Stylus SX510W_TX550W Manual
EpsonNet Print
EpsonNet Setup
Eufloria - Demo
Exotic Aquarium 3D Screensaver 1.0
Express Gate
Facebook Plug-In
Facebook Video Calling 1.2.0.159
Fantasy Moon 3D Screensaver 1.3
ffdshow v1.1.4096 [2011-11-29]
Fish Aquarium 3D Screensaver 1.2
Fraps (remove only)
Free CD Music Converter 10
Free Flash FLV Video Converter v3.0
Free Mp3 Wma Converter V 1.8.0
Free RAR Extract Frog
Free Video Converter V 2.9
FUEL - Demo
Garry's Mod
GIMP 2.6.10
Google Chrome
Google Earth
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Update Helper
Halloween 3D Screensaver 1.1
Halloween in the Attic 3D Screensaver 1.0
HandBrake 0.9.5
Haunted House 3D Screensaver 1.1
HD Writer LE 1.0
Hi-Rez Studios Authenticate and Update Service
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ICA
ImgBurn
Infineon USB driver 1.0.0.6
iPhone Configuration Utility
IPM_VS_Pro
Java Auto Updater
Java(TM) 6 Update 32
Java(TM) 7 Update 4
JavaFX 2.1.0
Junk Mail filter update
LAME v3.98.2 for Audacity
Lantern 3D Screensaver 1.0
League of Legends
LogMeIn Hamachi
Machinarium Demo
Magic ISO Maker v5.5 (build 0281)
Malwarebytes Anti-Malware version 1.62.0.1300
Marine Life 3D Screensaver 1.0
Media Player Codec Pack 3.4.0
Mesh Runtime
Messenger Companion
MicroCapture 2.0
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft XNA Framework Redistributable 4.0
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Minecraft Version Changer
MinecraftSkinStealer 1.7.0
MLE
Morphyre
Mozilla Firefox 5.0 (x86 en-GB)
MP3 Surgeon 2003
MSVC80_x86
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSVCRT Redists
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multiwinia v1.3.0
Mumble 1.2.3
NEF Codec
Nero 9 Lite
Nero ControlCenter
Nero Installer
Nero Online Upgrade
Nero StartSmart
neroxml
Night City 3D Screensaver 1.0
OpenAL
Osmos Demo
Pando Media Booster
PC Connectivity Solution
PC Probe II
PCSX2 - Playstation 2 Emulator
PFPortChecker 1.0.39
Picasa 3
Pinnacle Instant DVD Recorder
Planet Earth 3D Screensaver 1.1
Populous - The Beginning
Portal 2
Portal 2 Map Installer
PriceGong 2.5.4
PureHD
QuickTime
RAD Video Tools
Rapture3D 2.4.8 Game
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek Ethernet Network Card Diagnostic tool for Windows Vista
Realtek High Definition Audio Driver
RealUpgrade 1.1
Revo Uninstaller 1.83
Roblox
RockMelt
RollerCoaster Tycoon 3
Santa's Home 3D Screensaver 1.0
Scratch
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB979332)
Segoe UI
Setup
Share
Skype Click to Call
Skype™ 5.9
Smart Defrag 2
SmartSound Common Data
SmartSound Quicktracks 5
Sniper Elite V2
Solar System 3D Screensaver 1.4
Spotify
Spybot - Search & Destroy
StarCraft II
Steam
Stykz 1.0 for Windows
Team Fortress 2
TeamSpeak 3 Client
TeamViewer 7
Terraria
TerraWorld Online - Reborn v2.2.7
TreeSize Free V2.6
Tribes Ascend
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
USB Flash Port Driver
VC80CRTRedist - 8.0.50727.4053
Vegas Movie Studio HD Platinum 10.0
VIO
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
VMN Toolbar
VSClassic
VSPro
Warhammer® 40,000®: Dawn of War® II – Retribution™
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
WinFF 1.0
WinPcap 4.1.2
WinRAR archiver
Winter 3D Screensaver 1.0
Winter Night 3D Screensaver 1.0
World of Warcraft
XSplit
Xvid 1.1.3 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
18/07/2012 13:09:39, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
18/07/2012 13:09:30, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error 5 (0x5).
17/07/2012 18:46:55, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
17/07/2012 18:44:08, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Software Updater service to connect.
17/07/2012 18:44:08, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
16/07/2012 16:01:43, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
15/07/2012 16:14:54, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MBAMService service to connect.
15/07/2012 16:14:54, Error: Service Control Manager [7000] - The MBAMService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
15/07/2012 16:14:26, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
15/07/2012 16:14:26, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
15/07/2012 16:14:19, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
15/07/2012 16:11:53, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AVGIDSAgent service to connect.
15/07/2012 16:11:53, Error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
15/07/2012 16:11:52, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TeamViewer 7 service to connect.
15/07/2012 16:11:52, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Updating Service service to connect.
15/07/2012 16:11:52, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
15/07/2012 16:11:52, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Skype Updater service to connect.
15/07/2012 16:11:52, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
15/07/2012 16:11:52, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Realtek11nSU service to connect.
15/07/2012 16:11:52, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Protexis Licensing V2 service to connect.
15/07/2012 16:11:52, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the PnkBstrA service to connect.
15/07/2012 16:11:52, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the PC Speed Up Service service to connect.
15/07/2012 16:11:52, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the EpsonBidirectionalService service to connect.
15/07/2012 16:11:52, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AVG WatchDog service to connect.
15/07/2012 16:11:52, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
15/07/2012 16:11:52, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Adobe Acrobat Update Service service to connect.
15/07/2012 16:11:52, Error: Service Control Manager [7000] - The TeamViewer 7 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
15/07/2012 16:11:52, Error: Service Control Manager [7000] - The Spybot-S&D 2 Updating Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
15/07/2012 16:11:52, Error: Service Control Manager [7000] - The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
15/07/2012 16:11:52, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
15/07/2012 16:11:52, Error: Service Control Manager [7000] - The Realtek11nSU service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
15/07/2012 16:11:52, Error: Service Control Manager [7000] - The Protexis Licensing V2 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
15/07/2012 16:11:52, Error: Service Control Manager [7000] - The PnkBstrA service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
15/07/2012 16:11:52, Error: Service Control Manager [7000] - The PC Speed Up Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
15/07/2012 16:11:52, Error: Service Control Manager [7000] - The EpsonBidirectionalService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
15/07/2012 16:11:52, Error: Service Control Manager [7000] - The AVG WatchDog service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
15/07/2012 16:11:52, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
15/07/2012 15:11:37, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Security Center Service service to connect.
15/07/2012 15:11:37, Error: Service Control Manager [7000] - The Spybot-S&D 2 Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
15/07/2012 15:11:18, Error: volsnap [13] - The shadow copy of volume C: could not grow its shadow copy storage on volume C:.
15/07/2012 15:11:15, Error: EventLog [6008] - The previous system shutdown at 13:53:55 on 15/07/2012 was unexpected.
15/07/2012 10:27:02, Error: Service Control Manager [7022] - The Background Intelligent Transfer Service service hung on starting.
15/07/2012 10:27:02, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Adobe Flash Player Update Service service to connect.
15/07/2012 10:27:02, Error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
15/07/2012 10:21:58, Error: EventLog [6008] - The previous system shutdown at 10:20:35 on 15/07/2012 was unexpected.
15/07/2012 07:58:39, Error: bowser [8003] - The master browser has received a server announcement from the computer BIG_BAD_DAD5 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{D368AE70-9005-4B55-A5C2-9639009AC9D1}. The master browser is stopping or an election is being forced.
11/07/2012 10:43:21, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Realtek11nSU service.
11/07/2012 10:16:06, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
11/07/2012 10:16:06, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/07/2012 10:05:25, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
.
==== End Of File ===========================

 

[Mark Lightfoot]

The GMER log is blank. GMER reported that it had found no modifications

 

[Mark Lightfoot]

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.18.06
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Mark :: BIGBADDAD4 [administrator]
Protection: Enabled
18/07/2012 12:46:08
mbam-log-2012-07-18 (12-46-08).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 245372
Time elapsed: 8 minute(s), 47 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\Installer\{004b5cc8-8c67-82c7-d628-080fa4a14d84}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
(end)

 

[Mark Lightfoot]

Hello. I've posted the logs as requested. I hope they help. Not so sure about the GMER log, I did as directed. I noticed that Internet Explorer and Chrome both had isearch.whitesmoke as the homepages. Not good I imagine. Navigation around the internet has been dodgy with the wrong sites loading in. On one occasion I requested google & got babylon search instead.

 

[Broni]

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• • 
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

[Mark Lightfoot]

Scan result of Farbar Recovery Scan Tool Version: 16-07-2012 02
Ran by SYSTEM at 19-07-2012 09:52:45
Running from F:\
Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] RAVCpl64.exe [x]
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe [x]
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [973488 2012-07-03] (Malwarebytes Corporation)
HKLM-x32\...\Run: [VMonitorVMUVC] "C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe" VMUVC [135168 2008-03-26] (Vimicro Corporation)
HKLM-x32\...\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s [57344 2006-09-28] (SlySoft, Inc.)
HKLM-x32\...\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2339168 2012-01-17] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Standby] "c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START [105632 2010-06-26] (Corel)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\realplayer\update\realsched.exe" -osboot [274608 2010-12-23] (RealNetworks, Inc.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1230704 2011-03-21] ()
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [googletalk] "C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /autostart [3739648 2007-01-01] (Google)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-26] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1996200 2012-06-27] (LogMeIn Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKLM-x32\...\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3921432 2012-07-04] (Safer-Networking Ltd.)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
HKU\Mark\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-02-25] (Google Inc.)
HKU\Mark\...\Run: [Google Update] "C:\Users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe" /c [133104 2009-02-25] (Google Inc.)
HKU\Mark\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Mark\...\Run: [BitTorrent DNA] "C:\Users\Mark\Program Files (x86)\DNA\btdna.exe" [323392 2012-01-01] (BitTorrent, Inc.)
HKU\Mark\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17355912 2012-05-02] (Skype Technologies S.A.)
HKU\Mark\...\Run: [RockMelt Update] "C:\Users\Mark\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" /c [136336 2012-04-15] (RockMelt Inc.)
HKU\Mark\...\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x]
HKU\Mark\...\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean [3527176 2012-07-04] (Safer-Networking Ltd.)
HKU\Mcx1\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Mcx1\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
HKU\Mcx1\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Mcx1\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [196608 2009-04-10] (Microsoft Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files\Soluto\soluto.exe /userinit [1716784 2012-04-24] (Soluto)

==================== Services (Whitelisted) ======

2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe" [269520 2011-02-07] (AVG Technologies CZ, s.r.o.)
2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2369960 2012-06-27] (LogMeIn Inc.)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
2 PCSUService; C:\Program Files (x86)\PC Speed Up\PCSUService.exe [233184 2011-09-05] ()
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-10-19] ()
2 RapiMgr; C:\Windows\WindowsMobile\rapimgr.dll [225672 2007-05-31] (Microsoft Corporation)
2 Realtek11nSU; C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1188896 2012-07-04] (Safer-Networking Ltd.)
2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1395736 2012-07-04] (Safer-Networking Ltd.)
2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [166528 2012-03-22] (Safer-Networking Ltd.)
2 WcesComm; C:\Windows\WindowsMobile\wcescomm.dll [443784 2007-05-31] (Microsoft Corporation)
3 rpcapd; "C:\Program Files (x86)\WinPcap\rpcapd.exe" -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini" [x]

