46 replies to this topic

[TomDuffus]

I traced the IP of whatever was trying to get into svchost.exe (malwarebytes was blocking it every couple of hours) and its some adress in china. Nothing has gotten into my laptop (it was infected a few days prior to this by Smartfortress 2012) but Malwarebytes managed to clean that up (or so I hope). Now I just really want to make sure that its totally gone, and that svchost isn't infected or anything, because obviously I can't delete it. Many thanks!

-Tom

I also ran SFC in command prompt incase it found svchost to be corrupted and replaced it with the original file, but it doesn't catch anything. I've done multiple scans (full, quick) using malwarebytes, mcaffee (now uninstalled) and avast! (now installed), as well as TDSSkiller and all have failed to find anything at all- totally clean. I've even run them all on windows\system32 (where svchost is located) alone, and still they never report any problems with svchost- if it really ISN'T infected, why the hourly incoming things from the chinese IP? Malwarebytes is still blocking them, so I bought the pro version to ensure I didn't lose the real-time scanning.

[MrCharlie]

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs.

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!)
Post back the report.

MrC

[TomDuffus]

This is the DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Tom at 14:01:20 on 2012-05-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3990.1986 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\spool\drivers\x64\3\EKAiO2MUI.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Users\Tom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3072253
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: CorePluginIEBHO Class: {13fa2453-9287-4f18-8554-976d7c02f4ee} - C:\Perfect World Entertainment\CORE Client\Plugins\CorePluginIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Spotify Web Helper] "C:\Users\Tom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 109.246.166.1
TCP: Interfaces\{9ED863F9-95D4-4443-86E1-DD2F685CBB27} : DhcpNameServer = 109.246.166.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
BHO-X64: CorePluginIEBHO Class: {13FA2453-9287-4F18-8554-976D7C02F4EE} - C:\Perfect World Entertainment\CORE Client\Plugins\CorePluginIE.dll
BHO-X64: CorePluginIEBHO - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\c0owf9iu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\Perfect World Entertainment\CORE Client\Plugins\npCorePluginFF.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-3-24 8704]
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 nvkflt;nvkflt;C:\Windows\system32\DRIVERS\nvkflt.sys --> C:\Windows\system32\DRIVERS\nvkflt.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-9-3 98208]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-5-9 44768]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-9 654408]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-26 2823000]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-9-3 1692480]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2012-2-9 6583160]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2012-2-9 528760]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-3 2656280]
R2 WMCoreService;Mobile Broadband Service;C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode --> C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode [?]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 d554scard;Dell Wireless 5540 HSPA Mini-Card USIM Port;C:\Windows\system32\DRIVERS\d554scard.sys --> C:\Windows\system32\DRIVERS\d554scard.sys [?]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R3 ecnssndis;Service for enabling selective suspend to NDIS device;C:\Windows\system32\Drivers\wwuss64.sys --> C:\Windows\system32\Drivers\wwuss64.sys [?]
R3 ecnssndisfltr;SSNDIS filter service;C:\Windows\system32\Drivers\wwussf64.sys --> C:\Windows\system32\Drivers\wwussf64.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\system32\DRIVERS\iwdbus.sys --> C:\Windows\system32\DRIVERS\iwdbus.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 Mbm3CBus;Dell Wireless HSPA Mini-Card Device (WDM);C:\Windows\system32\DRIVERS\Mbm3CBus.sys --> C:\Windows\system32\DRIVERS\Mbm3CBus.sys [?]
R3 Mbm3DevMt;Dell Wireless HSPA Mini-Card Device Management Driver (WDM);C:\Windows\system32\DRIVERS\Mbm3DevMt.sys --> C:\Windows\system32\DRIVERS\Mbm3DevMt.sys [?]
R3 Mbm3mdfl;Dell Wireless HSPA Mini-Card Modem Filter;C:\Windows\system32\DRIVERS\Mbm3mdfl.sys --> C:\Windows\system32\DRIVERS\Mbm3mdfl.sys [?]
R3 Mbm3Mdm;Dell Wireless HSPA Mini-Card Modem Driver;C:\Windows\system32\DRIVERS\Mbm3Mdm.sys --> C:\Windows\system32\DRIVERS\Mbm3Mdm.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 qicflt;upper Device Filter Driver;C:\Windows\system32\DRIVERS\qicflt.sys --> C:\Windows\system32\DRIVERS\qicflt.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
R3 WwanUsbServ;Ericsson WWAN Wireless Module Device Driver;C:\Windows\system32\DRIVERS\WwanUsbMp64.sys --> C:\Windows\system32\DRIVERS\WwanUsbMp64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-9 136176]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-9-3 2253120]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 d554gps;Dell Wireless HSPA Mini-Card GPS Port;C:\Windows\system32\drivers\d554gps64.sys --> C:\Windows\system32\drivers\d554gps64.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-9 136176]
S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys --> C:\Windows\system32\drivers\intelaud.sys [?]
S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 129976]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\system32\drivers\nvstusb.sys --> C:\Windows\system32\drivers\nvstusb.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2073-10-27 10:55:34 2404352 ----a-w- C:\Program Files (x86)\Microsoft Games\Halo Custom Edition\haloce.exe
2073-10-27 10:55:34 1835008 ----a-w- C:\Program Files (x86)\Microsoft Games\Halo Custom Edition\haloceded.exe
2073-10-27 10:55:34 1118208 ----a-w- C:\Program Files (x86)\Microsoft Games\Halo Custom Edition\Strings.dll
2012-05-11 09:00:15 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0AF98FE7-830A-4FF8-82E7-418B7340C2CA}\offreg.dll
2012-05-11 08:40:28 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0AF98FE7-830A-4FF8-82E7-418B7340C2CA}\mpengine.dll
2012-05-09 19:54:38 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-05-09 19:54:38 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-05-09 19:54:37 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-05-09 19:54:21 41184 ----a-w- C:\Windows\avastSS.scr
2012-05-09 19:54:13 -------- d-----w- C:\ProgramData\AVAST Software
2012-05-09 19:54:13 -------- d-----w- C:\Program Files\AVAST Software
2012-05-09 19:50:51 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-05-09 19:12:28 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-09 18:47:40 -------- d-----w- C:\Users\Tom\AppData\Roaming\Malwarebytes
2012-05-09 18:47:34 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-09 18:47:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-09 18:13:03 -------- d-----w- C:\Users\Tom\AppData\Local\{9B961FC4-9A02-11E1-826E-B8AC6F996F26}
2012-05-09 18:12:27 -------- d-----w- C:\Users\Tom\AppData\Local\WMDRM
2012-05-09 18:12:20 -------- d-----w- C:\ProgramData\B7E858A700002A1E00015AE6B4EB2367
2012-05-08 10:58:51 -------- d-----w- C:\Users\Tom\AppData\Local\{3674938C-1EA0-4C16-9441-8CFBA13A2DB6}
2012-05-07 22:03:26 -------- d-----w- C:\Users\Tom\AppData\Roaming\Ygyhm
2012-05-07 22:03:26 -------- d-----w- C:\Users\Tom\AppData\Roaming\Oruki
2012-05-07 22:03:26 -------- d-----w- C:\Users\Tom\AppData\Roaming\Kowuur
2012-05-07 18:54:48 -------- d-----w- C:\Users\Tom\AppData\Roaming\My Battle for Middle-earth™ II Files
2012-05-07 18:54:17 -------- d-----w- C:\Users\Tom\SC-1.15.2-enGB
2012-05-07 14:46:17 -------- d-----w- C:\Program Files (x86)\Starcraft
2012-05-07 09:52:30 -------- d-----w- C:\Program Files (x86)\Lighthouse Interactive
2012-05-07 02:32:21 -------- d-----w- C:\Users\Tom\AppData\Local\Google
2012-05-07 02:32:19 -------- d-----w- C:\Users\Tom\AppData\Local\CRE
2012-05-07 02:32:13 -------- d-----w- C:\Program Files (x86)\Conduit
2012-05-07 02:32:07 -------- d-----w- C:\Users\Tom\AppData\Local\Conduit
2012-05-07 02:31:06 -------- d-----w- C:\Users\Tom\AppData\Roaming\uTorrent
2012-05-06 12:32:39 -------- d-----w- C:\Users\Tom\AppData\Local\{678AE895-1519-4689-B621-600A470E16A8}
2012-05-06 12:32:29 -------- d-----w- C:\Users\Tom\AppData\Local\{3FBF73F7-E400-49A6-97F7-8AB8CD969B33}
2012-05-06 12:31:36 -------- d-----w- C:\Windows\en
2012-05-06 12:26:51 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\838417791cd2b8303\MeshBetaRemover.exe
2012-05-06 12:26:50 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8316ae0f1cd2b8302\DSETUP.dll
2012-05-06 12:26:50 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8316ae0f1cd2b8302\DXSETUP.exe
2012-05-06 12:26:50 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8316ae0f1cd2b8302\dsetup32.dll
2012-05-06 12:24:11 -------- d-----w- C:\Users\Tom\AppData\Local\{654BADDC-EBF1-41A9-A7BC-43C757F330D4}
2012-05-06 12:23:49 -------- d-----w- C:\Users\Tom\AppData\Local\{B9C1FF48-E67B-476A-BF35-E4DF58AA256F}
2012-05-05 17:16:49 -------- d-----w- C:\Program Files (x86)\Savage2
2012-04-29 20:47:38 -------- d-----w- C:\Users\Tom\AppData\Local\{3FCB9FC0-29B0-401C-9145-D1F843980277}
2012-04-28 23:50:24 40960 ----a-r- C:\Users\Tom\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2012-04-28 23:50:24 40960 ----a-r- C:\Users\Tom\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2012-04-28 19:17:05 -------- d-----w- C:\Users\Tom\AppData\Local\signal studios
2012-04-28 00:24:09 -------- d-----w- C:\Users\Tom\AppData\Local\BladesOfTimeDemo
2012-04-27 23:28:02 -------- d-----w- C:\Users\Tom\AppData\Local\SniperV2 Demo
2012-04-27 00:42:59 -------- d-----w- C:\Users\Tom\AppData\Local\AquaNox2
2012-04-26 20:22:03 -------- d-----w- C:\Users\Tom\AppData\Roaming\Trine2
2012-04-26 08:49:26 -------- d-----w- C:\Program Files (x86)\directx
2012-04-25 16:05:51 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-04-25 16:05:50 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-25 16:05:50 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-25 00:27:09 0 ----a-w- C:\Windows\SysWow64\sho6723.tmp
2012-04-24 09:21:48 -------- d-----w- C:\Users\Tom\AppData\Local\.inapptracking
2012-04-23 17:22:37 -------- d-----w- C:\ProgramData\id Software
2012-04-23 17:00:39 -------- d-----w- C:\Windows\SysWow64\Adobe
2012-04-23 16:20:52 -------- d-----w- C:\Users\Tom\AppData\Local\{E0ED27EB-C330-4FD6-9FDB-5B9FF5F08C0F}
2012-04-23 16:20:29 -------- d-----w- C:\Users\Tom\AppData\Local\{4236FDD7-1ADD-45EF-AA8D-E569ABA5494B}
2012-04-22 13:01:33 -------- d-----w- C:\Users\Tom\AppData\Local\{543B58CB-B3D6-4113-A296-EF8B0B92CE86}
2012-04-22 10:59:14 -------- d-----w- C:\ProgramData\Citrix
2012-04-22 10:58:12 -------- d-----w- C:\Program Files (x86)\Citrix
2012-04-22 10:57:51 -------- d-----w- C:\Users\Tom\AppData\Local\Citrix
2012-04-21 00:44:18 -------- d-----w- C:\Users\Tom\AppData\Local\{04D87311-4C4C-4D23-8810-CF337DA1A402}
2012-04-21 00:44:07 -------- d-----w- C:\Users\Tom\AppData\Local\{F23A3158-62B0-4A7B-B6C4-A953DC61F28C}
2012-04-20 21:52:41 -------- d-----w- C:\Users\Tom\AppData\Local\{C5764A61-EE46-4EEF-A34F-8502A42F169B}
2012-04-17 02:00:26 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-17 02:00:25 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-17 02:00:25 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-17 02:00:25 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-17 02:00:25 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-17 02:00:25 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-17 02:00:25 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-11 21:46:54 -------- d-----w- C:\ProgramData\Solidshield
2012-04-11 21:19:47 -------- d-----w- C:\Users\Tom\AppData\Local\Ubisoft
2012-04-11 20:58:37 -------- d-----w- C:\Users\Tom\AppData\Local\THQ
.
==================== Find3M ====================
.
2012-04-27 00:33:37 4608 ----a-w- C:\Windows\SysWow64\w95inf32.dll
2012-04-27 00:33:37 2272 ----a-w- C:\Windows\SysWow64\w95inf16.dll
2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-24 23:09:18 0 ----a-w- C:\Windows\SysWow64\shoDA88.tmp
2012-03-24 00:06:43 298016 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-03-24 00:06:43 298016 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-03-24 00:02:15 281408 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-03-10 15:52:06 2829 ----a-w- C:\Windows\War3Unin.pif
2012-03-10 15:52:06 126976 ----a-w- C:\Windows\War3Unin.exe
2012-03-08 17:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-03-08 17:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR
2012-03-03 22:41:47 419840 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-03-03 22:41:47 413696 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-03-03 22:41:47 133632 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-03-03 22:41:46 110592 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-03-03 06:35:38 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-03 05:31:19 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-29 13:26:56 416064 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-02-29 00:41:19 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-02-28 23:01:15 3130440 ----a-w- C:\Windows\SysWow64\pbsvc_blr.exe
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 09:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-20 23:45:37 2250024 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2012-02-19 02:16:59 0 ----a-w- C:\Windows\SysWow64\shoEC95.tmp
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
.
============= FINISH: 14:01:51.18 ===============