========================== Drivers (Whitelisted) =============

3 61883; C:\Windows\System32\Drivers\61883.sys [58496 2008-01-20] (Microsoft Corporation)
1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [14392 2007-12-17] ()
3 AVGIDSDriver; C:\Windows\System32\Drivers\AVGIDSDriver.sys [117328 2011-05-27] (AVG Technologies CZ, s.r.o. )
0 AVGIDSEH; C:\Windows\System32\Drivers\AVGIDSEH.sys [26704 2011-02-21] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\Drivers\AVGIDSFilter.sys [29264 2011-02-09] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [304720 2011-01-06] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [41552 2011-03-01] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [37456 2011-03-16] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [377936 2011-04-04] (AVG Technologies CZ, s.r.o.)
3 ctxva51; C:\Windows\System32\Drivers\ctxva51.sys [45720 2010-05-10] (Citrix Systems, Inc.)
4 DNE; C:\Windows\System32\DRIVERS\dne64x.sys [157968 2008-11-16] (Deterministic Networks, Inc.)
3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
3 ElbyCDFL; C:\Windows\SysWow64\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
3 FlashUSB; C:\Windows\System32\DRIVERS\FlashUSB_x64.sys [20480 2009-05-12] (Danish Wireless Design A/S)
3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15680 2006-11-02] ()
3 NPF; C:\Windows\System32\Drivers\NPF.sys [35344 2010-06-25] (CACE Technologies, Inc.)
3 RTL8192cu; C:\Windows\System32\Drivers\RTL8192cu.sys [729704 2010-08-05] (Realtek Semiconductor Corporation )
2 RtNdPt60; C:\Windows\System32\Drivers\RtNdPt60.sys [26624 2007-12-10] (Windows (R) Codename Longhorn DDK provider)
0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-26] ()
3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [43664 2010-03-25] (Sun Microsystems, Inc.)
3 VMUVC; C:\Windows\System32\Drivers\VMUVC.sys [198400 2009-03-11] (Vimicro Corporation)
3 vvftUVC; C:\Windows\System32\Drivers\vvftUVC.sys [303616 2008-07-01] (Vimicro Corporation)
3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]
3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [x]
3 nmwcdnsucx64; C:\Windows\System32\drivers\nmwcdnsucx64.sys [x]
3 nmwcdnsux64; C:\Windows\System32\drivers\nmwcdnsux64.sys [x]
3 nmwcdx64; C:\Windows\System32\drivers\ccdcmbx64.sys [x]
3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerfltx64.sys [x]
3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [x]
3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [x]
3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [x]
3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltx64j.sys [x]
3 VBoxNetFlt; C:\Windows\System32\DRIVERS\VBoxNetFlt.sys [x]
3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-19 00:28 - 2012-07-19 00:30 - 00001887 ____A C:\Windows\diagwrn.xml
2012-07-19 00:28 - 2012-07-19 00:30 - 00001887 ____A C:\Windows\diagerr.xml
2012-07-18 09:03 - 2012-07-18 09:03 - 00607260 ____R (Swearware) C:\Users\Mark\Desktop\dds.scr
2012-07-18 04:21 - 2012-07-18 08:51 - 00000000 ____A C:\Users\Mark\Desktop\gmer.log
2012-07-18 04:14 - 2012-07-18 04:14 - 00302592 ____A C:\Users\Mark\Desktop\m05mvuex.exe
2012-07-16 09:09 - 2012-07-16 09:10 - 11709306 ____A C:\Users\Mark\Downloads\Sphax 64x Tekkit SMP 3.0.3 v2.1.zip
2012-07-16 09:01 - 2012-07-16 09:02 - 07518500 ____A C:\Users\Mark\Downloads\Sphax PureBDCraft 64x (1).zip
2012-07-16 09:00 - 2012-07-16 09:00 - 00000000 ____A C:\Users\Mark\Downloads\Sphax PureBDCraft 64x.zip.crdownload
2012-07-15 07:55 - 2012-07-15 07:55 - 00000000 __SHD C:\found.002
2012-07-14 09:50 - 2012-07-14 09:50 - 00000000 ____D C:\Users\Mark\AppData\Local\Macromedia
2012-07-14 09:37 - 2012-07-14 09:37 - 12361639 ____A C:\Users\Mark\Downloads\Super Hostile 07 - Legendary v3.1.zip
2012-07-13 07:09 - 2012-07-19 00:28 - 00001155 ____A C:\Windows\setupact.log
2012-07-11 10:30 - 2012-07-11 10:30 - 05792768 ____A C:\Users\Mark\Downloads\aos075install (1).msi
2012-07-11 10:28 - 2012-07-11 10:29 - 00000000 ____D C:\Ace of Spades
2012-07-11 10:28 - 2012-07-11 10:28 - 00000138 ____A C:\Users\Public\Desktop\Play Ace of Spades.url
2012-07-11 10:26 - 2012-07-11 10:26 - 05792768 ____A C:\Users\Mark\Downloads\aos075install.msi
2012-07-11 01:55 - 2012-07-11 01:55 - 00000680 ____A C:\Users\Mark\AppData\Local\d3d9caps.dat
2012-07-11 01:06 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 01:06 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 01:06 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 01:06 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 01:06 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 01:06 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-11 01:06 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-11 01:06 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-11 01:06 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-11 01:06 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-11 01:05 - 2012-06-13 05:58 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 01:05 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 01:05 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 01:05 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 01:05 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 01:05 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 01:05 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 01:05 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 01:05 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 01:05 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 01:05 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-11 01:05 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-11 01:05 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-11 01:05 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-11 01:05 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-11 01:05 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-11 01:05 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-11 01:05 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-11 01:05 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-11 01:01 - 2012-07-11 01:01 - 00012188 ____A C:\Windows\wininit.ini
2012-07-10 23:26 - 2012-06-08 09:59 - 12899840 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 23:26 - 2012-06-08 09:47 - 11586048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 23:26 - 2012-06-05 08:47 - 01401856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 23:26 - 2012-06-05 08:47 - 01248768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 23:26 - 2012-06-05 08:22 - 01869824 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 23:26 - 2012-06-05 08:22 - 01797120 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 23:26 - 2012-06-04 07:29 - 00516480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 23:26 - 2012-06-01 16:22 - 00347136 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 23:26 - 2012-06-01 16:22 - 00254464 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 23:26 - 2012-06-01 16:05 - 00077312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 23:26 - 2012-06-01 16:04 - 00278528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 23:26 - 2012-06-01 16:03 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 22:45 - 2012-07-19 00:23 - 00000632 ____A C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2012-07-10 22:45 - 2012-07-11 01:40 - 00000630 ____A C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2012-07-10 22:45 - 2012-07-11 01:40 - 00000460 ____A C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2012-07-10 22:45 - 2012-07-10 22:45 - 00002012 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2012-07-10 22:44 - 2012-07-10 22:45 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-07-10 22:44 - 2009-01-25 04:14 - 00017272 ____A (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe
2012-07-10 22:42 - 2012-07-10 22:43 - 48534720 ____A (Safer-Networking Ltd. ) C:\Users\Mark\Downloads\spybotsd-2.0.9-rc1.exe
2012-07-10 09:32 - 2012-07-10 09:32 - 00002426 ____A C:\Users\Mark\certificate.p12
2012-07-10 09:27 - 2012-07-11 01:56 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Mumble
2012-07-10 08:44 - 2012-07-10 08:44 - 00000820 ____A C:\Users\Public\Desktop\Mumble.lnk
2012-07-10 08:44 - 2012-07-10 08:44 - 00000000 ____D C:\Program Files (x86)\Mumble
2012-07-10 08:39 - 2012-07-10 08:40 - 17904640 ____A C:\Users\Mark\Downloads\mumble-1.2.3a.msi
2012-07-09 07:06 - 2012-07-15 01:07 - 00000948 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-08 21:34 - 2012-07-08 21:34 - 00000000 __SHD C:\found.001
2012-07-07 11:18 - 2012-07-07 11:18 - 01581077 ____A C:\Users\Mark\Downloads\mcpatcher-2.3.7_02.exe
2012-07-07 11:18 - 2012-07-07 11:18 - 01188737 ____A C:\Users\Mark\Downloads\faithful32pack.zip
2012-07-07 07:40 - 2012-07-07 07:43 - 00000000 ____D C:\Users\Mark\Downloads\save
2012-07-07 07:36 - 2012-07-07 07:39 - 23392175 ____A C:\Users\Mark\Downloads\Delver-alpha-6-22-12.zip
2012-07-07 07:30 - 2012-07-07 07:30 - 10012564 ____A C:\Users\Mark\Downloads\spelunky_1_1.zip
2012-07-07 03:53 - 2012-07-07 03:58 - 00000000 ____D C:\Users\Mark\AppData\Local\SniperV2
2012-07-07 03:51 - 2012-07-07 03:51 - 00360306 ____A C:\Users\Mark\AppData\Local\dd_vcredistMSI61F3.txt
2012-07-07 03:51 - 2012-07-07 03:51 - 00011154 ____A C:\Users\Mark\AppData\Local\dd_vcredistUI61F3.txt
2012-07-07 02:36 - 2012-07-07 02:36 - 00000221 ____A C:\Users\Mark\Desktop\Sniper Elite V2.url
2012-07-06 12:26 - 2012-07-06 12:24 - 00138632 ____A C:\Users\Mark\Desktop\AMIDST.exe
2012-07-06 12:24 - 2012-07-06 12:24 - 00138632 ____A C:\Users\Mark\Downloads\AMIDST.exe
2012-07-06 09:26 - 2012-07-06 09:26 - 04584956 ____A C:\Users\Mark\Downloads\minecraft (3).jar
2012-07-06 08:42 - 2012-07-06 08:42 - 00412873 ____A C:\Users\Mark\Downloads\VoxelSniper.jar
2012-07-06 08:42 - 2012-07-06 08:42 - 00412873 ____A C:\Users\Mark\Downloads\VoxelSniper (1).jar
2012-07-06 08:12 - 2012-07-06 08:12 - 00052736 ____A (Technic) C:\Users\Mark\Downloads\TechnicLauncher.exe
2012-07-06 08:12 - 2012-07-06 08:12 - 00052736 ____A (Technic) C:\Users\Mark\Downloads\TechnicLauncher (1).exe
2012-07-06 07:34 - 2012-07-06 07:34 - 00582170 ____A C:\Users\Mark\Downloads\technic-launcher-latest.jar
2012-07-03 05:48 - 2012-07-03 05:48 - 00051131 ____A C:\Users\Mark\Downloads\TooManyItems2012_04_13_1.2.5 (1).zip
2012-06-27 07:23 - 2012-06-27 07:23 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2012-06-25 07:24 - 2012-06-25 07:24 - 05940198 ____A C:\Users\Mark\Downloads\MAtmos__1__1_0_r10__WithWeaponInteractions.zip
2012-06-24 10:04 - 2012-06-24 10:06 - 15115135 ____A C:\Users\Mark\Downloads\Tony Hawk's Pro Skater 3.zip
2012-06-24 09:55 - 2012-06-24 09:55 - 00197092 ____A C:\Users\Mark\Downloads\Verified_download_skate_2_pc.exe
2012-06-24 09:55 - 2012-06-24 09:55 - 00000000 ____A C:\Users\Mark\Downloads\Unconfirmed 96547.crdownload
2012-06-24 09:54 - 2012-06-24 09:54 - 00000000 ____D C:\Program Files (x86)\TorrentSearch
2012-06-24 09:53 - 2012-06-24 09:55 - 00000000 ____D C:\Program Files (x86)\intellidownload
2012-06-24 09:53 - 2012-06-24 09:53 - 00197088 ____A C:\Users\Mark\Downloads\download_skate_2_pc_Fast.exe
2012-06-24 09:47 - 2012-06-24 09:47 - 00012568 ____A C:\Users\Mark\Downloads\[kat.ph]tony.hawks.pro.skater.2.pc.non.ripped.torrent
2012-06-24 09:26 - 2012-06-24 09:27 - 14036653 ____A C:\Users\Mark\Downloads\Demul_BIOS_Pack.7z
2012-06-24 09:24 - 2012-06-24 09:25 - 00924948 ____A C:\Users\Mark\Downloads\demul057.rar
2012-06-24 09:21 - 2012-06-24 09:21 - 00916620 ____A C:\Users\Mark\Downloads\nullDC_104_r136.7z
2012-06-24 07:44 - 2012-06-24 08:44 - 527154530 ____A C:\Users\Mark\Downloads\Tony Hawk's Pro Skater 2.rar
2012-06-24 07:40 - 2012-06-24 07:40 - 00740033 ____A C:\Users\Mark\Downloads\ChankastAlpha025.rar
2012-06-24 07:32 - 2012-06-24 07:32 - 00000000 ____D C:\Users\Mark\Documents\PCSX2
2012-06-24 07:31 - 2012-06-24 07:31 - 00361900 ____A C:\Users\Mark\AppData\Local\dd_vcredistMSI1211.txt
2012-06-24 07:31 - 2012-06-24 07:31 - 00011240 ____A C:\Users\Mark\AppData\Local\dd_vcredistUI1211.txt
2012-06-24 07:30 - 2012-06-24 07:32 - 00000000 ____D C:\Program Files (x86)\PCSX2 0.9.8
2012-06-24 07:29 - 2012-06-24 07:29 - 12780479 ____A C:\Users\Mark\Downloads\pcsx2-0.9.8-r4600-setup.exe
2012-06-24 00:27 - 2012-06-24 00:27 - 01441789 ____A C:\Users\Mark\Downloads\Derivation4.zip
2012-06-22 12:35 - 2012-07-18 23:23 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-22 12:35 - 2012-07-12 08:23 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-21 07:01 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 07:01 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 07:01 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 07:01 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 07:00 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 07:00 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2012-06-21 07:00 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 07:00 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2012-06-21 07:00 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 07:00 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2012-06-21 06:59 - 2012-06-02 06:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 06:59 - 2012-06-02 06:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2012-06-21 06:59 - 2012-06-02 06:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-21 06:59 - 2012-06-02 06:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2012-06-19 07:30 - 2012-06-19 07:30 - 04540049 ____A C:\Users\Mark\Downloads\minecraft (2).jar

 

[Mark Lightfoot]

============ 3 Months Modified Files ========================
2012-07-19 00:30 - 2012-07-19 00:28 - 00001887 ____A C:\Windows\diagwrn.xml
2012-07-19 00:30 - 2012-07-19 00:28 - 00001887 ____A C:\Windows\diagerr.xml
2012-07-19 00:30 - 2009-03-05 12:36 - 00000012 ____A C:\Windows\bthservsdp.dat
2012-07-19 00:30 - 2008-01-20 17:53 - 01612043 ____A C:\Windows\WindowsUpdate.log
2012-07-19 00:30 - 2006-11-02 07:42 - 00032622 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-19 00:30 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-19 00:30 - 2006-11-02 07:22 - 00003840 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-19 00:30 - 2006-11-02 07:22 - 00003840 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-19 00:28 - 2012-07-13 07:09 - 00001155 ____A C:\Windows\setupact.log
2012-07-19 00:28 - 2011-09-15 23:00 - 00000000 ____A C:\Windows\setuperr.log
2012-07-19 00:23 - 2012-07-10 22:45 - 00000632 ____A C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2012-07-19 00:23 - 2010-04-18 01:54 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-19 00:17 - 2006-11-02 04:46 - 00771128 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-19 00:16 - 2012-04-15 04:11 - 00000924 ____A C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3690599309-3199676340-3372788798-1000UA.job
2012-07-18 23:57 - 2010-04-18 01:54 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-18 23:23 - 2012-06-22 12:35 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-18 23:16 - 2012-04-15 04:14 - 00001948 ____A C:\Users\Mark\Desktop\RockMelt.lnk
2012-07-18 23:12 - 2009-06-29 23:51 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3690599309-3199676340-3372788798-1000UA.job
2012-07-18 23:12 - 2009-02-25 04:12 - 00002037 ____A C:\Users\Mark\Desktop\Google Chrome.lnk
2012-07-18 23:10 - 2011-10-28 14:05 - 00000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3690599309-3199676340-3372788798-1000UA.job
2012-07-18 09:03 - 2012-07-18 09:03 - 00607260 ____R (Swearware) C:\Users\Mark\Desktop\dds.scr
2012-07-18 08:51 - 2012-07-18 04:21 - 00000000 ____A C:\Users\Mark\Desktop\gmer.log
2012-07-18 05:01 - 2010-05-17 05:01 - 00000250 ____A C:\Windows\Tasks\Epson Printer Software Downloader.job
2012-07-18 04:16 - 2012-04-15 04:11 - 00000872 ____A C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3690599309-3199676340-3372788798-1000Core.job
2012-07-18 04:14 - 2012-07-18 04:14 - 00302592 ____A C:\Users\Mark\Desktop\m05mvuex.exe
2012-07-18 04:08 - 2011-09-14 03:20 - 00049838 ____A C:\Windows\PFRO.log
2012-07-17 22:09 - 2009-06-29 23:51 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3690599309-3199676340-3372788798-1000Core.job
2012-07-16 09:10 - 2012-07-16 09:09 - 11709306 ____A C:\Users\Mark\Downloads\Sphax 64x Tekkit SMP 3.0.3 v2.1.zip
2012-07-16 09:02 - 2012-07-16 09:01 - 07518500 ____A C:\Users\Mark\Downloads\Sphax PureBDCraft 64x (1).zip
2012-07-16 09:00 - 2012-07-16 09:00 - 00000000 ____A C:\Users\Mark\Downloads\Sphax PureBDCraft 64x.zip.crdownload
2012-07-15 01:07 - 2012-07-09 07:06 - 00000948 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-14 09:37 - 2012-07-14 09:37 - 12361639 ____A C:\Users\Mark\Downloads\Super Hostile 07 - Legendary v3.1.zip
2012-07-12 08:23 - 2012-06-22 12:35 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-12 08:23 - 2011-05-19 08:26 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-11 10:30 - 2012-07-11 10:30 - 05792768 ____A C:\Users\Mark\Downloads\aos075install (1).msi
2012-07-11 10:28 - 2012-07-11 10:28 - 00000138 ____A C:\Users\Public\Desktop\Play Ace of Spades.url
2012-07-11 10:26 - 2012-07-11 10:26 - 05792768 ____A C:\Users\Mark\Downloads\aos075install.msi
2012-07-11 01:55 - 2012-07-11 01:55 - 00000680 ____A C:\Users\Mark\AppData\Local\d3d9caps.dat
2012-07-11 01:40 - 2012-07-10 22:45 - 00000630 ____A C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2012-07-11 01:40 - 2012-07-10 22:45 - 00000460 ____A C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2012-07-11 01:40 - 2006-11-02 07:21 - 05068272 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 01:15 - 2006-11-02 04:34 - 00000429 ____A C:\Windows\win.ini
2012-07-11 01:08 - 2006-11-02 04:35 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-07-11 01:01 - 2012-07-11 01:01 - 00012188 ____A C:\Windows\wininit.ini
2012-07-10 22:45 - 2012-07-10 22:45 - 00002012 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2012-07-10 22:43 - 2012-07-10 22:42 - 48534720 ____A (Safer-Networking Ltd. ) C:\Users\Mark\Downloads\spybotsd-2.0.9-rc1.exe
2012-07-10 09:32 - 2012-07-10 09:32 - 00002426 ____A C:\Users\Mark\certificate.p12
2012-07-10 08:44 - 2012-07-10 08:44 - 00000820 ____A C:\Users\Public\Desktop\Mumble.lnk
2012-07-10 08:40 - 2012-07-10 08:39 - 17904640 ____A C:\Users\Mark\Downloads\mumble-1.2.3a.msi
2012-07-08 12:59 - 2009-11-14 02:51 - 00000406 ____A C:\Windows\Tasks\SmartDefrag.job
2012-07-07 11:18 - 2012-07-07 11:18 - 01581077 ____A C:\Users\Mark\Downloads\mcpatcher-2.3.7_02.exe
2012-07-07 11:18 - 2012-07-07 11:18 - 01188737 ____A C:\Users\Mark\Downloads\faithful32pack.zip
2012-07-07 07:39 - 2012-07-07 07:36 - 23392175 ____A C:\Users\Mark\Downloads\Delver-alpha-6-22-12.zip
2012-07-07 07:30 - 2012-07-07 07:30 - 10012564 ____A C:\Users\Mark\Downloads\spelunky_1_1.zip
2012-07-07 03:51 - 2012-07-07 03:51 - 00360306 ____A C:\Users\Mark\AppData\Local\dd_vcredistMSI61F3.txt
2012-07-07 03:51 - 2012-07-07 03:51 - 00011154 ____A C:\Users\Mark\AppData\Local\dd_vcredistUI61F3.txt
2012-07-07 02:36 - 2012-07-07 02:36 - 00000221 ____A C:\Users\Mark\Desktop\Sniper Elite V2.url
2012-07-06 12:24 - 2012-07-06 12:26 - 00138632 ____A C:\Users\Mark\Desktop\AMIDST.exe
2012-07-06 12:24 - 2012-07-06 12:24 - 00138632 ____A C:\Users\Mark\Downloads\AMIDST.exe
2012-07-06 09:26 - 2012-07-06 09:26 - 04584956 ____A C:\Users\Mark\Downloads\minecraft (3).jar
2012-07-06 08:42 - 2012-07-06 08:42 - 00412873 ____A C:\Users\Mark\Downloads\VoxelSniper.jar
2012-07-06 08:42 - 2012-07-06 08:42 - 00412873 ____A C:\Users\Mark\Downloads\VoxelSniper (1).jar
2012-07-06 08:12 - 2012-07-06 08:12 - 00052736 ____A (Technic) C:\Users\Mark\Downloads\TechnicLauncher.exe
2012-07-06 08:12 - 2012-07-06 08:12 - 00052736 ____A (Technic) C:\Users\Mark\Downloads\TechnicLauncher (1).exe
2012-07-06 07:34 - 2012-07-06 07:34 - 00582170 ____A C:\Users\Mark\Downloads\technic-launcher-latest.jar
2012-07-03 05:48 - 2012-07-03 05:48 - 00051131 ____A C:\Users\Mark\Downloads\TooManyItems2012_04_13_1.2.5 (1).zip
2012-07-03 04:46 - 2009-10-06 23:32 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-25 07:24 - 2012-06-25 07:24 - 05940198 ____A C:\Users\Mark\Downloads\MAtmos__1__1_0_r10__WithWeaponInteractions.zip
2012-06-24 10:06 - 2012-06-24 10:04 - 15115135 ____A C:\Users\Mark\Downloads\Tony Hawk's Pro Skater 3.zip
2012-06-24 09:55 - 2012-06-24 09:55 - 00197092 ____A C:\Users\Mark\Downloads\Verified_download_skate_2_pc.exe
2012-06-24 09:55 - 2012-06-24 09:55 - 00000000 ____A C:\Users\Mark\Downloads\Unconfirmed 96547.crdownload
2012-06-24 09:53 - 2012-06-24 09:53 - 00197088 ____A C:\Users\Mark\Downloads\download_skate_2_pc_Fast.exe
2012-06-24 09:47 - 2012-06-24 09:47 - 00012568 ____A C:\Users\Mark\Downloads\[kat.ph]tony.hawks.pro.skater.2.pc.non.ripped.torrent
2012-06-24 09:27 - 2012-06-24 09:26 - 14036653 ____A C:\Users\Mark\Downloads\Demul_BIOS_Pack.7z
2012-06-24 09:25 - 2012-06-24 09:24 - 00924948 ____A C:\Users\Mark\Downloads\demul057.rar
2012-06-24 09:21 - 2012-06-24 09:21 - 00916620 ____A C:\Users\Mark\Downloads\nullDC_104_r136.7z
2012-06-24 08:44 - 2012-06-24 07:44 - 527154530 ____A C:\Users\Mark\Downloads\Tony Hawk's Pro Skater 2.rar
2012-06-24 07:40 - 2012-06-24 07:40 - 00740033 ____A C:\Users\Mark\Downloads\ChankastAlpha025.rar
2012-06-24 07:31 - 2012-06-24 07:31 - 00361900 ____A C:\Users\Mark\AppData\Local\dd_vcredistMSI1211.txt
2012-06-24 07:31 - 2012-06-24 07:31 - 00011240 ____A C:\Users\Mark\AppData\Local\dd_vcredistUI1211.txt
2012-06-24 07:29 - 2012-06-24 07:29 - 12780479 ____A C:\Users\Mark\Downloads\pcsx2-0.9.8-r4600-setup.exe
2012-06-24 00:27 - 2012-06-24 00:27 - 01441789 ____A C:\Users\Mark\Downloads\Derivation4.zip
2012-06-19 07:30 - 2012-06-19 07:30 - 04540049 ____A C:\Users\Mark\Downloads\minecraft (2).jar
2012-06-18 09:18 - 2012-06-18 09:18 - 00001011 ____A C:\Users\Mark\Desktop\TeamSpeak 3 Client.lnk
2012-06-18 09:15 - 2012-06-18 09:13 - 32112904 ____A (TeamSpeak Systems GmbH) C:\Users\Mark\Downloads\TeamSpeak3-Client-win64-3.0.6.exe
2012-06-16 01:06 - 2012-06-16 01:06 - 00411541 ____A C:\Users\Mark\Downloads\MineCraftSkinStealer.exe
2012-06-16 01:06 - 2012-06-16 01:06 - 00000990 ____A C:\Users\Mark\Desktop\MineCraftSkinStealer.lnk
2012-06-13 05:58 - 2012-07-11 01:05 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-11 11:38 - 2012-06-11 11:34 - 29262633 ____A C:\Users\Mark\Downloads\The Survival Game V.1.4.zip
2012-06-11 10:27 - 2012-06-11 10:27 - 00001872 ____A C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
2012-06-11 10:27 - 2012-06-11 10:27 - 00001863 ____A C:\Users\Public\Desktop\Tribes Ascend.lnk
2012-06-11 10:24 - 2012-06-11 10:24 - 13779760 ____A (Hi-Rez Studios) C:\Users\Mark\Downloads\InstallHiRezGamesEnglish.exe
2012-06-08 09:59 - 2012-07-10 23:26 - 12899840 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 09:47 - 2012-07-10 23:26 - 11586048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 08:47 - 2012-07-10 23:26 - 01401856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 08:47 - 2012-07-10 23:26 - 01248768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 08:22 - 2012-07-10 23:26 - 01869824 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 08:22 - 2012-07-10 23:26 - 01797120 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-04 07:29 - 2012-07-10 23:26 - 00516480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 14:19 - 2012-06-21 07:01 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 07:01 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 07:01 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 07:00 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 07:00 - 00577048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2012-06-02 14:19 - 2012-06-21 07:00 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:19 - 2012-06-21 07:00 - 00035864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2012-06-02 14:15 - 2012-06-21 07:01 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 07:00 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:12 - 2012-06-21 07:00 - 00088576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2012-06-02 06:19 - 2012-06-21 06:59 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 06:19 - 2012-06-21 06:59 - 00171904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2012-06-02 06:15 - 2012-06-21 06:59 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 06:12 - 2012-06-21 06:59 - 00033792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2012-06-02 04:49 - 2012-07-11 01:05 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-11 01:05 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-11 01:05 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-11 01:06 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:05 - 2012-07-11 01:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:04 - 2012-07-11 01:06 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:04 - 2012-07-11 01:05 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:03 - 2012-07-11 01:05 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-11 01:05 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-11 01:05 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-11 01:06 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-11 01:06 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-11 01:06 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-11 01:05 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-11 01:05 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-11 01:05 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-11 01:05 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-11 01:06 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-11 01:05 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-11 01:05 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-11 01:06 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-11 01:05 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 01:05 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 01:06 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-11 01:05 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-11 01:06 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 01:06 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 01:05 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 16:22 - 2012-07-10 23:26 - 00347136 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 16:22 - 2012-07-10 23:26 - 00254464 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 16:05 - 2012-07-10 23:26 - 00077312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 16:04 - 2012-07-10 23:26 - 00278528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 16:03 - 2012-07-10 23:26 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-05-31 21:55 - 2012-05-31 21:55 - 00000993 ____A C:\Users\Public\Desktop\Doxillion Document Converter.lnk
2012-05-31 09:41 - 2012-05-31 09:41 - 03843841 ____A C:\Users\Mark\Downloads\NodusUpdate.jar
2012-05-31 08:15 - 2012-05-31 08:14 - 04542344 ____A C:\Users\Mark\Downloads\minecraft (1).jar
2012-05-27 06:46 - 2012-05-27 06:43 - 24460600 ____A ( ) C:\Users\Mark\Downloads\gimp-help-2-2.6.0-en-setup.exe
2012-05-27 02:06 - 2012-05-27 02:06 - 00057433 ____A C:\Users\Mark\Downloads\NBTedit.zip
2012-05-27 00:32 - 2012-05-27 00:32 - 00278561 ____A C:\Users\Mark\Downloads\Minecraft.exe
2012-05-27 00:02 - 2012-05-27 00:02 - 04499708 ____A C:\Users\Mark\Downloads\minecraft.jar
2012-05-24 08:59 - 2012-05-24 08:59 - 00051131 ____A C:\Users\Mark\Downloads\TooManyItems2012_04_13_1.2.5.zip
2012-05-24 08:49 - 2012-05-24 08:49 - 00026472 ____A C:\Users\Mark\Downloads\ModLoaderMP 1.2.5 v1.zip
2012-05-24 08:48 - 2012-05-24 08:48 - 00103347 ____A C:\Users\Mark\Downloads\ModLoader.zip
2012-05-24 08:46 - 2012-05-24 08:46 - 00548785 ____A C:\Users\Mark\Downloads\invasion_mod client 0.9.4.zip
2012-05-24 08:34 - 2011-12-07 10:16 - 00001170 ____A C:\Users\Public\Desktop\Minecraft Version Changer.lnk
2012-05-24 08:30 - 2012-05-24 08:26 - 41458688 ____A C:\Users\Mark\Downloads\Minecraft Version Changer v17.0.msi
2012-05-24 08:04 - 2012-05-24 08:03 - 06905480 ____A C:\Users\Mark\Downloads\Sonic Ethers Unbelievable Shaders v08 1.2.4 and 1.2.5 (Windows) (1).zip
2012-05-23 08:49 - 2012-05-23 08:48 - 06905480 ____A C:\Users\Mark\Downloads\Sonic Ethers Unbelievable Shaders v08 1.2.4 and 1.2.5 (Windows).zip
2012-05-23 08:22 - 2012-05-23 08:22 - 00085897 ____A C:\Users\Mark\Downloads\CameraStudioV1.2.4b347.zip
2012-05-23 08:12 - 2012-05-23 08:12 - 04262573 ____A C:\Users\Mark\Downloads\minema_v1.32_mc1.2.5_bundle_win32.zip
2012-05-22 12:25 - 2012-05-22 12:25 - 00142069 ____A C:\Users\Mark\Downloads\2D-Craft 1.3.1.zip
2012-05-22 11:55 - 2012-05-22 11:52 - 32812717 ____A C:\Users\Mark\Downloads\SkyGrid.zip
2012-05-22 07:52 - 2012-05-22 07:52 - 00999771 ____A C:\Users\Mark\Downloads\SinglePlayerCommands-MC1.2.5_V3.2.2.jar
2012-05-21 07:27 - 2012-05-21 07:27 - 00034287 ____A C:\Users\Mark\Downloads\QuidCraft Server 1.2.5_Rev1.zip
2012-05-21 07:26 - 2012-05-21 07:26 - 00083020 ____A C:\Users\Mark\Downloads\ModLoaderMP Server 1.2.5 v1.zip
2012-05-21 07:14 - 2012-05-21 07:14 - 01408470 ____A C:\Users\Mark\Downloads\minecraft_server.jar
2012-05-19 02:54 - 2012-05-19 02:50 - 00000043 ____A C:\Users\Mark\jagex_cl_runescape_LIVE.dat
2012-05-19 02:54 - 2009-09-04 10:44 - 00000099 ____A C:\Users\Mark\jagex_runescape_preferences2.dat
2012-05-19 02:54 - 2009-07-29 06:49 - 00000046 ____A C:\Users\Mark\jagex_runescape_preferences.dat
2012-05-19 02:51 - 2012-05-19 02:51 - 00000044 ____A C:\Users\Mark\jagex_cl_runescape_LIVE1.dat
2012-05-16 08:18 - 2012-05-16 08:18 - 00955848 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-05-16 08:18 - 2012-05-16 08:18 - 00268744 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-05-16 08:18 - 2012-05-16 08:18 - 00189384 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-05-16 08:18 - 2012-05-16 08:18 - 00188872 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-05-16 08:18 - 2011-10-15 07:57 - 00839112 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-05-16 08:04 - 2012-05-16 08:04 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-05-16 08:04 - 2012-05-16 08:04 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-05-16 08:03 - 2012-05-16 08:03 - 00012713 ____A C:\Users\Mark\Desktop\hs_err_pid4344.log
2012-05-15 10:34 - 2012-05-15 10:33 - 00314944 ____A C:\Users\Mark\Desktop\Smart piston door.wmv.sfk
2012-05-15 10:32 - 2009-02-26 00:21 - 00014848 ____A C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-15 10:27 - 2012-05-15 10:24 - 140531861 ____A C:\Users\Mark\Desktop\Smart piston door.wmv
2012-05-12 14:09 - 2011-10-28 14:04 - 00000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3690599309-3199676340-3372788798-1000Core.job
2012-05-12 11:47 - 2012-05-12 11:45 - 00053120 ____A C:\Users\Mark\Desktop\Enter the vault.wmv.sfk
2012-05-12 11:41 - 2012-05-12 11:41 - 09701495 ____A C:\Users\Mark\Desktop\Enter the vault.wmv
2012-05-09 12:11 - 2012-05-09 12:08 - 68424822 ____A C:\Users\Mark\Desktop\Movie.wmv
2012-05-07 04:28 - 2012-05-07 04:26 - 41065781 ____A C:\Users\Mark\Desktop\Minecraft pigbreeder.wmv
2012-05-06 23:55 - 2012-05-06 23:55 - 00001878 ____A C:\Users\Public\Desktop\Populous - The Beginning.lnk
2012-05-03 13:22 - 2012-05-03 13:22 - 00000997 ____A C:\Users\Public\Desktop\TeamViewer 7.lnk
2012-05-01 09:10 - 2012-05-01 09:10 - 00000582 ____A C:\Users\Public\Desktop\BrickForce.lnk
2012-05-01 06:29 - 2012-06-14 07:07 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-24 08:13 - 2011-07-10 00:01 - 00054728 ____A (Soluto LTD.) C:\Windows\System32\Drivers\Soluto.sys
2012-04-23 08:25 - 2012-06-14 07:07 - 01267200 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 08:25 - 2012-06-14 07:07 - 00174592 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 08:25 - 2012-06-14 07:07 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 08:00 - 2012-06-14 07:07 - 00984064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 08:00 - 2012-06-14 07:07 - 00133120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 08:00 - 2012-06-14 07:07 - 00098304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-22 00:18 - 2012-04-22 00:18 - 00002018 ____A C:\Users\Public\Desktop\Portal 2 Map Installer.lnk
ZeroAccess:
C:\Windows\Installer\{004b5cc8-8c67-82c7-d628-080fa4a14d84}
C:\Windows\Installer\{004b5cc8-8c67-82c7-d628-080fa4a14d84}\@
C:\Windows\Installer\{004b5cc8-8c67-82c7-d628-080fa4a14d84}\L
C:\Windows\Installer\{004b5cc8-8c67-82c7-d628-080fa4a14d84}\U
C:\Windows\Installer\{004b5cc8-8c67-82c7-d628-080fa4a14d84}\L\00000004.@
C:\Windows\Installer\{004b5cc8-8c67-82c7-d628-080fa4a14d84}\L\1afb2d56
C:\Windows\Installer\{004b5cc8-8c67-82c7-d628-080fa4a14d84}\L\201d3dde
C:\Windows\Installer\{004b5cc8-8c67-82c7-d628-080fa4a14d84}\L\55490ac4
C:\Windows\Installer\{004b5cc8-8c67-82c7-d628-080fa4a14d84}\U\00000004.@
C:\Windows\Installer\{004b5cc8-8c67-82c7-d628-080fa4a14d84}\U\00000008.@
C:\Windows\Installer\{004b5cc8-8c67-82c7-d628-080fa4a14d84}\U\000000cb.@
C:\Windows\Installer\{004b5cc8-8c67-82c7-d628-080fa4a14d84}\U\80000000.@
C:\Windows\Installer\{004b5cc8-8c67-82c7-d628-080fa4a14d84}\U\80000032.@
C:\Windows\Installer\{004b5cc8-8c67-82c7-d628-080fa4a14d84}\U\80000064.@
ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2010-08-25 01:56] - [2009-04-10 23:10] - 0381952 ____A (Microsoft Corporation) B8844F93D2C5F1DCDB179AAA9AF134B7
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 16%
Total physical RAM: 4094.18 MB
Available physical RAM: 3427.61 MB
Total Pagefile: 3825.36 MB
Available Pagefile: 3411.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB
======================= Partitions =========================
2 Drive c: () (Fixed) (Total:465.76 GB) (Free:125.98 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive d: (DRV3_VOL1) (Fixed) (Total:189.92 GB) (Free:178.79 GB) NTFS
4 Drive e: (FRMCXFRE_EN_DVD) (CDROM) (Total:3.66 GB) (Free:0 GB) UDF
5 Drive f: () (Removable) (Total:0.92 GB) (Free:0.92 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 0 B
Disk 1 Online 190 GB 4096 KB
Disk 2 Online 943 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 466 GB 1024 KB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 466 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 190 GB 32 KB
==================================================================================
Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D DRV3_VOL1 NTFS Partition 190 GB Healthy
==================================================================================
Partitions of Disk 2:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 942 MB 68 KB
==================================================================================
Disk: 2
Partition 1
Type : 06
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Removable 942 MB Healthy
==================================================================================
==========================================================
Last Boot: 2012-07-19 00:30
======================= End Of Log ==========================