And this is the Attatch one:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 09/02/2012 17:20:10
System Uptime: 11/05/2012 09:35:06 (5 hours ago)
.
Motherboard: Dell Inc. | | 0YR8NN
Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz | CPU | 2277/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 446 GiB total, 77.071 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP138: 10/05/2012 03:34:31 - Scheduled Checkpoint
RP139: 10/05/2012 09:37:11 - Windows Update
RP140: 10/05/2012 22:17:25 - Installed DirectX
.
==== Installed Programs ======================
.
AccelerometerP11
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3) MUI
Adobe Shockwave Player 11.6
Advanced Audio FX Engine
Age of Empires Online
Age of Empires® III: Complete Collection
Akamai NetSession Interface
Allods Online 3.0.00.50
ArtRage 2
µTorrent
Audacity 2.0
avast! Free Antivirus
Bastion
BattleForge™
Blacklight Retribution
Brink
Cave Story+
Chrome
Chrome: Specforce
Command and Conquer 3: Tiberium Wars
Company of Heroes
CORE Client
D3DX10
DAEMON Tools Lite
Dead Space 2
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Getting Started Guide
Dell Mobile Broadband Manager
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell VideoStage
Dell Webcam Central
Dell Wireless HSPA Mini-Card Drivers
DirectX 9 Runtime
DOOM 3
eBay
Enemy Territory: Quake Wars
Evolva
F.E.A.R. 3
Fraps
From Dust
Google Chrome
Google Update Helper
GoToAssist Corporate
Ground Control II
Hi-Rez Studios Authenticate and Update Service
High-Definition Video Playback
Homeworld2
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® WiDi
Java Auto Updater
Java™ 6 Update 24
Junk Mail filter update
Kingdoms of Amalur: Reckoning Demo
LAME v3.99.3 (for Windows)
Left 4 Dead 2
Lost Planet 2
Magic Carpet
Malwarebytes Anti-Malware version 1.61.0.1400
Mesh Runtime
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Halo Custom Edition
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Monday Night Combat
Mozilla Firefox 12.0 (x86 en-GB)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MTX
Nero 10 Movie ThemePack Basic
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
NirSoft BlueScreenView
NVIDIA PhysX
Oddworld: Munch's Oddysee
Oddworld: Stranger's Wrath
OpenAL
OpenSauce for Halo CE
Pando Media Booster
PhotoShowExpress
PlayReady PC Runtime x86
Populous: The Beginning
Portal 2
Project64 1.6
PunkBuster Services
Quake Live Mozilla Plugin
RAGE
Rayman Origins Demo
Realtek High Definition Audio Driver
Ridge Racer™ Unbounded Demo
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Savage 2
Sculptris Alpha 6
Section 8: Prejudice
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype Click to Call
Skype™ 5.8
Sniper Elite V2 Demo
Sonic CinePlayer Decoder Pack
Sonic Generations
Spiral Knights
Spore
Spotify
Star Wars - Battlefront II
Star Wars Jedi Knight: Jedi Academy
StarCraft
Steam
Sunage
Supreme Commander 2
swMSM
SyncUP
The Battle for Middle-earth ™ II
Tribes Ascend Open Beta
Trine 2
Ubisoft Game Launcher
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Warcraft III
Warhammer 40,000 Space Marine
Warhammer 40,000: Dawn of War – Soulstorm
Warlock - Master of the Arcane Demo
WebTablet FB Plugin
WebTablet IE Plugin
WebTablet Netscape Plugin
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zinio Reader 4
.
==== Event Viewer Messages From Past Week ========
.
11/05/2012 09:38:29, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: unknown user name or bad password. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
11/05/2012 09:38:29, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
11/05/2012 09:36:20, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{9ED863F9-95D4-4443-86E1-DD2F685CBB27} because another computer on the network has the same name. The server could not start.
11/05/2012 09:36:18, Error: NetBT [4321] - The name "TOM-PC :20" could not be registered on the interface with IP address 109.246.166.193. The computer with the IP address 109.246.166.31 did not allow the name to be claimed by this computer.
11/05/2012 09:35:33, Error: NetBT [4321] - The name "TOM-PC :0" could not be registered on the interface with IP address 109.246.166.193. The computer with the IP address 109.246.166.31 did not allow the name to be claimed by this computer.
10/05/2012 10:05:35, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
10/05/2012 02:07:07, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
10/05/2012 02:07:07, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
10/05/2012 02:07:02, Error: Service Control Manager [7034] - The Hi-Rez Studios Authenticate and Update Service service terminated unexpectedly. It has done this 1 time(s).
10/05/2012 02:06:18, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 87
10/05/2012 00:44:11, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
09/05/2012 20:31:05, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024809
09/05/2012 19:55:54, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
09/05/2012 19:55:52, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
09/05/2012 19:55:51, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.
09/05/2012 19:55:51, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
09/05/2012 19:46:02, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
09/05/2012 19:44:30, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
09/05/2012 19:42:19, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
09/05/2012 19:42:12, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
09/05/2012 19:42:12, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
09/05/2012 19:42:08, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
09/05/2012 19:42:00, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6
09/05/2012 19:42:00, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
09/05/2012 19:41:59, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
09/05/2012 19:41:59, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
09/05/2012 18:54:09, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
08/05/2012 21:58:32, Error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
08/05/2012 21:58:32, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
08/05/2012 21:58:32, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
08/05/2012 21:58:32, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
08/05/2012 21:58:32, Error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
08/05/2012 21:58:32, Error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
08/05/2012 20:19:59, Error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
08/05/2012 20:19:59, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
08/05/2012 20:19:59, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
08/05/2012 20:19:59, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
08/05/2012 20:19:59, Error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
08/05/2012 20:19:59, Error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
08/05/2012 09:41:28, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 0, function 1. Please contact your system vendor for technical assistance.
07/05/2012 14:57:05, Error: Service Control Manager [7034] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 3 time(s).
07/05/2012 14:57:05, Error: Service Control Manager [7034] - The McAfee Services service terminated unexpectedly. It has done this 3 time(s).
07/05/2012 14:57:05, Error: Service Control Manager [7034] - The McAfee Proxy Service service terminated unexpectedly. It has done this 3 time(s).
07/05/2012 14:57:05, Error: Service Control Manager [7034] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 3 time(s).
07/05/2012 14:57:05, Error: Service Control Manager [7034] - The McAfee Network Agent service terminated unexpectedly. It has done this 3 time(s).
07/05/2012 14:57:05, Error: Service Control Manager [7034] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 3 time(s).
06/05/2012 01:26:15, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
06/05/2012 01:26:15, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running.
06/05/2012 01:26:15, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
06/05/2012 01:26:15, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running.
06/05/2012 01:25:15, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
06/05/2012 01:24:15, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
06/05/2012 01:24:15, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
06/05/2012 01:24:15, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
06/05/2012 01:24:15, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
06/05/2012 01:24:15, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
06/05/2012 01:24:15, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
06/05/2012 01:24:15, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
06/05/2012 01:24:15, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
06/05/2012 01:24:15, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
06/05/2012 01:24:15, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
06/05/2012 01:24:15, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
06/05/2012 01:24:15, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
06/05/2012 00:57:43, Error: volsnap [67] - The shadow copy of volume C: being created failed to install.
.
==== End Of File ===========================

[TomDuffus]

Here is the report from roguekiller:

RogueKiller V7.4.4 [05/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Tom [Admin rights]
Mode: Scan -- Date: 05/11/2012 14:08:43

¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] SpotifyWebHelper.exe -- C:\Users\Tom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 5 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : Spotify Web Helper ("C:\Users\Tom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe") -> FOUND
[RANDOMNAME] HKLM\[...]\Run : EKAIO2StatusMonitor (C:\Windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-4234593452-1771345588-371266355-1001[...]\Run : Spotify Web Helper ("C:\Users\Tom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe") -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500423AS +++++
--- User ---
[MBR] 281aa41ad73f5ab1c550ca2ccc1bd049
[BSP] 0d9bdc844c4d286fe0b40717de6e9b3f : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 212992 | Size: 20000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41172992 | Size: 456835 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

[MrCharlie]

Please download and run ComboFix.
The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.
MrC

[TomDuffus]

Have I posted the wrong one? Sorry if i have!

[TomDuffus]

Okay, I'll run that now. Also, the address of the IP that keeps contacting my svchost.exe is 60.191.186.52 if thats any use? Not sure if it is, but its there anyway. It's always been that same IP for days. Anyway, I'll go and run combofix. Should I disable Malwarebytes? Its the only thing keeping that IP out, so I'm not sure what to do if it tries to get in whilst it's disabled for this scan?

[MrCharlie]

You can keep it enabled, but if ComboFix alerts you about it, then disable it and just disconnect from the internet.

MrC

[TomDuffus]