 

[Mark Lightfoot]

There's the Farbar results. I had to split it in two. I just scanned. I'm assuming that was right. There was no instruction to 'fix'.

Cheers

 

[Broni]

In Vista or Windows 7: Boot to System Recovery Options and run FRST.
In Windows XP: Please boot to UBCD and run FRST.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes to your reply.

 

[Mark Lightfoot]

Farbar Recovery Scan Tool Version: 16-07-2012 02
Ran by SYSTEM at 2012-07-21 13:00:07
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2010-08-25 01:56] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2008-01-20 18:50] - [2008-01-20 18:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2010-08-25 01:56] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
[2008-01-20 18:49] - [2008-01-20 18:49] - 0384512 ____A (Microsoft Corporation) DFAC660F0F139276CC9299812DE42719

C:\Windows\SysWOW64\services.exe
[2010-08-25 01:56] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\System32\services.exe
[2010-08-25 01:56] - [2009-04-10 23:10] - 0381952 ____A (Microsoft Corporation) B8844F93D2C5F1DCDB179AAA9AF134B7

====== End Of Search ======

 

[Broni]

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next....

Restart normally.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

• Double-click on the Rkill icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[Mark Lightfoot]

ComboFix 12-07-24.01 - Mark 23/07/2012 21:26:27.1.3 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.4094.2387 [GMT 1:00]
Running from: c:\users\Mark\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *Disabled/Outdated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\intellidownload\gunzip.exe
c:\users\Mark\AppData\Local\._Revolution_
c:\users\Mark\AppData\Roaming\inst.exe
c:\users\Mark\AppData\Roaming\Love
c:\users\Mark\AppData\Roaming\Love\mari0\options.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-06-23 to 2012-07-23 )))))))))))))))))))))))))))))))
.
.
2012-07-19 17:52 . 2012-07-19 17:52--------d-----w-C:\FRST
2012-07-15 15:55 . 2012-07-15 15:55--------d-----w-C:\found.002
2012-07-14 17:50 . 2012-07-14 17:50--------d-----w-c:\users\Mark\AppData\Local\Macromedia
2012-07-11 18:28 . 2012-07-11 18:29--------d-----w-C:\Ace of Spades
2012-07-11 09:05 . 2012-06-02 12:52754808----a-w-c:\program files\Internet Explorer\iexplore.exe
2012-07-11 07:26 . 2012-06-05 16:22974848----a-w-c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 07:26 . 2012-06-05 16:47708608----a-w-c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-11 07:26 . 2012-06-05 16:221797120----a-w-c:\windows\system32\msxml6.dll
2012-07-11 07:26 . 2012-06-05 16:221869824----a-w-c:\windows\system32\msxml3.dll
2012-07-11 07:26 . 2012-06-05 16:471401856----a-w-c:\windows\SysWow64\msxml6.dll
2012-07-11 07:26 . 2012-06-05 16:471248768----a-w-c:\windows\SysWow64\msxml3.dll
2012-07-11 07:26 . 2012-06-04 15:29516480----a-w-c:\windows\system32\drivers\ksecdd.sys
2012-07-11 07:26 . 2012-06-02 00:22347136----a-w-c:\windows\system32\schannel.dll
2012-07-11 07:26 . 2012-06-02 00:22254464----a-w-c:\windows\system32\ncrypt.dll
2012-07-11 07:26 . 2012-06-02 00:03204288----a-w-c:\windows\SysWow64\ncrypt.dll
2012-07-11 07:26 . 2012-06-08 17:5912899840----a-w-c:\windows\system32\shell32.dll
2012-07-10 17:27 . 2012-07-23 14:31--------d-----w-c:\users\Mark\AppData\Roaming\Mumble
2012-07-10 16:44 . 2012-07-10 16:44--------d-----w-c:\program files (x86)\Mumble
2012-07-09 05:34 . 2012-07-09 05:34--------d-----w-C:\found.001
2012-07-07 11:53 . 2012-07-07 11:58--------d-----w-c:\users\Mark\AppData\Local\SniperV2
2012-07-06 16:12 . 2012-07-06 16:1252736----a-w-c:\users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\TechnicLauncher.exe
2012-06-27 15:23 . 2012-06-27 15:23--------d-----w-c:\program files (x86)\LogMeIn Hamachi
2012-06-24 17:54 . 2012-06-24 17:55--------d-----w-c:\program files (x86)\OApps
2012-06-24 17:54 . 2012-06-24 17:54--------d-----w-c:\program files (x86)\TorrentSearch
2012-06-24 17:53 . 2012-07-23 20:42--------d-----w-c:\program files (x86)\intellidownload
2012-06-24 15:30 . 2012-06-24 15:32--------d-----w-c:\program files (x86)\PCSX2 0.9.8
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 16:23 . 2012-06-22 20:35426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 16:23 . 2011-05-19 16:2670344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 09:08 . 2006-11-02 12:3559701280----a-w-c:\windows\system32\mrt.exe
2012-06-02 22:19 . 2012-06-21 15:0038424----a-w-c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 15:012428952----a-w-c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 15:0157880----a-w-c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 15:0144056----a-w-c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 15:0035864----a-w-c:\windows\SysWow64\wups.dll
2012-06-02 22:19 . 2012-06-21 15:00701976----a-w-c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 15:00577048----a-w-c:\windows\SysWow64\wuapi.dll
2012-06-02 22:15 . 2012-06-21 15:012622464----a-w-c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 15:0099840----a-w-c:\windows\system32\wudriver.dll
2012-06-02 22:12 . 2012-06-21 15:0088576----a-w-c:\windows\SysWow64\wudriver.dll
2012-06-02 14:19 . 2012-06-21 14:59186752----a-w-c:\windows\system32\wuwebv.dll
2012-06-02 14:19 . 2012-06-21 14:59171904----a-w-c:\windows\SysWow64\wuwebv.dll
2012-06-02 14:15 . 2012-06-21 14:5936864----a-w-c:\windows\system32\wuapp.exe
2012-06-02 14:12 . 2012-06-21 14:5933792----a-w-c:\windows\SysWow64\wuapp.exe
2012-06-02 08:25 . 2012-07-11 09:051129472----a-w-c:\windows\SysWow64\wininet.dll
2012-06-02 00:05 . 2012-07-11 07:2677312----a-w-c:\windows\SysWow64\secur32.dll
2012-06-02 00:04 . 2012-07-11 07:26278528----a-w-c:\windows\SysWow64\schannel.dll
2012-05-27 08:32 . 2012-05-27 08:33278561----a-w-c:\users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Minecraft.exe
2012-05-16 16:18 . 2012-05-16 16:18955848----a-w-c:\windows\system32\npDeployJava1.dll
2012-05-16 16:18 . 2012-05-16 16:18268744----a-w-c:\windows\system32\javaws.exe
2012-05-16 16:18 . 2012-05-16 16:18189384----a-w-c:\windows\system32\javaw.exe
2012-05-16 16:18 . 2012-05-16 16:18188872----a-w-c:\windows\system32\java.exe
2012-05-16 16:18 . 2011-10-15 15:57839112----a-w-c:\windows\system32\deployJava1.dll
2012-05-01 14:29 . 2012-06-14 15:07209920----a-w-c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-25 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"BitTorrent DNA"="c:\users\Mark\Program Files (x86)\DNA\btdna.exe" [2012-01-01 323392]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912]
"RockMelt Update"="c:\users\Mark\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" [2012-04-15 136336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"VMonitorVMUVC"="c:\program files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe" [2008-03-26 135168]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"CloneCDTray"="c:\program files (x86)\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"Standby"="c:\program files (x86)\Common Files\Corel\Standby\Standby.exe" [2010-06-26 105632]
"TkBellExe"="c:\program files (x86)\Real\realplayer\update\realsched.exe" [2010-12-23 274608]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HD Writer.lnk - c:\program files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe [2012-1-7 292240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux8"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecuteREG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22 16:23]
.
2012-07-23 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\program files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 10:43]
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-18 09:54]
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-18 09:54]
.
2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3690599309-3199676340-3372788798-1000Core.job
- c:\users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-25 12:11]
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3690599309-3199676340-3372788798-1000UA.job
- c:\users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-25 12:11]
.
2012-07-23 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3690599309-3199676340-3372788798-1000Core.job
- c:\users\Mark\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-04-15 12:11]
.
2012-07-23 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3690599309-3199676340-3372788798-1000UA.job
- c:\users\Mark\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-04-15 12:11]
.
2010-12-18 c:\windows\Tasks\User_Feed_Synchronization-{7CA029EA-6EF1-4D31-8269-B436D7F88AC9}.job
- c:\windows\system32\msfeedssync.exe [2011-04-21 12:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-08-06 6455840]
"Skytel"="Skytel.exe" [2008-08-06 1833504]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bbc.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\j2o6c452.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?babsrc=HP_ss&affID=107763&mntrId=28ab22e5000000000000801f0215f18d
FF - user.js: extentions.y2layers.installId - d1206e98-f879-4534-a8a2-47dca13a9332
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,DropDownDeals,
FF - user.js: extensions.BabylonToolbar_i.id - 28ab22e5000000000000801f0215f18d
FF - user.js: extensions.BabylonToolbar_i.hardId - 28ab22e5000000000000801f0215f18d
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15306
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:46
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=107763
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-abgx360 - c:\users\Mark\Desktop\abgx360\uninstall.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-CraftBukkit - 0:\users\Mark\Desktop\minecraft stuff\server\Bukkit\Uninstall.exe
AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 - c:\program files (x86)\Complitly\unins000.exe
AddRemove-{5C13C5F3-6E30-449F-8872-DF8AC35AE285}_is1 - c:\users\Mark\Desktop\minecraft stuff\server\Bukkit\CraftBukkit\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\PC Speed Up\PCSUService.exe
c:\program files (x86)\ASUS\AASP\1.00.74\aaCenter.exe
c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe
c:\program files (x86)\Edimax\11n USB Wireless LAN Utility\RtWlan.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe
c:\users\Mark\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
.
**************************************************************************
.
Completion time: 2012-07-23 21:59:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-23 20:59
.
Pre-Run: 134,717,599,744 bytes free
Post-Run: 135,272,935,424 bytes free
.
- - End Of File - - 092DB0D3FAF8E2975C8F2A73E0029641