ComboFix 12-05-11.02 - Tom 11/05/2012 16:52:06.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3990.1733 [GMT 1:00]
Running from: c:\users\Tom\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\INSTALL.LOG
c:\programdata\Roaming
c:\users\Tom\AppData\Local\.#
c:\users\Tom\AppData\Roaming\Kowuur
c:\users\Tom\AppData\Roaming\Kowuur\ycovo.ehu
.
.
((((((((((((((((((((((((( Files Created from 2012-04-11 to 2012-05-11 )))))))))))))))))))))))))))))))
.
.
2073-10-27 10:55 . 2009-10-03 18:32 1118208 ----a-w- c:\program files (x86)\Microsoft Games\Halo Custom Edition\Strings.dll
2073-10-27 10:55 . 2009-10-03 18:32 1835008 ----a-w- c:\program files (x86)\Microsoft Games\Halo Custom Edition\haloceded.exe
2073-10-27 10:55 . 2009-10-03 18:31 2404352 ----a-w- c:\program files (x86)\Microsoft Games\Halo Custom Edition\haloce.exe
2012-05-11 08:40 . 2012-04-18 02:03 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0AF98FE7-830A-4FF8-82E7-418B7340C2CA}\mpengine.dll
2012-05-09 19:54 . 2012-05-09 19:55 -------- d-----w- c:\program files (x86)\Google
2012-05-09 19:54 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-05-09 19:54 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-05-09 19:54 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-05-09 19:54 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-05-09 19:54 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-05-09 19:54 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-05-09 19:54 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-05-09 19:54 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-05-09 19:54 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-05-09 19:54 . 2012-05-09 19:54 -------- d-----w- c:\programdata\AVAST Software
2012-05-09 19:54 . 2012-05-09 19:54 -------- d-----w- c:\program files\AVAST Software
2012-05-09 19:12 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-09 18:47 . 2012-05-09 18:47 -------- d-----w- c:\users\Tom\AppData\Roaming\Malwarebytes
2012-05-09 18:47 . 2012-05-09 19:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-09 18:47 . 2012-05-09 18:47 -------- d-----w- c:\programdata\Malwarebytes
2012-05-09 18:13 . 2012-05-09 18:13 -------- d-----w- c:\windows\system32\Macromed
2012-05-09 18:13 . 2012-05-09 18:13 -------- d-----w- c:\users\Tom\AppData\Local\{9B961FC4-9A02-11E1-826E-B8AC6F996F26}
2012-05-09 18:12 . 2012-05-09 18:51 -------- d-----w- c:\users\Tom\AppData\Local\WMDRM
2012-05-09 18:12 . 2012-05-09 18:12 -------- d-----w- c:\programdata\B7E858A700002A1E00015AE6B4EB2367
2012-05-07 22:03 . 2012-05-09 19:30 -------- d-----w- c:\users\Tom\AppData\Roaming\Oruki
2012-05-07 22:03 . 2012-05-09 19:09 -------- d-----w- c:\users\Tom\AppData\Roaming\Ygyhm
2012-05-07 18:54 . 2012-05-07 19:00 -------- d-----w- c:\users\Tom\AppData\Roaming\My Battle for Middle-earth™ II Files
2012-05-07 18:54 . 2012-05-07 19:15 -------- d-----w- c:\users\Tom\SC-1.15.2-enGB
2012-05-07 14:46 . 2012-05-08 11:56 -------- d-----w- c:\program files (x86)\Starcraft
2012-05-07 09:52 . 2012-05-07 09:52 -------- d-----w- c:\program files (x86)\Lighthouse Interactive
2012-05-07 02:32 . 2012-05-09 19:54 -------- d-----w- c:\users\Tom\AppData\Local\Google
2012-05-07 02:32 . 2012-05-07 02:32 -------- d-----w- c:\users\Tom\AppData\Local\CRE
2012-05-07 02:32 . 2012-05-07 02:32 -------- d-----w- c:\program files (x86)\Conduit
2012-05-07 02:32 . 2012-05-10 00:09 -------- d-----w- c:\users\Tom\AppData\Local\Conduit
2012-05-07 02:31 . 2012-05-10 00:06 -------- d-----w- c:\users\Tom\AppData\Roaming\uTorrent
2012-05-06 12:31 . 2012-05-06 12:31 -------- d-----w- c:\windows\en
2012-05-06 12:26 . 2012-05-06 12:26 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\838417791cd2b8303\MeshBetaRemover.exe
2012-05-06 12:26 . 2012-05-06 12:26 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8316ae0f1cd2b8302\DSETUP.dll
2012-05-06 12:26 . 2012-05-06 12:26 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8316ae0f1cd2b8302\DXSETUP.exe
2012-05-06 12:26 . 2012-05-06 12:26 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8316ae0f1cd2b8302\dsetup32.dll
2012-05-05 17:16 . 2012-05-05 17:32 -------- d-----w- c:\program files (x86)\Savage2
2012-04-28 23:50 . 2012-04-28 23:50 40960 ----a-r- c:\users\Tom\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2012-04-28 23:50 . 2012-04-28 23:50 40960 ----a-r- c:\users\Tom\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2012-04-28 19:17 . 2012-04-28 19:17 -------- d-----w- c:\users\Tom\AppData\Local\signal studios
2012-04-28 00:24 . 2012-04-28 00:24 -------- d-----w- c:\users\Tom\AppData\Local\BladesOfTimeDemo
2012-04-27 23:28 . 2012-04-27 23:28 -------- d-----w- c:\users\Tom\AppData\Local\SniperV2 Demo
2012-04-27 00:42 . 2012-04-27 00:49 -------- d-----w- c:\users\Tom\AppData\Local\AquaNox2
2012-04-26 20:22 . 2012-04-26 20:22 -------- d-----w- c:\users\Tom\AppData\Roaming\Trine2
2012-04-26 08:49 . 2012-04-26 08:49 -------- d-----w- c:\program files (x86)\directx
2012-04-25 16:05 . 2012-04-25 16:05 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-04-25 16:05 . 2012-04-25 16:05 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-25 16:05 . 2012-04-25 16:05 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-25 00:27 . 2012-04-25 00:27 0 ----a-w- c:\windows\SysWow64\sho6723.tmp
2012-04-24 09:21 . 2012-04-24 09:21 -------- d-----w- c:\users\Tom\AppData\Local\.inapptracking
2012-04-23 17:22 . 2012-04-23 17:22 -------- d-----w- c:\programdata\id Software
2012-04-23 17:00 . 2012-04-23 17:01 -------- d-----w- c:\windows\SysWow64\Adobe
2012-04-22 10:59 . 2012-04-22 10:59 -------- d-----w- c:\programdata\Citrix
2012-04-22 10:58 . 2012-04-22 10:58 -------- d-----w- c:\program files (x86)\Citrix
2012-04-22 10:57 . 2012-04-22 10:57 -------- d-----w- c:\users\Tom\AppData\Local\Citrix
2012-04-17 16:41 . 2012-04-17 16:41 -------- d-----w- c:\users\Tom\AppData\Roaming\InstallShield
2012-04-17 15:53 . 2012-04-17 15:53 -------- d-----w- c:\programdata\Creative
2012-04-17 15:48 . 2012-04-17 15:48 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-04-17 02:00 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-17 02:00 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-17 02:00 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-17 02:00 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-17 02:00 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-17 02:00 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-17 02:00 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 21:46 . 2012-04-11 21:46 -------- d-----w- c:\programdata\Solidshield
2012-04-11 21:19 . 2012-04-11 21:19 -------- d-----w- c:\users\Tom\AppData\Local\Ubisoft
2012-04-11 21:19 . 2012-04-11 21:19 -------- d-----w- c:\programdata\Ubisoft
2012-04-11 20:58 . 2012-04-11 20:58 -------- d-----w- c:\users\Tom\AppData\Local\THQ
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-06 12:28 . 2010-06-24 16:33 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-24 23:09 . 2012-03-24 23:09 0 ----a-w- c:\windows\SysWow64\shoDA88.tmp
2012-03-24 00:06 . 2012-02-19 02:12 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-03-24 00:06 . 2012-02-10 00:35 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-03-24 00:02 . 2012-02-10 00:35 281408 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-03-10 15:52 . 2012-03-10 15:52 2829 ----a-w- c:\windows\War3Unin.pif
2012-03-10 15:52 . 2012-03-10 15:52 126976 ----a-w- c:\windows\War3Unin.exe
2012-03-08 17:50 . 2012-03-08 17:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 17:37 . 2012-03-08 17:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-03 22:41 . 2012-03-03 22:41 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2012-03-03 22:41 . 2012-03-03 22:41 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-03-03 22:41 . 2012-03-03 22:41 133632 ----a-w- c:\windows\system32\OpenAL32.dll
2012-03-03 22:41 . 2012-03-03 22:41 110592 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-02-29 13:26 . 2012-02-29 13:26 416064 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-02-29 00:41 . 2012-02-10 00:35 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-02-28 23:01 . 2012-02-10 00:35 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
2012-02-23 09:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-20 23:45 . 2012-02-20 23:45 2250024 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-02-19 02:16 . 2012-02-19 02:16 0 ----a-w- c:\windows\SysWow64\shoEC95.tmp
2012-02-17 06:38 . 2012-03-14 06:22 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 06:22 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 06:22 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 06:22 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{13FA2453-9287-4F18-8554-976D7C02F4EE}]
2012-01-10 21:43 63368 ----a-w- c:\perfect world entertainment\CORE Client\plugins\CorePluginIE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-02-09 1242448]
"Spotify Web Helper"="c:\users\Tom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-06 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-09 136176]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 d554gps;Dell Wireless HSPA Mini-Card GPS Port;c:\windows\system32\drivers\d554gps64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-09 136176]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 d554scard;Dell Wireless 5540 HSPA Mini-Card USIM Port;c:\windows\system32\DRIVERS\d554scard.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 ecnssndis;Service for enabling selective suspend to NDIS device;c:\windows\system32\Drivers\wwuss64.sys [x]
S3 ecnssndisfltr;SSNDIS filter service;c:\windows\system32\Drivers\wwussf64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 Mbm3CBus;Dell Wireless HSPA Mini-Card Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys [x]
S3 Mbm3DevMt;Dell Wireless HSPA Mini-Card Device Management Driver (WDM);c:\windows\system32\DRIVERS\Mbm3DevMt.sys [x]
S3 Mbm3mdfl;Dell Wireless HSPA Mini-Card Modem Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys [x]
S3 Mbm3Mdm;Dell Wireless HSPA Mini-Card Modem Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
S3 WwanUsbServ;Ericsson WWAN Wireless Module Device Driver;c:\windows\system32\DRIVERS\WwanUsbMp64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-09 19:54]
.
2012-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-09 19:54]
.
2012-05-01 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]
.
2012-05-01 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]
.
2012-02-26 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-01-25 4479648]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"EKAIO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe" [2011-12-11 3240448]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-10-15 539456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3072253
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 109.246.166.1
FF - ProfilePath - c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\c0owf9iu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - about:home
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
AddRemove-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-05-11 17:06:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-11 16:06
.
Pre-Run: 82,636,087,296 bytes free
Post-Run: 82,618,212,352 bytes free
.
- - End Of File - - 97F585BDA46A678EECCC566F1D1668EB

[TomDuffus]

Sorry, just a small update: A new IP was blocked, this is the first time it wasn't the IP 60.191.186.52, which did try again today. This new IP was still trying to get into svchost.exe, but was 121.10.114.101, another IP from a different part of China. What does this mean?? Is my svchost managing to spread out my details to other IPs now?

[TomDuffus]

Sorry, actually, anyone who can give me a break down in very basic terms of what the hell is happening here- it would be much appreciated. Many thanks!

[MrCharlie]

First, have you uninstalled uTorrent and any other P2P programs:

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

It's also against our policy:
http://forums.malwar...showtopic=97700

-------------------------------------------------

These alerts are incoming??

--------------------------------------------------

Can you take a look at these folders...do you recognize them:

c:\users\Tom\AppData\Roaming\Oruki
c:\users\Tom\AppData\Roaming\Ygyhm
c:\users\Tom\AppData\Local\THQ

-------------------------------
These two temp files:

c:\windows\SysWow64\shoDA88.tmp
c:\windows\SysWow64\sho6723.tmp

Upload them to VirusTotal for a free scan, let me know the results (just copy back the url)

http://www.virustotal.com/

MrC

[TomDuffus]

I have done once before, but I have deleted the program and everything I had downloaded. I no longer trust P2P file sharing, and do not agree with piracy. I will go to the files you mentioned and see what I find. Many thanks.

[TomDuffus]

Okay, I went to Oruki and ygyhm folders and they do not contain any files- I believe that the scan may have deleted them? They are completely empty. As for THQ, yes I do recognise it, the only file within it is a .cfg file for a videogame by the developer THQ.

As for the temp files, here are virustotal's scan URLs:

https://www.virustot...sis/1336827274/
https://www.virustot...sis/1336827405/

Both come out clean.

[MrCharlie]

OK, delete those two folders.

Take a look at the link below regarding the IP module and how it works:

http://forums.malwar...ndpost&p=162100

You said that these were incoming??

Can you take a screen shot of one of them and post it.

MrC

[TomDuffus]

It may be many hours before it tries to attack again, and yes they are incoming. The 2 IPs that have been incoming to svchost.exe have been:

60.191.186.52
121.10.114.101

The last port that I recorded them attempting to get in through was 35521, but I do not know if that is the only port as I only checked the last time.

[MrCharlie]

Run this scan and post back the two reports:

Please download OTL from one of the links below:
http://oldtimer.geekstogo.com/OTL.exe
http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.
Double click on the icon on your desktop.
Click the Scan All Users checkbox.
Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)
OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized

MrC

[TomDuffus]

I looked in the Malwarebytes IP protection logs and this is what I found. Here are the logs from the 4 different files, called protection-log-2012-05-12.txt, 2012-05-11.txt, 2012-05-10.txt, 2012-05-9.txt.



2012/05/12 01:37:02 +0100 TOM-PC Tom IP-BLOCK 78.140.143.48 (Type: outgoing, Port: 55384, Process: avastsvc.exe)
2012/05/12 01:37:02 +0100 TOM-PC Tom IP-BLOCK 78.140.143.48 (Type: outgoing, Port: 55385, Process: avastsvc.exe)
2012/05/12 01:38:23 +0100 TOM-PC Tom IP-BLOCK 91.223.82.63 (Type: outgoing, Port: 55810, Process: avastsvc.exe)
2012/05/12 01:38:23 +0100 TOM-PC Tom IP-BLOCK 91.223.82.63 (Type: outgoing, Port: 55811, Process: avastsvc.exe)
2012/05/12 01:57:15 +0100 TOM-PC Tom IP-BLOCK 91.223.82.63 (Type: outgoing, Port: 56581, Process: avastsvc.exe)
2012/05/12 01:57:15 +0100 TOM-PC Tom IP-BLOCK 91.223.82.63 (Type: outgoing, Port: 56582, Process: avastsvc.exe)
2012/05/12 03:24:11 +0100 TOM-PC Tom IP-BLOCK 60.191.186.52 (Type: incoming, Port: 26305, Process: svchost.exe)
2012/05/12 07:38:33 +0100 TOM-PC Tom IP-BLOCK 60.191.186.52 (Type: incoming, Port: 61121, Process: svchost.exe)
2012/05/12 07:38:33 +0100 TOM-PC Tom IP-BLOCK 60.191.186.52 (Type: incoming, Port: 61121, Process: svchost.exe)
2012/05/12 08:55:43 +0100 TOM-PC Tom MESSAGE Executing scheduled update: Daily
2012/05/12 08:55:49 +0100 TOM-PC Tom MESSAGE Scheduled update executed successfully: database updated from version v2012.05.11.02 to version v2012.05.12.04
2012/05/12 08:55:49 +0100 TOM-PC Tom MESSAGE Starting database refresh
2012/05/12 08:55:49 +0100 TOM-PC Tom MESSAGE Stopping IP protection
2012/05/12 08:56:58 +0100 TOM-PC Tom MESSAGE IP Protection stopped
2012/05/12 08:57:00 +0100 TOM-PC Tom MESSAGE Database refreshed successfully
2012/05/12 08:57:00 +0100 TOM-PC Tom MESSAGE Starting IP protection
2012/05/12 08:57:00 +0100 TOM-PC Tom MESSAGE IP Protection started successfully
2012/05/12 11:53:07 +0100 TOM-PC Tom IP-BLOCK 60.191.186.52 (Type: incoming, Port: 31425, Process: svchost.exe)
2012/05/12 11:53:07 +0100 TOM-PC Tom IP-BLOCK 60.191.186.52 (Type: incoming, Port: 31425, Process: svchost.exe)