 

[Mark Lightfoot]

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 16-07-2012 02
Ran by SYSTEM at 2012-07-23 17:15:53 Run:1
Running from F:\
==============================================
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\consrv.dll not found.
C:\Windows\Installer\{004b5cc8-8c67-82c7-d628-080fa4a14d84} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe copied successfully to C:\Windows\System32\services.exe
==== End of Fixlog ====

 

[Broni]

Looks good

Any current issues?

You can reinstall AVG now.

==============================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[Mark Lightfoot]

OTL logfile created on: 24/07/2012 10:26:46 - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Mark\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 43.00% Memory free
8.22 Gb Paging File | 5.86 Gb Available in Paging File | 71.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 123.09 Gb Free Space | 26.43% Space Free | Partition Type: NTFS
Drive E: | 189.92 Gb Total Space | 183.86 Gb Free Space | 96.81% Space Free | Partition Type: NTFS
Drive F: | 941.73 Mb Total Space | 940.25 Mb Free Space | 99.84% Space Free | Partition Type: FAT

Computer Name: BIGBADDAD4 | User Name: Mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/24 10:03:42 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
PRC - [2012/07/03 17:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 17:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/06/27 12:29:26 | 001,996,200 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/03/19 12:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/01/01 10:51:34 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Mark\Program Files (x86)\DNA\btdna.exe
PRC - [2011/10/19 16:53:51 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/09/05 14:43:12 | 000,233,184 | ---- | M] () -- C:\Program Files (x86)\PC Speed Up\PCSUService.exe
PRC - [2011/08/25 10:35:18 | 001,584,472 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/21 19:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/01/12 18:24:06 | 000,292,240 | ---- | M] (Panasonic Corporation) -- C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
PRC - [2010/12/23 10:05:14 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\realplayer\Update\realsched.exe
PRC - [2010/07/27 18:33:18 | 001,167,360 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtWLan.exe
PRC - [2010/06/26 12:54:22 | 000,105,632 | ---- | M] (Corel) -- C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe
PRC - [2010/04/16 16:10:58 | 000,036,864 | ---- | M] (Realtek) -- C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe
PRC - [2009/04/07 09:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/09/03 09:22:32 | 000,621,568 | R--- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.74\aaCenter.exe
PRC - [2008/03/26 18:33:00 | 000,135,168 | ---- | M] (Vimicro Corporation) -- C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe
PRC - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/01/01 22:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Talk\googletalk.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/18 07:05:18 | 000,442,392 | ---- | M] () -- C:\Users\Mark\AppData\Local\Google\Chrome\Application\21.0.1180.49\ppgooglenaclpluginchrome.dll
MOD - [2012/07/18 07:05:17 | 012,228,120 | ---- | M] () -- C:\Users\Mark\AppData\Local\Google\Chrome\Application\21.0.1180.49\PepperFlash\pepflashplayer.dll
MOD - [2012/07/18 07:05:16 | 003,997,720 | ---- | M] () -- C:\Users\Mark\AppData\Local\Google\Chrome\Application\21.0.1180.49\pdf.dll
MOD - [2012/07/18 07:04:01 | 000,526,872 | ---- | M] () -- C:\Users\Mark\AppData\Local\Google\Chrome\Application\21.0.1180.49\libglesv2.dll
MOD - [2012/07/18 07:03:59 | 000,104,984 | ---- | M] () -- C:\Users\Mark\AppData\Local\Google\Chrome\Application\21.0.1180.49\libegl.dll
MOD - [2012/07/18 07:03:49 | 000,144,424 | ---- | M] () -- C:\Users\Mark\AppData\Local\Google\Chrome\Application\21.0.1180.49\avutil-51.dll
MOD - [2012/07/18 07:03:47 | 000,266,792 | ---- | M] () -- C:\Users\Mark\AppData\Local\Google\Chrome\Application\21.0.1180.49\avformat-54.dll
MOD - [2012/07/18 07:03:46 | 002,480,680 | ---- | M] () -- C:\Users\Mark\AppData\Local\Google\Chrome\Application\21.0.1180.49\avcodec-54.dll
MOD - [2012/02/20 08:52:41 | 008,358,400 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-54.dll
MOD - [2012/02/20 08:52:41 | 001,152,512 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-54.dll
MOD - [2012/02/20 08:52:41 | 000,333,824 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-2.dll
MOD - [2012/02/20 08:52:41 | 000,151,040 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-51.dll
MOD - [2011/08/19 16:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/21 19:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 19:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/03/12 15:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 13:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
MOD - [2008/09/03 09:22:32 | 000,621,568 | R--- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.74\aaCenter.exe
MOD - [2008/01/17 09:46:20 | 000,053,248 | R--- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.74\cpuutil.dll
MOD - [2006/05/25 10:18:08 | 000,106,548 | R--- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.74\PowNap.dll
MOD - [2006/01/10 09:50:20 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2005/06/22 10:39:56 | 000,204,851 | R--- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.74\PowerDll.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/07/03 17:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/04/24 17:32:38 | 000,584,224 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/12/11 21:44:52 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008/01/21 03:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/12 17:23:25 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/07 10:07:29 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/06/27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/05/30 16:54:04 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/19 12:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/10/19 16:53:51 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/09/05 14:43:12 | 000,233,184 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\PC Speed Up\PCSUService.exe -- (PCSUService)
SRV - [2011/08/07 22:40:00 | 003,804,120 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/06/25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010/04/16 16:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nSU)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/26 16:14:04 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/03/30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/05/31 11:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 11:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 17:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/07/03 17:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/07/03 17:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/07/03 17:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/07/03 17:21:52 | 000,044,272 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (AswRdr)
DRV:64bit: - [2012/07/03 17:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/04/24 17:13:24 | 000,054,728 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Soluto.sys -- (Soluto)
DRV:64bit: - [2012/02/29 14:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/02/17 18:21:12 | 000,156,080 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2010/12/16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/26 18:02:26 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/06 07:46:40 | 000,729,704 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RTL8192cu.sys -- (RTL8192cu)
DRV:64bit: - [2010/06/25 18:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/05/10 13:51:56 | 000,045,720 | ---- | M] (Citrix Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ctxva51.sys -- (ctxva51)
DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/12/24 20:08:22 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2009/12/11 22:04:44 | 006,228,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/12/11 22:04:44 | 006,228,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2009/12/11 20:51:08 | 000,160,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009/10/27 12:10:18 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motmodem.sys -- (motmodem)
DRV:64bit: - [2009/10/01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/12 15:53:12 | 000,020,480 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\FlashUSB_x64.sys -- (FlashUSB)
DRV:64bit: - [2009/04/30 23:55:58 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LV302V64.SYS -- (PID_PEPI)
DRV:64bit: - [2009/04/11 06:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/04/11 06:39:37 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/03/11 15:13:18 | 000,198,400 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VMUVC.sys -- (VMUVC)
DRV:64bit: - [2009/03/06 09:06:18 | 000,197,120 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/11/29 07:19:28 | 000,028,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2008/11/16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\dne64x.sys -- (DNE)
DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/07/01 12:14:42 | 000,303,616 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vvftUVC.sys -- (vvftUVC)
DRV:64bit: - [2008/04/29 10:31:36 | 000,176,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2008/04/28 14:25:06 | 000,016,400 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2008/01/21 03:47:28 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\avc.sys -- (Avc)
DRV:64bit: - [2008/01/21 03:46:57 | 000,058,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\61883.sys -- (61883)
DRV:64bit: - [2008/01/21 03:46:53 | 000,061,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\msdv.sys -- (MSDV)
DRV:64bit: - [2007/12/11 03:49:54 | 000,026,624 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2007/08/31 15:15:34 | 000,079,872 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emAudio64.sys -- (emAudio)
DRV:64bit: - [2007/06/21 18:51:46 | 000,215,808 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\emDevice64.sys -- (DCamUSBEMPIA)
DRV:64bit: - [2007/06/21 18:51:32 | 000,006,400 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\emFilter64.sys -- (FiltUSBEMPIA)
DRV:64bit: - [2007/06/21 18:51:30 | 000,006,144 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\emScan64.sys -- (ScanUSBEMPIA)
DRV:64bit: - [2007/02/16 01:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV:64bit: - [2006/11/03 01:00:00 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2005/09/24 00:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\MarvinBus64.sys -- (MarvinBus)
DRV - [2009/05/12 15:53:12 | 000,020,480 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\FlashUsb_x64.sys -- (FlashUSB)
DRV - [2007/02/16 01:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2005/01/02 04:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/...ahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3690599309-3199676340-3372788798-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
IE - HKU\S-1-5-21-3690599309-3199676340-3372788798-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3690599309-3199676340-3372788798-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860
IE - HKU\S-1-5-21-3690599309-3199676340-3372788798-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860
IE - HKU\S-1-5-21-3690599309-3199676340-3372788798-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3690599309-3199676340-3372788798-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860
IE - HKU\S-1-5-21-3690599309-3199676340-3372788798-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3690599309-3199676340-3372788798-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{sear...07763&mntrId=28ab22e5000000000000801f0215f18d
IE - HKU\S-1-5-21-3690599309-3199676340-3372788798-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...utputEncoding}&sourceid=ie7&rlz=1I7GGLL_en-GB
IE - HKU\S-1-5-21-3690599309-3199676340-3372788798-1000\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.yahoo.com/search?ei=ISO-8859-1&fr=chr-vmn&type=vmngemv2yach&q={searchTerms}
IE - HKU\S-1-5-21-3690599309-3199676340-3372788798-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3690599309-3199676340-3372788798-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?babsrc=HP_ss&affID=107763&mntrId=28ab22e5000000000000801f0215f18d"
FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledItems: linkuryfirefoxremoteplugin@linkury.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {fbc8441e-a153-45b0-8e93-87521a5812a1}:2.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Mark\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Mark\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Program Files (x86)\Roblox\Versions\version-87de5333d4254860\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Mark\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mark\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mark\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Mark\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@us-w1.rockmelt.com/RockMelt Update;version=8: C:\Users\Mark\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll (RockMelt Inc.)
FF - HKCU\Software\MozillaPlugins\@xenocode.com/Xenocode ClickStart: C:\Users\Mark\AppData\Local\Xenocode\Start\2.23\npMozillaXenocodeWebLaunch.dll File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/31 18:02:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/03/21 13:36:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/03/21 13:36:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/24 09:26:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/08 12:26:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/06 13:11:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Mark\Program Files (x86)\DNA [2012/07/24 09:03:52 | 000,000,000 | ---D | M]

[2009/03/01 20:57:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Extensions
[2009/03/01 20:57:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2012/07/14 18:50:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\j2o6c452.default\extensions
[2010/12/11 12:22:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\j2o6c452.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/23 13:57:37 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\j2o6c452.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/04/19 13:56:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\j2o6c452.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}-trash
[2011/11/19 14:20:30 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\j2o6c452.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
[2010/02/07 14:53:53 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\j2o6c452.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(83)
[2011/11/19 14:20:35 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\j2o6c452.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2010/02/09 18:48:23 | 000,000,000 | ---D | M] (VMN Toolbar) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\j2o6c452.default\extensions\{fbc8441e-a153-45b0-8e93-87521a5812a1}
[2012/06/24 18:54:09 | 000,000,000 | ---D | M] (VideoFileDownload - Download YouTube Videos) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\j2o6c452.default\extensions\plugin@videofiledownload.com
[2011/10/20 17:11:16 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\j2o6c452.default\extensions\plugin@yontoo.com
[2012/02/13 11:30:09 | 000,002,333 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\j2o6c452.default\searchplugins\WhiteSmoke Search.xml
[2012/05/06 13:11:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/30 18:38:52 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/04/24 18:31:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/11 11:21:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/24 07:59:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/07 12:02:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/05/31 11:40:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/06/22 08:53:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/05/06 13:11:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
[2011/07/06 08:44:55 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2008/09/04 01:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npbittorrent.dll
[2011/05/20 09:53:14 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/11/28 20:46:14 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011/05/20 09:53:14 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/05/20 09:53:14 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/05/20 09:53:14 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/05/20 09:53:14 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