2012/05/11 01:02:27 +0100 TOM-PC Tom IP-BLOCK 204.188.215.194 (Type: outgoing, Port: 52706, Process: avastsvc.exe)
2012/05/11 01:02:27 +0100 TOM-PC Tom IP-BLOCK 204.188.215.194 (Type: outgoing, Port: 52707, Process: avastsvc.exe)
2012/05/11 09:38:28 +0100 TOM-PC Tom MESSAGE Starting protection
2012/05/11 09:38:30 +0100 TOM-PC Tom MESSAGE Protection started successfully
2012/05/11 09:38:33 +0100 TOM-PC Tom MESSAGE Starting IP protection
2012/05/11 09:38:34 +0100 TOM-PC Tom MESSAGE IP Protection started successfully
2012/05/11 09:45:46 +0100 TOM-PC Tom MESSAGE Executing scheduled update: Daily
2012/05/11 09:45:51 +0100 TOM-PC Tom MESSAGE Starting database refresh
2012/05/11 09:45:51 +0100 TOM-PC Tom MESSAGE Scheduled update executed successfully: database updated from version v2012.05.10.04 to version v2012.05.11.02
2012/05/11 09:45:51 +0100 TOM-PC Tom MESSAGE Stopping IP protection
2012/05/11 09:47:04 +0100 TOM-PC Tom MESSAGE IP Protection stopped
2012/05/11 09:47:06 +0100 TOM-PC Tom MESSAGE Database refreshed successfully
2012/05/11 09:47:06 +0100 TOM-PC Tom MESSAGE Starting IP protection
2012/05/11 09:47:07 +0100 TOM-PC Tom MESSAGE IP Protection started successfully
2012/05/11 10:26:27 +0100 TOM-PC Tom IP-BLOCK 60.191.186.52 (Type: incoming, Port: 16065, Process: svchost.exe)
2012/05/11 16:49:41 +0100 TOM-PC Tom MESSAGE Stopping IP protection
2012/05/11 16:50:59 +0100 TOM-PC Tom MESSAGE IP Protection stopped
2012/05/11 17:12:18 +0100 TOM-PC Tom MESSAGE Starting protection
2012/05/11 17:12:20 +0100 TOM-PC Tom MESSAGE Protection started successfully
2012/05/11 17:12:23 +0100 TOM-PC Tom MESSAGE Starting IP protection
2012/05/11 17:12:24 +0100 TOM-PC Tom MESSAGE IP Protection started successfully
2012/05/11 18:55:17 +0100 TOM-PC Tom IP-BLOCK 60.191.186.52 (Type: incoming, Port: 21185, Process: svchost.exe)
2012/05/11 23:09:45 +0100 TOM-PC Tom IP-BLOCK 60.191.186.52 (Type: incoming, Port: 56001, Process: svchost.exe)
2012/05/11 23:09:45 +0100 TOM-PC Tom IP-BLOCK 60.191.186.52 (Type: incoming, Port: 56001, Process: svchost.exe)
2012/05/11 23:15:22 +0100 TOM-PC Tom IP-BLOCK 121.10.114.101 (Type: incoming, Port: 30415, Process: svchost.exe)
2012/05/11 23:15:22 +0100 TOM-PC Tom IP-BLOCK 121.10.114.101 (Type: incoming, Port: 30415, Process: svchost.exe)

2012/05/10 00:27:40 +0100 TOM-PC Tom IP-BLOCK 87.118.92.88 (Type: outgoing, Port: 54145, Process: avastsvc.exe)
2012/05/10 00:27:40 +0100 TOM-PC Tom IP-BLOCK 87.118.92.88 (Type: outgoing, Port: 54146, Process: avastsvc.exe)
2012/05/10 00:27:48 +0100 TOM-PC Tom IP-BLOCK 87.118.92.88 (Type: outgoing, Port: 54148, Process: avastsvc.exe)
2012/05/10 00:27:48 +0100 TOM-PC Tom IP-BLOCK 87.118.92.88 (Type: outgoing, Port: 54149, Process: avastsvc.exe)
2012/05/10 00:30:45 +0100 TOM-PC Tom IP-BLOCK 60.191.186.52 (Type: incoming, Port: 60097, Process: svchost.exe)
2012/05/10 02:09:04 +0100 TOM-PC Tom MESSAGE Starting protection
2012/05/10 02:09:06 +0100 TOM-PC Tom MESSAGE Protection started successfully
2012/05/10 02:09:09 +0100 TOM-PC Tom MESSAGE Starting IP protection
2012/05/10 02:09:10 +0100 TOM-PC Tom MESSAGE IP Protection started successfully
2012/05/10 03:15:49 +0100 TOM-PC Tom IP-BLOCK 121.10.115.62 (Type: incoming, Port: 28356, Process: svchost.exe)
2012/05/10 06:53:14 +0100 TOM-PC Tom IP-BLOCK 121.10.115.62 (Type: incoming, Port: 55185, Process: svchost.exe)
2012/05/10 08:58:43 +0100 TOM-PC Tom MESSAGE Executing scheduled update: Daily
2012/05/10 08:58:48 +0100 TOM-PC Tom MESSAGE Starting database refresh
2012/05/10 08:58:48 +0100 TOM-PC Tom MESSAGE Scheduled update executed successfully: database updated from version v2012.05.09.05 to version v2012.05.10.01
2012/05/10 08:58:48 +0100 TOM-PC Tom MESSAGE Stopping IP protection
2012/05/10 09:00:00 +0100 TOM-PC Tom MESSAGE IP Protection stopped
2012/05/10 09:00:02 +0100 TOM-PC Tom MESSAGE Database refreshed successfully
2012/05/10 09:00:02 +0100 TOM-PC Tom MESSAGE Starting IP protection
2012/05/10 09:00:03 +0100 TOM-PC Tom MESSAGE IP Protection started successfully
2012/05/10 10:06:26 +0100 TOM-PC Tom MESSAGE Starting protection
2012/05/10 10:06:28 +0100 TOM-PC Tom MESSAGE Protection started successfully
2012/05/10 10:06:31 +0100 TOM-PC Tom MESSAGE Starting IP protection
2012/05/10 10:06:33 +0100 TOM-PC Tom MESSAGE IP Protection started successfully
2012/05/10 10:32:02 +0100 TOM-PC Tom IP-BLOCK 121.10.115.62 (Type: incoming, Port: 17502, Process: svchost.exe)
2012/05/10 13:14:17 +0100 TOM-PC Tom IP-BLOCK 60.191.186.52 (Type: incoming, Port: 35521, Process: svchost.exe)
2012/05/10 13:14:17 +0100 TOM-PC Tom IP-BLOCK 60.191.186.52 (Type: incoming, Port: 35521, Process: svchost.exe)
2012/05/10 20:06:06 +0100 TOM-PC Tom MESSAGE Stopping IP protection
2012/05/10 20:07:25 +0100 TOM-PC Tom MESSAGE IP Protection stopped
2012/05/10 20:07:42 +0100 TOM-PC Tom MESSAGE Starting database refresh
2012/05/10 20:07:51 +0100 TOM-PC Tom MESSAGE Database refreshed successfully
2012/05/10 20:17:09 +0100 TOM-PC Tom MESSAGE Starting protection
2012/05/10 20:17:11 +0100 TOM-PC Tom MESSAGE Protection started successfully
2012/05/10 20:17:14 +0100 TOM-PC Tom MESSAGE Starting IP protection
2012/05/10 20:17:16 +0100 TOM-PC Tom MESSAGE IP Protection started successfully
2012/05/10 20:36:27 +0100 TOM-PC Tom IP-BLOCK 37.221.160.51 (Type: outgoing, Port: 50826, Process: avastsvc.exe)
2012/05/10 20:36:27 +0100 TOM-PC Tom IP-BLOCK 37.221.160.51 (Type: outgoing, Port: 50827, Process: avastsvc.exe)
2012/05/10 20:36:27 +0100 TOM-PC Tom IP-BLOCK 37.221.160.51 (Type: outgoing, Port: 50829, Process: avastsvc.exe)
2012/05/10 20:36:27 +0100 TOM-PC Tom IP-BLOCK 37.221.160.51 (Type: outgoing, Port: 50828, Process: avastsvc.exe)