 

[Mark Lightfoot]

========== Chrome ==========

CHR - homepage: http://www.google.co.uk/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.co.uk/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Mark\AppData\Local\Google\Chrome\Application\21.0.1180.49\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Mark\AppData\Local\Google\Chrome\Application\21.0.1180.49\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mark\AppData\Local\Google\Chrome\Application\21.0.1180.49\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: BitTorrent (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npbittorrent.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files (x86)\DNA\plugins\npbtdna.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Program Files (x86)\Roblox\Versions\version-87de5333d4254860\\NPRobloxProxy.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Mark\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Mark\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: RockMelt Update (Enabled) = C:\Users\Mark\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Mark\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: DivX HiQ = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: Everplex YouTube Dark+Black Theme = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipmkeejhafdjjcnhmjibpgfheoicokl\5.1_0\
CHR - Extension: avast! WebRep = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
CHR - Extension: Everplex Media Dark Minimalist Facebook Theme = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogbgdkjjgkceghgadajgmpaabfjmfdgd\2.1.1_0\
CHR - Extension: Gmail = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Facebook Theme: TIMELINE Theme Dark Everplex = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppnoananacbdlmjddicclihfphkgpado\4.3_0\

O1 HOSTS File: ([2012/07/23 21:47:35 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Mark\AppData\Roaming\Complitly\64\Complitly64.dll File not found
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Mark\AppData\Roaming\Complitly\Complitly.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (VMN Toolbar Astro Gemini) - {A057A204-BACC-4D26-8287-79A187E26987} - C:\Program Files (x86)\vmntoolbar\vmntoolbar.dll (Visicom Media Inc. )
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\SysWOW64\Msdxm6.ocx (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (VMN Toolbar Astro Gemini) - {A057A204-BACC-4D26-8287-79A187E26987} - C:\Program Files (x86)\vmntoolbar\vmntoolbar.dll (Visicom Media Inc. )
O3:64bit: - HKU\S-1-5-21-3690599309-3199676340-3372788798-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Standby] c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe (Corel)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VMonitorVMUVC] C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe (Vimicro Corporation)
O4 - HKU\S-1-5-21-3690599309-3199676340-3372788798-1000..\Run: [BitTorrent DNA] C:\Users\Mark\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-3690599309-3199676340-3372788798-1000..\Run: [RockMelt Update] C:\Users\Mark\AppData\Local\RockMelt\Update\RockMeltUpdate.exe (RockMelt Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3690599309-3199676340-3372788798-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3690599309-3199676340-3372788798-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (qsax Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.4.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{442137D7-940B-4FA1-AF2D-DD969AB89F17}: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D368AE70-9005-4B55-A5C2-9639009AC9D1}: DhcpNameServer = 208.67.222.222 208.67.220.220
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\vnd.ms.radio - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Windows\SysWOW64\Msdxm6.ocx (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Mark\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mark\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/24 10:03:34 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
[2012/07/24 10:01:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/24 10:01:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/24 10:01:37 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/24 10:01:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/24 09:38:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/07/24 09:38:25 | 000,355,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/07/24 09:38:25 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/07/24 09:38:21 | 000,044,272 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012/07/24 09:38:20 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/07/24 09:38:17 | 000,958,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/07/24 09:38:16 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/07/24 09:38:16 | 000,071,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/07/24 09:26:42 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/07/24 09:26:42 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/07/24 09:26:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/07/24 09:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/07/23 22:00:04 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/23 21:48:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/23 21:20:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/23 21:20:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/23 21:20:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/23 21:17:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/23 21:16:49 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/23 17:30:06 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\ProcAlyzer Dumps
[2012/07/23 17:25:01 | 004,583,914 | R--- | C] (Swearware) -- C:\Users\Mark\Desktop\ComboFix.exe
[2012/07/19 18:52:29 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/18 18:03:16 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Mark\Desktop\dds.scr
[2012/07/15 16:55:11 | 000,000,000 | ---D | C] -- C:\found.002
[2012/07/14 18:50:43 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Macromedia
[2012/07/11 19:28:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ace of Spades
[2012/07/11 19:28:02 | 000,000,000 | ---D | C] -- C:\Ace of Spades
[2012/07/10 18:27:31 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Mumble
[2012/07/10 17:44:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
[2012/07/10 17:44:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mumble
[2012/07/09 06:34:53 | 000,000,000 | ---D | C] -- C:\found.001
[2012/07/07 12:53:32 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\SniperV2
[2012/07/06 17:12:54 | 000,052,736 | ---- | C] (Technic) -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\TechnicLauncher.exe
[2012/06/27 16:23:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/06/27 16:23:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012/06/24 18:54:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OApps
[2012/06/24 18:54:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TorrentSearch
[2012/06/24 18:53:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\intellidownload
[2012/06/24 16:32:33 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\PCSX2
[2012/06/24 16:30:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
[2012/06/24 16:30:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCSX2 0.9.8
[2009/12/24 20:08:22 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Mark\AppData\Roaming\pcouffin.sys
[2009/07/19 10:58:25 | 034,637,975 | ---- | C] (MIT Media Lab Lifelong Kindergarten Group) -- C:\Users\Mark\ScratchInstaller1.4.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/24 10:23:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/24 10:16:05 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-3690599309-3199676340-3372788798-1000UA.job
[2012/07/24 10:16:02 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3690599309-3199676340-3372788798-1000UA.job
[2012/07/24 10:03:42 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
[2012/07/24 10:01:39 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/24 09:57:06 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/24 09:38:26 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/07/24 09:38:16 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/07/24 09:03:24 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/24 09:03:20 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/24 09:03:20 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/24 09:03:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/24 09:03:06 | 4294,037,504 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/23 22:04:38 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/07/23 21:47:35 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/23 21:16:38 | 004,583,914 | R--- | M] (Swearware) -- C:\Users\Mark\Desktop\ComboFix.exe
[2012/07/23 17:02:53 | 000,688,842 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/07/23 14:01:02 | 000,000,250 | ---- | M] () -- C:\Windows\tasks\Epson Printer Software Downloader.job
[2012/07/23 13:16:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-3690599309-3199676340-3372788798-1000Core.job
[2012/07/20 19:16:03 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3690599309-3199676340-3372788798-1000Core.job
[2012/07/19 09:30:40 | 000,001,887 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012/07/19 09:30:40 | 000,001,887 | ---- | M] () -- C:\Windows\diagerr.xml
[2012/07/19 09:17:26 | 000,771,128 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/19 09:17:26 | 000,652,362 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/19 09:17:26 | 000,130,468 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/19 08:16:59 | 000,001,948 | ---- | M] () -- C:\Users\Mark\Desktop\RockMelt.lnk
[2012/07/19 08:16:59 | 000,001,910 | ---- | M] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\RockMelt.lnk
[2012/07/19 08:12:42 | 000,001,999 | ---- | M] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/07/19 08:12:40 | 000,002,037 | ---- | M] () -- C:\Users\Mark\Desktop\Google Chrome.lnk
[2012/07/18 18:03:16 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Mark\Desktop\dds.scr
[2012/07/18 13:14:56 | 000,302,592 | ---- | M] () -- C:\Users\Mark\Desktop\m05mvuex.exe
[2012/07/11 19:28:07 | 000,000,138 | ---- | M] () -- C:\Users\Public\Desktop\Play Ace of Spades.url
[2012/07/11 10:55:20 | 000,000,680 | ---- | M] () -- C:\Users\Mark\AppData\Local\d3d9caps.dat
[2012/07/11 10:40:40 | 005,068,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/11 10:01:34 | 000,012,188 | ---- | M] () -- C:\Windows\wininit.ini
[2012/07/10 18:32:20 | 000,002,426 | ---- | M] () -- C:\Users\Mark\certificate.p12
[2012/07/10 17:44:11 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Mumble.lnk
[2012/07/07 11:36:33 | 000,000,221 | ---- | M] () -- C:\Users\Mark\Desktop\Sniper Elite V2.url
[2012/07/06 21:24:58 | 000,138,632 | ---- | M] () -- C:\Users\Mark\Desktop\AMIDST.exe
[2012/07/06 17:12:45 | 000,052,736 | ---- | M] (Technic) -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\TechnicLauncher.exe
[2012/07/03 17:21:52 | 000,958,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/07/03 17:21:52 | 000,355,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/07/03 17:21:52 | 000,071,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/07/03 17:21:52 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/07/03 17:21:52 | 000,044,272 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012/07/03 17:21:51 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/07/03 17:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/07/03 17:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/07/03 17:21:18 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/24 10:01:39 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/24 09:38:26 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/07/24 09:38:16 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/07/23 21:20:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/23 21:20:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/23 21:20:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/23 21:20:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/23 21:20:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/19 09:28:41 | 000,001,887 | ---- | C] () -- C:\Windows\diagwrn.xml
[2012/07/19 09:28:41 | 000,001,887 | ---- | C] () -- C:\Windows\diagerr.xml
[2012/07/18 13:14:55 | 000,302,592 | ---- | C] () -- C:\Users\Mark\Desktop\m05mvuex.exe
[2012/07/11 19:28:07 | 000,000,138 | ---- | C] () -- C:\Users\Public\Desktop\Play Ace of Spades.url
[2012/07/11 10:55:20 | 000,000,680 | ---- | C] () -- C:\Users\Mark\AppData\Local\d3d9caps.dat
[2012/07/11 10:01:27 | 000,012,188 | ---- | C] () -- C:\Windows\wininit.ini
[2012/07/10 18:32:18 | 000,002,426 | ---- | C] () -- C:\Users\Mark\certificate.p12
[2012/07/10 17:44:11 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Mumble.lnk
[2012/07/07 11:36:32 | 000,000,221 | ---- | C] () -- C:\Users\Mark\Desktop\Sniper Elite V2.url
[2012/07/06 21:26:27 | 000,138,632 | ---- | C] () -- C:\Users\Mark\Desktop\AMIDST.exe
[2012/05/19 11:51:18 | 000,000,044 | ---- | C] () -- C:\Users\Mark\jagex_cl_runescape_LIVE1.dat
[2012/05/19 11:50:34 | 000,000,043 | ---- | C] () -- C:\Users\Mark\jagex_cl_runescape_LIVE.dat
[2012/03/09 23:35:17 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\Gif89.dll
[2012/02/26 16:37:39 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\IntelQuickSyncDecoder.dll
[2012/02/26 16:37:38 | 004,447,232 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
[2012/02/26 16:37:38 | 001,175,371 | ---- | C] () -- C:\Windows\SysWow64\unins001.exe
[2012/02/26 16:37:38 | 000,045,817 | ---- | C] () -- C:\Windows\SysWow64\unins001.dat
[2012/02/25 16:53:32 | 003,987,747 | ---- | C] () -- C:\Users\Mark\redstone simplified.mp3
[2011/12/31 21:01:14 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/12/22 20:48:12 | 000,695,578 | ---- | C] () -- C:\Windows\SysWow64\unins000.exe
[2011/12/22 20:48:12 | 000,001,070 | ---- | C] () -- C:\Windows\SysWow64\unins000.dat
[2011/11/22 20:45:05 | 000,000,224 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011/11/22 20:44:07 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011/11/22 20:44:07 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011/11/22 20:44:07 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011/11/19 15:04:41 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2011/10/28 09:11:21 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2011/10/19 16:54:18 | 000,270,776 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/10/19 16:53:51 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/24 11:53:26 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/09/19 08:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011/09/19 08:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011/07/08 11:41:32 | 000,571,824 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2011/05/14 09:54:04 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/12/06 14:58:56 | 002,496,715 | ---- | C] () -- C:\Windows\SysWow64\abgx360.exe
[2010/09/30 18:58:05 | 011,874,430 | ---- | C] () -- C:\Users\Mark\recipe_booklet_2010.pdf
[2010/09/20 20:33:38 | 000,017,082 | ---- | C] () -- C:\Users\Mark\.recently-used.xbel
[2010/09/09 22:00:19 | 000,000,104 | ---- | C] () -- C:\Users\Mark\Computer - Shortcut.lnk
[2010/08/25 10:57:18 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/08/25 10:56:49 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/08/25 10:56:23 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010/08/16 12:32:20 | 000,000,000 | ---- | C] () -- C:\Users\Mark\jagex__preferences3.dat
[2009/12/24 20:08:22 | 000,007,859 | ---- | C] () -- C:\Users\Mark\AppData\Roaming\pcouffin.cat
[2009/12/24 20:08:22 | 000,001,167 | ---- | C] () -- C:\Users\Mark\AppData\Roaming\pcouffin.inf
[2009/10/23 19:21:48 | 001,384,448 | -HS- | C] () -- C:\Users\Mark\ehthumbs_vista.db
[2009/09/04 19:44:02 | 000,000,099 | ---- | C] () -- C:\Users\Mark\jagex_runescape_preferences2.dat
[2009/07/30 10:03:55 | 000,000,016 | -H-- | C] () -- C:\Users\Mark\SyncToy_3f069a10-7806-4ad6-826e-3085f8bcb8b0.dat
[2009/07/30 10:02:18 | 000,741,376 | ---- | C] () -- C:\Users\Mark\AppData\Local\filesync.metadata
[2009/07/29 15:49:29 | 000,000,046 | ---- | C] () -- C:\Users\Mark\jagex_runescape_preferences.dat
[2009/02/26 09:21:48 | 000,014,848 | ---- | C] () -- C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/24 12:22:36 | 000,000,732 | ---- | C] () -- C:\Users\Mark\AppData\Local\d3d9caps64.dat