2012/05/09 20:14:12 +0100 TOM-PC Tom MESSAGE Starting protection
2012/05/09 20:14:14 +0100 TOM-PC Tom MESSAGE Protection started successfully
2012/05/09 20:14:17 +0100 TOM-PC Tom MESSAGE Starting IP protection
2012/05/09 20:14:18 +0100 TOM-PC Tom MESSAGE IP Protection started successfully
2012/05/09 20:14:41 +0100 TOM-PC Tom MESSAGE Executing scheduled update: Daily
2012/05/09 20:15:37 +0100 TOM-PC Tom MESSAGE Database already up-to-date
2012/05/09 20:16:19 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 49622, Process: ybeq.exe)
2012/05/09 20:16:20 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50214, Process: ybeq.exe)
2012/05/09 20:16:20 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50215, Process: ybeq.exe)
2012/05/09 20:16:20 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50216, Process: ybeq.exe)
2012/05/09 20:16:20 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50223, Process: ybeq.exe)
2012/05/09 20:16:20 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50224, Process: ybeq.exe)
2012/05/09 20:16:20 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50225, Process: ybeq.exe)
2012/05/09 20:16:20 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50226, Process: ybeq.exe)
2012/05/09 20:16:28 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50231, Process: ybeq.exe)
2012/05/09 20:16:28 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50232, Process: ybeq.exe)
2012/05/09 20:16:28 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50234, Process: ybeq.exe)
2012/05/09 20:16:28 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50235, Process: ybeq.exe)
2012/05/09 20:16:36 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50240, Process: ybeq.exe)
2012/05/09 20:16:36 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50241, Process: ybeq.exe)
2012/05/09 20:16:36 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50242, Process: ybeq.exe)
2012/05/09 20:16:36 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50243, Process: ybeq.exe)
2012/05/09 20:16:36 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50249, Process: ybeq.exe)
2012/05/09 20:16:36 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50250, Process: ybeq.exe)
2012/05/09 20:16:36 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50251, Process: ybeq.exe)
2012/05/09 20:16:36 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50252, Process: ybeq.exe)
2012/05/09 20:16:36 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50253, Process: ybeq.exe)
2012/05/09 20:16:36 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50254, Process: ybeq.exe)
2012/05/09 20:16:44 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50260, Process: ybeq.exe)
2012/05/09 20:16:44 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50261, Process: ybeq.exe)
2012/05/09 20:16:44 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50262, Process: ybeq.exe)
2012/05/09 20:16:44 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50263, Process: ybeq.exe)
2012/05/09 20:16:44 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50266, Process: ybeq.exe)
2012/05/09 20:16:44 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50267, Process: ybeq.exe)
2012/05/09 20:16:44 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50268, Process: ybeq.exe)
2012/05/09 20:16:44 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50274, Process: ybeq.exe)
2012/05/09 20:16:44 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50275, Process: ybeq.exe)
2012/05/09 20:16:44 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50277, Process: ybeq.exe)
2012/05/09 20:16:44 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50278, Process: ybeq.exe)
2012/05/09 20:16:44 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50281, Process: ybeq.exe)
2012/05/09 20:16:52 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50286, Process: ybeq.exe)
2012/05/09 20:16:52 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50287, Process: ybeq.exe)
2012/05/09 20:16:52 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50288, Process: ybeq.exe)
2012/05/09 20:16:52 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50289, Process: ybeq.exe)
2012/05/09 20:16:52 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50294, Process: ybeq.exe)
2012/05/09 20:17:00 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50299, Process: ybeq.exe)
2012/05/09 20:17:00 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50300, Process: ybeq.exe)
2012/05/09 20:17:00 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50301, Process: ybeq.exe)
2012/05/09 20:17:00 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50302, Process: ybeq.exe)
2012/05/09 20:17:00 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50303, Process: ybeq.exe)
2012/05/09 20:17:00 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50304, Process: ybeq.exe)
2012/05/09 20:17:00 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50308, Process: ybeq.exe)
2012/05/09 20:17:00 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50313, Process: ybeq.exe)
2012/05/09 20:17:00 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50314, Process: ybeq.exe)
2012/05/09 20:17:00 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50315, Process: ybeq.exe)
2012/05/09 20:17:00 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50316, Process: ybeq.exe)
2012/05/09 20:17:00 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50317, Process: ybeq.exe)
2012/05/09 20:17:00 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50318, Process: ybeq.exe)
2012/05/09 20:17:00 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50322, Process: ybeq.exe)
2012/05/09 20:17:08 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50327, Process: ybeq.exe)
2012/05/09 20:17:08 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50328, Process: ybeq.exe)
2012/05/09 20:17:08 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50330, Process: ybeq.exe)
2012/05/09 20:17:08 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50331, Process: ybeq.exe)
2012/05/09 20:17:08 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50336, Process: ybeq.exe)
2012/05/09 20:17:08 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50337, Process: ybeq.exe)
2012/05/09 20:17:08 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50338, Process: ybeq.exe)
2012/05/09 20:17:08 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50339, Process: ybeq.exe)
2012/05/09 20:17:17 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50345, Process: ybeq.exe)
2012/05/09 20:17:17 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50346, Process: ybeq.exe)
2012/05/09 20:17:17 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50347, Process: ybeq.exe)
2012/05/09 20:17:17 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50348, Process: ybeq.exe)
2012/05/09 20:17:25 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50354, Process: ybeq.exe)
2012/05/09 20:17:25 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50355, Process: ybeq.exe)
2012/05/09 20:25:04 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50505, Process: ybeq.exe)
2012/05/09 20:25:05 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50508, Process: ybeq.exe)
2012/05/09 20:25:13 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50509, Process: ybeq.exe)
2012/05/09 20:25:13 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50510, Process: ybeq.exe)
2012/05/09 20:25:13 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50513, Process: ybeq.exe)
2012/05/09 20:25:13 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50514, Process: ybeq.exe)
2012/05/09 20:25:13 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50515, Process: ybeq.exe)
2012/05/09 20:25:13 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50516, Process: ybeq.exe)
2012/05/09 20:25:13 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50517, Process: ybeq.exe)
2012/05/09 20:25:21 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50520, Process: ybeq.exe)
2012/05/09 20:25:21 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50521, Process: ybeq.exe)
2012/05/09 20:25:21 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50522, Process: ybeq.exe)
2012/05/09 20:25:21 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50523, Process: ybeq.exe)
2012/05/09 20:25:21 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50524, Process: ybeq.exe)
2012/05/09 20:25:21 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50527, Process: ybeq.exe)
2012/05/09 20:25:29 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50528, Process: ybeq.exe)
2012/05/09 20:25:29 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50529, Process: ybeq.exe)
2012/05/09 20:25:29 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50530, Process: ybeq.exe)
2012/05/09 20:25:29 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50531, Process: ybeq.exe)
2012/05/09 20:25:29 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50532, Process: ybeq.exe)
2012/05/09 20:25:29 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50533, Process: ybeq.exe)
2012/05/09 20:25:29 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50534, Process: ybeq.exe)
2012/05/09 20:25:29 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50535, Process: ybeq.exe)
2012/05/09 20:25:29 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50536, Process: ybeq.exe)
2012/05/09 20:25:29 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50537, Process: ybeq.exe)
2012/05/09 20:25:37 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50538, Process: ybeq.exe)
2012/05/09 20:25:37 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50539, Process: ybeq.exe)
2012/05/09 20:25:37 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50540, Process: ybeq.exe)
2012/05/09 20:25:37 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50541, Process: ybeq.exe)
2012/05/09 20:25:37 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50542, Process: ybeq.exe)
2012/05/09 20:25:37 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50543, Process: ybeq.exe)
2012/05/09 20:25:37 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50546, Process: ybeq.exe)
2012/05/09 20:25:37 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50547, Process: ybeq.exe)
2012/05/09 20:25:37 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50548, Process: ybeq.exe)
2012/05/09 20:25:37 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50549, Process: ybeq.exe)
2012/05/09 20:25:45 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50550, Process: ybeq.exe)
2012/05/09 20:25:45 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50551, Process: ybeq.exe)
2012/05/09 20:25:45 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50552, Process: ybeq.exe)
2012/05/09 20:25:45 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50553, Process: ybeq.exe)
2012/05/09 20:25:53 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50554, Process: ybeq.exe)
2012/05/09 20:25:53 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50555, Process: ybeq.exe)
2012/05/09 20:25:53 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50556, Process: ybeq.exe)
2012/05/09 20:25:53 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50557, Process: ybeq.exe)
2012/05/09 20:25:53 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50558, Process: ybeq.exe)
2012/05/09 20:25:53 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50559, Process: ybeq.exe)
2012/05/09 20:25:53 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50560, Process: ybeq.exe)
2012/05/09 20:25:53 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50561, Process: ybeq.exe)
2012/05/09 20:25:53 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50562, Process: ybeq.exe)
2012/05/09 20:25:53 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50563, Process: ybeq.exe)
2012/05/09 20:25:53 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50564, Process: ybeq.exe)
2012/05/09 20:25:53 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50565, Process: ybeq.exe)
2012/05/09 20:26:01 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50566, Process: ybeq.exe)
2012/05/09 20:26:01 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50567, Process: ybeq.exe)
2012/05/09 20:26:01 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50568, Process: ybeq.exe)
2012/05/09 20:26:01 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50569, Process: ybeq.exe)
2012/05/09 20:26:09 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50571, Process: ybeq.exe)
2012/05/09 20:26:09 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50572, Process: ybeq.exe)
2012/05/09 20:26:09 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50574, Process: ybeq.exe)
2012/05/09 20:26:09 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50573, Process: ybeq.exe)
2012/05/09 20:26:09 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50576, Process: ybeq.exe)
2012/05/09 20:26:09 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50575, Process: ybeq.exe)
2012/05/09 20:26:09 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50577, Process: ybeq.exe)
2012/05/09 20:26:17 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50578, Process: ybeq.exe)
2012/05/09 20:26:17 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50579, Process: ybeq.exe)
2012/05/09 20:26:17 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50580, Process: ybeq.exe)
2012/05/09 20:26:17 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50581, Process: ybeq.exe)
2012/05/09 20:26:25 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50582, Process: ybeq.exe)
2012/05/09 20:26:25 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50583, Process: ybeq.exe)
2012/05/09 20:31:45 +0100 TOM-PC Tom MESSAGE Starting protection
2012/05/09 20:31:49 +0100 TOM-PC Tom MESSAGE Protection started successfully
2012/05/09 20:31:52 +0100 TOM-PC Tom MESSAGE Starting IP protection
2012/05/09 20:31:54 +0100 TOM-PC Tom MESSAGE IP Protection started successfully
2012/05/09 20:55:14 +0100 TOM-PC Tom MESSAGE Starting protection
2012/05/09 20:55:16 +0100 TOM-PC Tom MESSAGE Protection started successfully
2012/05/09 20:55:19 +0100 TOM-PC Tom MESSAGE Starting IP protection
2012/05/09 20:55:20 +0100 TOM-PC Tom MESSAGE IP Protection started successfully
2012/05/09 21:29:22 +0100 TOM-PC Tom IP-BLOCK 89.28.119.167 (Type: incoming, Port: 47771, Process: svchost.exe)