========== LOP Check ==========

[2010/02/26 10:00:52 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer
[2010/02/26 10:00:52 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer
[2012/07/23 17:01:44 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\.minecraft
[2012/05/23 17:50:36 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\.Nitrous
[2012/07/22 11:47:33 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\.techniclauncher
[2011/09/14 12:01:12 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Amazon
[2009/03/01 09:52:24 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Astro Gemini Software
[2011/11/19 15:50:06 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Atari
[2012/04/10 11:09:55 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Audacity
[2012/03/24 12:26:14 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\BANDISOFT
[2009/05/16 19:00:06 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2012/06/24 19:50:42 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\BitTorrent
[2011/11/02 21:33:37 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Blender Foundation
[2010/01/30 17:53:33 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Braid
[2009/06/13 08:21:44 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\CheckPoint
[2011/11/30 11:59:43 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/07/24 10:44:11 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\DNA
[2011/11/19 14:43:18 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\EasyBurner
[2009/10/10 10:32:55 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Emulators
[2011/10/20 17:13:41 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\EpicBot
[2010/09/20 18:34:03 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Epson
[2010/06/03 21:21:33 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Facebook
[2009/03/27 15:17:45 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\FLV Extract
[2011/09/14 11:40:43 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\FMZilla
[2010/09/09 11:43:35 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\FreeVideoConverter
[2010/01/30 12:38:50 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\FUEL Demo
[2010/10/02 09:58:15 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\GameTuts
[2010/09/20 18:40:49 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\gtk-2.0
[2011/04/21 22:34:16 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\HandBrake
[2011/03/31 08:16:48 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\ImgBurn
[2011/09/14 12:34:54 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\IObit
[2011/12/03 14:52:26 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\JAM Software
[2011/11/19 15:04:49 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Leadertech
[2010/02/13 19:53:46 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\LG Electronics
[2012/04/04 17:01:24 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\LolClient
[2012/07/23 15:31:19 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Mumble
[2010/05/15 13:04:24 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\NAVIGON Fresh
[2010/09/28 18:41:07 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Nokia
[2010/09/28 18:41:09 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Nokia Ovi Suite
[2011/04/01 15:50:00 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\OpenDNS Updater
[2011/09/14 11:28:30 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Panasonic
[2009/09/08 20:36:19 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\PC Suite
[2010/08/17 09:39:18 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Publish Providers
[2011/10/10 18:35:40 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\pymclevel
[2009/12/17 12:58:58 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\QuickScan
[2010/02/09 09:19:23 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\RipIt4Me
[2010/09/15 18:34:03 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Serif
[2009/03/01 20:57:45 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Songbird2
[2012/03/16 09:59:19 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Sony
[2012/05/06 15:15:54 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\SplitMediaLabs
[2012/04/11 20:35:52 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Spotify
[2010/12/11 21:16:40 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Stykz
[2010/07/20 11:01:34 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Synthesia
[2011/02/07 16:31:54 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\SynthFont
[2012/05/12 23:12:41 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\TeamViewer
[2011/09/14 11:47:38 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Teleca
[2009/03/01 10:05:53 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\TERMINAL Studio
[2009/10/06 10:28:30 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Trusteer
[2012/06/19 16:31:19 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\TS3Client
[2011/08/14 16:53:14 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Ulead Systems
[2011/11/22 18:52:29 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Unity
[2011/09/14 11:45:39 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Vso
[2009/03/27 11:18:49 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\WinFF
[2009/10/23 19:08:46 | 000,000,000 | ---D | M] -- C:\Users\Mcx1\AppData\Roaming\Trusteer
[2012/07/23 14:01:02 | 000,000,250 | ---- | M] () -- C:\Windows\Tasks\Epson Printer Software Downloader.job
[2012/07/23 13:16:00 | 000,000,872 | ---- | M] () -- C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3690599309-3199676340-3372788798-1000Core.job
[2012/07/24 10:16:05 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3690599309-3199676340-3372788798-1000UA.job
[2012/07/23 22:04:39 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/12/18 08:30:47 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7CA029EA-6EF1-4D31-8269-B436D7F88AC9}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Mark\redstone simplified.mp3:TOC.WMV
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:F9819010
< End of report >

 

[Mark Lightfoot]

OTL Extras logfile created on: 24/07/2012 10:26:46 - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Mark\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 43.00% Memory free
8.22 Gb Paging File | 5.86 Gb Available in Paging File | 71.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 123.09 Gb Free Space | 26.43% Space Free | Partition Type: NTFS
Drive E: | 189.92 Gb Total Space | 183.86 Gb Free Space | 96.81% Space Free | Partition Type: NTFS
Drive F: | 941.73 Mb Total Space | 940.25 Mb Free Space | 99.84% Space Free | Partition Type: FAT

Computer Name: BIGBADDAD4 | User Name: Mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-3690599309-3199676340-3372788798-1000\SOFTWARE\Classes\<extension>]
.html [@ = RockMeltHTML] -- C:\Users\Mark\AppData\Local\RockMelt\Application\rockmelt.exe (RockMelt, Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 5F BD D6 9B 2F 46 CB 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{BB77BA3E-106B-487A-AB3E-4455A74F0A56}C:\users\mark\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\mark\program files (x86)\dna\btdna.exe |
"UDP Query User{AD86FA46-5038-4C58-8B74-EBEE3E272DA3}C:\users\mark\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\mark\program files (x86)\dna\btdna.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{012C87CF-282E-4142-84F8-DCDD07F54182}" = Soluto
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{32508A23-C9EA-4D29-83CA-97A42A13701E}" = Microsoft Sync Framework Services v1.0 (x64)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{53D7A054-4598-4947-A159-E8FCC77720AB}" = Microsoft Sync Framework Runtime v1.0 (x64)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java(TM) SE Development Kit 7 (64-bit)
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Driver
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8E3DF98E-D719-390B-3367-64C01A3E259F}" = ATI Catalyst Install Manager
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B25BFFC9-FF51-44F2-9E46-4D93849C836F}" = SyncToy 2.0 (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C8B84CBB-8F7D-B632-623C-28BBAA4347DB}" = ccc-utility64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6246243-CF06-4E40-8A37-C3B537695C36}" = Share64
"81AE60DDD229A248055515E311406D86F7E4012A" = Windows Driver Package - Infineon Technologies (FlashUSB) USB (04/16/2009 1.0.0.6)
"Blender" = Blender
"CCleaner" = CCleaner
"EPSON SX510W Series" = EPSON SX510W Series Printer Uninstall
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PCSU-SL_is1" = PC Speed Up - Complete uninstall

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{F072CA07-A781-45E4-9975-C033A73019CF}" = Corel VideoStudio Pro X3
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0489621E-DE2A-11E0-93EA-F04DA23A5C58}" = DVD Architect Studio 5.0
"{05F8C9BC-BB1D-642B-1134-6C992CAC81F8}" = Catalyst Control Center Graphics Light
"{065D5505-3821-4C2E-BB6C-FE66A7E7CB4F}" = USB Flash Port Driver
"{07035AB3-5C70-3315-35A9-CFFECA140880}" = BBC iPlayer Desktop
"{08089098-2D08-E78C-08E3-21BE4B6AA029}" = ccc-core-static
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{12453E04-9738-4D16-8408-D726532C2C69}" = ASUS VGA Driver
"{18028E0B-974B-B92F-E26F-209044508076}" = CCC Help English
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}" = Realtek Ethernet Network Card Diagnostic tool for Windows Vista
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{32E15D6F-104E-4434-ADF9-B109D93C2E66}" = Portal 2 Map Installer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{373AE9F3-B7B2-4894-A863-C4CF09DF4C83}" = Minecraft Version Changer
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}" = Tribes Ascend
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{40AE01BE-A290-4FFB-8DAB-C624C17DC87E}" = Vegas Movie Studio HD Platinum 10.0
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
"{4FFBB818-B13C-11E0-931D-B2664824019B}_is1" = Complitly
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{520C2939-555B-40BF-A91B-8B671AB560EB}" = Easy Burner
"{521C9144-BD7D-D3A3-3B5C-93E4406F8DEA}" = Catalyst Control Center Graphics Previews Vista
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58577F87-E3BB-4959-8A85-9122CF3F8ED8}" = avi.NET
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{58E5C3B9-7BED-3E6C-DB3A-C25D43792B9B}" = Catalyst Control Center Graphics Previews Common
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A78C15C-BCA3-A605-92A9-F55020DEFBD6}" = Catalyst Control Center HydraVision Full
"{5C13C5F3-6E30-449F-8872-DF8AC35AE285}_is1" = CraftBukkit
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6037B8AD-7D5B-4D50-9BCA-A586C44EEF34}" = Ace of Spades
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64029508-2587-4D39-AB83-2AC722FBFCC2}" = XSplit
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BFDCF0D-5C60-4C5A-9A31-D5D7002E74E5}" = HD Writer LE 1.0
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A51A91-E7D3-11DB-A386-005056C00008}" = Digital microscope
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7E44C354-10A8-4214-9C56-F3F00775E415}_is1" = Stykz 1.0 for Windows
"{7E4CB404-F1E4-4E81-A1CB-2CBB310481D1}" = MLE
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

 

[Mark Lightfoot]

"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0080-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D12314F45EB}" = Edimax Wireless LAN Driver and Utility
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0494B41-EBD7-4C0D-91B7-DC39741B27BB}" = Express Gate
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A724904F-085B-D8BA-D5D4-DDC355F2028B}" = Catalyst Control Center Graphics Full Existing
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A89768CF-CD21-44FD-A723-16D5A8557415}" = NEF Codec
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF4434001}" = Epson Printer Software Downloader
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7
"{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}" = Pinnacle Instant DVD Recorder
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CB04D8E1-7B9C-4F35-B2E2-E87CBE520805}" = Adobe After Effects CS5.5
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6457EF0-34B7-4DD9-94F0-E6CD6D02E6CC}" = Community Smartbar
"{D866B594-7FDB-785A-93C3-33EE8B6153C6}" = Catalyst Control Center Core Implementation
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA18FD01-4830-45D6-8408-8F20A9D89D95}" = PC Connectivity Solution
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{E2216699-EA02-4B85-BAB1-1DF34C4BDF9D}" = AI Nap
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EBAEEE00-5412-11E1-B144-001676AB6D60}" = MSVCRT Redists
"{EC797AE2-3ED8-857D-3350-AA3EA43C24B4}" = Catalyst Control Center Graphics Full New
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F022B56C-2B90-B9E1-332E-5C1277A47E7B}" = Catalyst Control Center InstallProxy
"{F069C491-69E6-4D9B-9A0C-B7894A1FA97C}" = Setup
"{F072CA07-A781-45E4-9975-C033A73019CF}" = ICA
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{f0dcc32d-4142-490a-9b2d-d044e48cfe97}" = Nero 9 Lite
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F206FEC3-F5DD-43FD-A8CF-9C46B8A6A92C}" = VSPro
"{F4E9851F-765E-40B7-9859-237C2724E62C}" = DeviceIO
"{F6A76E9C-C299-4CFA-AD2A-57FE9DD68B70}" = Contents
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F8423392-2296-4748-9B66-344432459632}" = PureHD
"{F909BD3C-8684-4ACF-B7C3-33F4F9F901B7}" = Share
"{F95C8C1F-25BB-44EC-A7E6-5C17ABC6BC71}" = VIO
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FB0B6DDD-DF3E-4CD6-927C-724AB854E322}" = VSClassic
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FD67D9F3-FED6-4A2E-9D6C-8C8C44DEF8FF}" = IPM_VS_Pro
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"3D Bungalow Aquarium Screensaver_is1" = 3D Bungalow Aquarium Screensaver 1.1
"3D Haunted Halloween Screensaver_is1" = 3D Haunted Halloween Screensaver 1.0
"3D Merry Christmas Screensaver_is1" = 3D Merry Christmas Screensaver 1.0
"3D Spooky Halloween Screensaver_is1" = 3D Spooky Halloween Screensaver 1.0
"3D Titanic Screensaver_is1" = 3D Titanic Screensaver 1.0
"3D Waterfall Screensaver_is1" = 3D Waterfall Screensaver 1.0
"abgx360" = abgx360 v1.0.5
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adventure Maker v4.5.2_is1" = Adventure Maker v4.5.2 (build1)
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"AMCap" = AMCap
"Ancient Castle 3D Screensaver_is1" = Ancient Castle 3D Screensaver 1.1
"Astro Gemini Screensaver Manager_is1" = Astro Gemini Screensaver Manager 2.0
"Atlantis 3D Screensaver_is1" = Atlantis 3D Screensaver 1.0
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.9 (Unicode)
"avast" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"AVS Image Converter_is1" = AVS Image Converter 2.1.1.168
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"Bandicam" = Bandicam
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"BrickForce" = BrickForce 1.4.40
"CamStudio" = CamStudio
"CamStudio Lossless Codec_is1" = CamStudio Lossless Codec v1.4
"Canon RAW Codec" = Canon RAW Codec
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Christmas Eve 3D Screensaver_is1" = Christmas Eve 3D Screensaver 1.0
"Christmas Time 3D Screensaver_is1" = Christmas Time 3D Screensaver 1.0
"CloneCD" = CloneCD
"Cobalt" = Cobalt
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CraftBukkit" = CraftBukkit
"Dan Elwell's Broadband Speed Test_is1" = Dan Elwell's Broadband Speed Test
"Dark Halloween Night 3D Screensaver_is1" = Dark Halloween Night 3D Screensaver 1.0
"Debut" = Debut Video Capture Software
"Dinosaurs 3D Screensaver_is1" = Dinosaurs 3D Screensaver 1.0
"DivX Setup.divx.com" = DivX Setup
"Doremi FLV to MP3 Converter" = Doremi FLV to MP3 Converter 1.6
"Doxillion" = Doxillion Document Converter
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"Easter 3D Screensaver_is1" = Easter 3D Screensaver 1.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EpicBot" = EpicBot
"Epson Printer Software Downloader" = Epson Printer Software Downloader
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX510W_TX550W User’s Guide" = Epson Stylus SX510W_TX550W Manual
"Exotic Aquarium 3D Screensaver_is1" = Exotic Aquarium 3D Screensaver 1.0
"Fantasy Moon 3D Screensaver_is1" = Fantasy Moon 3D Screensaver 1.3
"ffdshow_is1" = ffdshow v1.1.4096 [2011-11-29]
"Fish Aquarium 3D Screensaver_is1" = Fish Aquarium 3D Screensaver 1.2
"Fraps" = Fraps (remove only)
"Free CD Music Converter 10" = Free CD Music Converter 10
"Free Flash FLV Video Converter (by minidvdsoft)_is1" = Free Flash FLV Video Converter v3.0
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.8.0
"Free RAR Extract Frog" = Free RAR Extract Frog
"Free Video Converter_is1" = Free Video Converter V 2.9
"GFWL_{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
"Halloween 3D Screensaver_is1" = Halloween 3D Screensaver 1.1
"Halloween in the Attic 3D Screensaver_is1" = Halloween in the Attic 3D Screensaver 1.0
"HandBrake" = HandBrake 0.9.5
"Haunted House 3D Screensaver_is1" = Haunted House 3D Screensaver 1.1
"ImgBurn" = ImgBurn
"Infineon USB driver_is1" = Infineon USB driver 1.0.0.6
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Lantern 3D Screensaver_is1" = Lantern 3D Screensaver 1.0
"LogMeIn Hamachi" = LogMeIn Hamachi
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Marine Life 3D Screensaver_is1" = Marine Life 3D Screensaver 1.0
"Media Player - Codec Pack" = Media Player Codec Pack 3.4.0
"MicroCapture" = MicroCapture 2.0
"MinecraftSkinStealer1.7.0" = MinecraftSkinStealer 1.7.0
"Morphyre" = Morphyre
"Mozilla Firefox 5.0 (x86 en-GB)" = Mozilla Firefox 5.0 (x86 en-GB)
"MP3 Surgeon_is1" = MP3 Surgeon 2003
"Multiwinia_is1" = Multiwinia v1.3.0
"Night City 3D Screensaver_is1" = Night City 3D Screensaver 1.0
"OpenAL" = OpenAL
"pcsx2-r4600" = PCSX2 - Playstation 2 Emulator
"PFPortChecker" = PFPortChecker 1.0.39
"Picasa 3" = Picasa 3
"Planet Earth 3D Screensaver_is1" = Planet Earth 3D Screensaver 1.1
"Populous - The Beginning_is1" = Populous - The Beginning
"PriceGong" = PriceGong 2.5.4
"RADVideo" = RAD Video Tools
"RealPlayer 12.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.83
"Santa's Home 3D Screensaver_is1" = Santa's Home 3D Screensaver 1.0
"Scratch" = Scratch
"Smart Defrag 2_is1" = Smart Defrag 2
"Solar System 3D Screensaver_is1" = Solar System 3D Screensaver 1.4
"Spotify" = Spotify
"StarCraft II" = StarCraft II
"Steam App 102700" = Alliance of Valiant Arms
"Steam App 105600" = Terraria
"Steam App 12850" = FUEL - Demo
"Steam App 26810" = Braid Demo
"Steam App 29200" = Osmos Demo
"Steam App 33290" = Call of Juarez: Bound in Blood Demo
"Steam App 35020" = Batman: Arkham Asylum - Demo
"Steam App 4000" = Garry's Mod
"Steam App 40710" = Machinarium Demo
"Steam App 41220" = Eufloria - Demo
"Steam App 440" = Team Fortress 2
"Steam App 44300" = DiRT 2 - Demo
"Steam App 44320" = DiRT 3
"Steam App 56400" = Warhammer® 40,000®: Dawn of War® II – Retribution™
"Steam App 620" = Portal 2
"Steam App 63380" = Sniper Elite V2
"TeamViewer 7" = TeamViewer 7
"TerraWorld Online - Reborn v2.2.7_is1" = TerraWorld Online - Reborn v2.2.7
"TreeSize Free_is1" = TreeSize Free V2.6
"vmntoolbar" = VMN Toolbar
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinFF_is1" = WinFF 1.0
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR archiver
"Winter 3D Screensaver_is1" = Winter 3D Screensaver 1.0
"Winter Night 3D Screensaver_is1" = Winter Night 3D Screensaver 1.0
"World of Warcraft" = World of Warcraft
"Xvid_is1" = Xvid 1.1.3 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3690599309-3199676340-3372788798-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"RockMelt" = RockMelt
"Spotify" = Spotify
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 23/07/2012 04:24:32 | Computer Name = BigBadDad4 | Source = ESENT | ID = 447
Description = Catalog Database (1344) Catalog Database: A bad page link (error -327)
has been detected in a B-Tree (ObjectId: 8, PgnoRoot: 35) of database C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
(2166 => 4336, 665).

Error - 23/07/2012 12:18:03 | Computer Name = BigBadDad4 | Source = WinMgmt | ID = 10
Description =

Error - 23/07/2012 12:20:36 | Computer Name = BigBadDad4 | Source = ESENT | ID = 447
Description = Catalog Database (1260) Catalog Database: A bad page link (error -327)
has been detected in a B-Tree (ObjectId: 8, PgnoRoot: 35) of database C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
(2166 => 4336, 665).

Error - 23/07/2012 16:11:34 | Computer Name = BigBadDad4 | Source = WinMgmt | ID = 10
Description =

Error - 23/07/2012 16:12:22 | Computer Name = BigBadDad4 | Source = ESENT | ID = 447
Description = Catalog Database (1376) Catalog Database: A bad page link (error -327)
has been detected in a B-Tree (ObjectId: 8, PgnoRoot: 35) of database C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
(2166 => 4336, 665).

Error - 23/07/2012 16:22:02 | Computer Name = BigBadDad4 | Source = ESENT | ID = 447
Description = Catalog Database (1376) Catalog Database: A bad page link (error -327)
has been detected in a B-Tree (ObjectId: 8, PgnoRoot: 35) of database C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
(2166 => 4336, 665).

Error - 23/07/2012 16:48:19 | Computer Name = BigBadDad4 | Source = WinMgmt | ID = 10
Description =

Error - 23/07/2012 16:49:52 | Computer Name = BigBadDad4 | Source = ESENT | ID = 447
Description = Catalog Database (1424) Catalog Database: A bad page link (error -327)
has been detected in a B-Tree (ObjectId: 8, PgnoRoot: 35) of database C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
(2166 => 4336, 665).

Error - 24/07/2012 04:04:51 | Computer Name = BigBadDad4 | Source = WinMgmt | ID = 10
Description =

Error - 24/07/2012 04:06:37 | Computer Name = BigBadDad4 | Source = ESENT | ID = 447
Description = Catalog Database (1420) Catalog Database: A bad page link (error -327)
has been detected in a B-Tree (ObjectId: 8, PgnoRoot: 35) of database C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
(2166 => 4336, 665).

Error - 24/07/2012 04:26:23 | Computer Name = BigBadDad4 | Source = ESENT | ID = 447
Description = Catalog Database (1420) Catalog Database: A bad page link (error -327)
has been detected in a B-Tree (ObjectId: 8, PgnoRoot: 35) of database C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
(2166 => 4336, 665).

Error - 24/07/2012 04:57:11 | Computer Name = BigBadDad4 | Source = ESENT | ID = 447
Description = Catalog Database (1420) Catalog Database: A bad page link (error -327)
has been detected in a B-Tree (ObjectId: 8, PgnoRoot: 35) of database C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
(2166 => 4336, 665).

[ Media Center Events ]
Error - 26/02/2009 04:40:22 | Computer Name = BigBadDad4 | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
returned 0D Process: DefaultDomain Object Name: Media Center Guide

Error - 26/02/2009 04:45:22 | Computer Name = BigBadDad4 | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
returned 0D Process: DefaultDomain Object Name: Media Center Guide

Error - 26/02/2009 13:49:31 | Computer Name = BigBadDad4 | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 18/05/2009 03:19:49 | Computer Name = BigBadDad4 | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 20/06/2009 11:34:33 | Computer Name = BigBadDad4 | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 18/10/2009 08:39:19 | Computer Name = BigBadDad4 | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 23/10/2009 14:26:22 | Computer Name = BigBadDad4 | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 23/10/2009 14:26:23 | Computer Name = BigBadDad4 | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 23/10/2009 14:53:00 | Computer Name = BigBadDad4 | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 22/08/2010 16:26:47 | Computer Name = BigBadDad4 | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ OSession Events ]
Error - 20/07/2009 12:40:43 | Computer Name = BigBadDad4 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3755
seconds with 60 seconds of active time. This session ended with a crash.

Error - 03/07/2010 08:25:33 | Computer Name = BigBadDad4 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

Error - 14/11/2010 08:29:51 | Computer Name = BigBadDad4 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 34
seconds with 0 seconds of active time. This session ended with a crash.

Error - 15/02/2011 14:24:47 | Computer Name = BigBadDad4 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6403
seconds with 1920 seconds of active time. This session ended with a crash.

Error - 03/03/2011 09:15:51 | Computer Name = BigBadDad4 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 62
seconds with 60 seconds of active time. This session ended with a crash.

Error - 30/04/2011 15:38:18 | Computer Name = BigBadDad4 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8404
seconds with 120 seconds of active time. This session ended with a crash.

Error - 08/05/2011 04:53:58 | Computer Name = BigBadDad4 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 14/05/2011 12:45:01 | Computer Name = BigBadDad4 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 19
seconds with 0 seconds of active time. This session ended with a crash.

Error - 18/08/2011 02:35:24 | Computer Name = BigBadDad4 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 86
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/04/2012 06:08:08 | Computer Name = BigBadDad4 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 21
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 23/07/2012 16:35:42 | Computer Name = BigBadDad4 | Source = Service Control Manager | ID = 7030
Description =

Error - 23/07/2012 16:42:28 | Computer Name = BigBadDad4 | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 23/07/2012 16:43:41 | Computer Name = BigBadDad4 | Source = Service Control Manager | ID = 7030
Description =

Error - 23/07/2012 16:48:21 | Computer Name = BigBadDad4 | Source = Service Control Manager | ID = 7026
Description =

Error - 23/07/2012 16:52:59 | Computer Name = BigBadDad4 | Source = Service Control Manager | ID = 7022
Description =

Error - 24/07/2012 04:04:53 | Computer Name = BigBadDad4 | Source = Service Control Manager | ID = 7026
Description =

Error - 24/07/2012 04:28:32 | Computer Name = BigBadDad4 | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 24/07/2012 04:28:35 | Computer Name = BigBadDad4 | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 24/07/2012 05:00:21 | Computer Name = BigBadDad4 | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 24/07/2012 05:00:25 | Computer Name = BigBadDad4 | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.


< End of report >

 

[Mark Lightfoot]

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.24.03
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Mark :: BIGBADDAD4 [administrator]
24/07/2012 10:03:18
mbam-log-2012-07-24 (10-03-18).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224253
Time elapsed: 10 minute(s), 26 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

 

[Broni]

You didn't answer my question:

Any current issues?

=================================

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  PRC - [2011/09/05 14:43:12 | 000,233,184 | ---- | M] () -- C:\Program Files (x86)\PC Speed Up\PCSUService.exe
  SRV - [2011/09/05 14:43:12 | 000,233,184 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\PC Speed Up\PCSUService.exe -- (PCSUService)
  IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860
  IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
  IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
  IE - HKU\S-1-5-21-3690599309-3199676340-3372788798-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860
  IE - HKU\S-1-5-21-3690599309-3199676340-3372788798-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860
  IE - HKU\S-1-5-21-3690599309-3199676340-3372788798-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860
  [2012/02/13 11:30:09 | 000,002,333 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\j2o6c452.default\searchplugins\WhiteSmoke Search.xml
  O2:64bit: - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Mark\AppData\Roaming\Complitly\64\Complitly64.dll File not found
  O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Mark\AppData\Roaming\Complitly\Complitly.dll File not found
  O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
  O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
  [2012/07/19 18:52:29 | 000,000,000 | ---D | C] -- C:\FRST
  @Alternate Data Stream - 64 bytes -> C:\Users\Mark\redstone simplified.mp3:TOC.WMV
  @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:F9819010
  
  
  :Services
  
  :Reg
  
  :Files
  C:\Program Files (x86)\PC Speed Up
  
  :Commands
  [purity]
  [emptytemp]
  [emptyjava]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

===============================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[Mark Lightfoot]

Hello Broni

Sorry for missing your question. I was so wrapped up in running the programs you requested, that I simply missed it. The answer is yes, there has been an issue. The one we've been dealing with here (win64-patched-a) seems to have gone. Rather than reinstalling AVG, I've gone for Avast & it's reporting no problems. I don't know what your views are on Avast but the latest version seems to get some good write ups. Anyway, the issue I had yesterday was with Windows Update. It reported that there was an update but when I tried to install it, it failed with the code 80246008. Some research suggested that I should check that BITS was running, but when I checked services it wasn't even there. The next suggestion was to run depends.exe to check the qmgr.dll. I tried but there was no depends.exe on the machine. Having found a copy on dependencywalker.com it reported that there was indeed a problem & I was advised to run sfc /scannow. This found errors & dealt with them. Following this I had to restart BITS & the update then loaded with no trouble. It took me ages to sort, with a number of futile steps I haven't bothered to mention. I wondered if any of this may have been as a result of the viruses?

Many thanks for your work so far. I will run the above programs & get back to you with the reports later.

 

[Mark Lightfoot]

All processes killed
========== OTL ==========
No active process named PCSUService.exe was found!
Service PCSUService stopped successfully!
Service PCSUService deleted successfully!
C:\Program Files (x86)\PC Speed Up\PCSUService.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
HKU\S-1-5-21-3690599309-3199676340-3372788798-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-3690599309-3199676340-3372788798-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3690599309-3199676340-3372788798-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\j2o6c452.default\searchplugins\WhiteSmoke Search.xml moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5.5ServiceManager deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ deleted successfully.
C:\FRST\Quarantine\{004b5cc8-8c67-82c7-d628-080fa4a14d84}\U folder moved successfully.
C:\FRST\Quarantine\{004b5cc8-8c67-82c7-d628-080fa4a14d84}\L folder moved successfully.
C:\FRST\Quarantine\{004b5cc8-8c67-82c7-d628-080fa4a14d84} folder moved successfully.
Folder move failed. C:\FRST\Quarantine scheduled to be moved on reboot.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
ADS C:\Users\Mark\redstone simplified.mp3:TOC.WMV deleted successfully.
ADS C:\ProgramData\TEMP:F9819010 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files (x86)\PC Speed Up folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mark
->Temp folder emptied: 230869 bytes
->Temporary Internet Files folder emptied: 253636396 bytes
->Java cache emptied: 46920183 bytes
->FireFox cache emptied: 56219664 bytes
->Google Chrome cache emptied: 359731511 bytes
->Apple Safari cache emptied: 10469376 bytes
->Flash cache emptied: 140585 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41044 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 51891 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 636 bytes
RecycleBin emptied: 4592241 bytes

Total Files Cleaned = 698.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Mark
->Java cache emptied: 0 bytes

User: Mcx1

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Mark
->Flash cache emptied: 0 bytes

User: Mcx1
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.54.1 log created on 07252012_144056

Files\Folders moved on Reboot...
File\Folder C:\FRST\Quarantine not found!
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\FRST\Quarantine not found!
[2012/07/25 14:50:24 | 000,000,000 | ---- | M] () C:\Windows\temp\_avast_\Webshlock.txt : Unable to obtain MD5

Registry entries deleted on Reboot...