Remember please that it is only 121.10.114.101 and 60.191.186.52 that have attacked recently (2012-05-12)

[TomDuffus]

OTL.txt

OTL logfile created on: 5/12/2012 2:46:18 PM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Tom\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.90 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 33.37% Memory free
7.79 Gb Paging File | 5.17 Gb Available in Paging File | 66.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446.13 Gb Total Space | 72.83 Gb Free Space | 16.32% Space Free | Partition Type: NTFS

Computer Name: TOM-PC | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/12 14:44:19 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe
PRC - [2012/05/06 13:11:30 | 000,932,528 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/04/25 17:05:49 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/04/21 23:41:43 | 000,489,256 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/07 00:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/07 00:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/02/29 01:41:19 | 000,076,888 | ---- | M] () -- C:\WINDOWS\SysWOW64\PnkBstrA.exe
PRC - [2012/02/09 18:31:53 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/06 19:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 17:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 17:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 19:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2010/12/21 00:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/21 00:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/12/17 16:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2010/08/18 21:43:38 | 000,463,912 | R--- | M] (Ericsson AB) -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
PRC - [2010/05/04 18:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010/02/28 03:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE


========== Modules (No Company Name) ==========

MOD - [2012/05/10 10:30:51 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012/05/10 10:10:54 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/10 10:10:27 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07f019692c382d588d3c6cb2da2a9ec5\PresentationFramework.ni.dll
MOD - [2012/05/10 10:10:15 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012/05/10 10:10:09 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012/05/10 10:10:05 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2d1fd350e9bc62ce659e5cbcfd555796\PresentationCore.ni.dll
MOD - [2012/05/10 10:09:56 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/10 10:09:51 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/10 10:09:48 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/10 10:09:47 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/10 10:09:41 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/05/06 13:11:30 | 000,932,528 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012/04/25 17:05:49 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/04/21 23:41:43 | 000,214,528 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\mssvoice.asi
MOD - [2012/04/21 23:41:43 | 000,095,744 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\mssmp3.asi
MOD - [2012/04/21 23:41:42 | 020,297,512 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/04/21 23:41:40 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/04/21 23:41:40 | 000,907,048 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/04/21 23:41:40 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/04/21 23:41:40 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/02/09 18:34:42 | 008,527,008 | ---- | M] () -- C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/08/18 17:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2010/12/17 16:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2010/02/28 03:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/07 00:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/09/08 18:48:36 | 006,583,160 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2011/09/08 18:48:36 | 000,528,760 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV:64bit: - [2010/12/17 20:41:32 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV:64bit: - [2010/12/17 20:28:46 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/12/17 20:26:50 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV:64bit: - [2010/11/29 21:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel®
SRV:64bit: - [2010/09/23 00:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/18 03:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/04/25 17:05:50 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/22 11:58:06 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2012/04/21 23:41:43 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/29 01:41:19 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/02/21 00:26:32 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2011/10/15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/18 17:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/12/21 00:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/12/21 00:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/11/25 11:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 11:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/08/26 02:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/08/18 21:43:38 | 000,463,912 | R--- | M] (Ericsson AB) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe -- (WMCoreService)
SRV - [2010/05/04 18:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2010/03/18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/07 00:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/03/07 00:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/03/07 00:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/03/07 00:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/03/07 00:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/03/07 00:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/09 23:22:23 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/10/15 09:53:00 | 000,249,152 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\nvkflt.sys -- (nvkflt)
DRV:64bit: - [2011/10/15 09:53:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/08 18:49:36 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2011/09/08 18:49:26 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2011/09/08 18:49:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2011/09/03 14:45:34 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/09/03 14:45:34 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/05/17 15:27:54 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2011/05/17 15:27:52 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/05/17 15:27:50 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/03/26 10:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/02/17 02:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/02/10 23:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 23:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/01/20 17:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2011/01/13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/22 10:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2010/12/17 18:06:32 | 001,404,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/12/15 18:02:04 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010/12/13 18:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010/12/12 15:18:36 | 000,121,960 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2010/11/29 21:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/10/15 17:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/08/20 19:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010/07/30 23:42:12 | 000,274,984 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\WwanUsbMp64.sys -- (WwanUsbServ)
DRV:64bit: - [2010/07/13 03:38:06 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\qicflt.sys -- (qicflt)
DRV:64bit: - [2010/06/24 19:53:38 | 000,060,968 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\d554scard.sys -- (d554scard)
DRV:64bit: - [2010/04/27 19:02:50 | 000,468,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Mbm3Mdm.sys -- (Mbm3Mdm)
DRV:64bit: - [2010/04/27 19:02:50 | 000,416,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Mbm3DevMt.sys -- (Mbm3DevMt) Dell Wireless HSPA Mini-Card Device Management Driver (WDM)
DRV:64bit: - [2010/04/27 19:02:50 | 000,378,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Mbm3CBus.sys -- (Mbm3CBus) Dell Wireless HSPA Mini-Card Device (WDM)
DRV:64bit: - [2010/04/27 19:02:50 | 000,019,528 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Mbm3mdfl.sys -- (Mbm3mdfl)
DRV:64bit: - [2010/03/19 09:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/03/03 20:30:30 | 000,030,248 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\wwussf64.sys -- (ecnssndisfltr)
DRV:64bit: - [2010/03/03 20:30:30 | 000,026,664 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\wwuss64.sys -- (ecnssndis)
DRV:64bit: - [2010/02/27 08:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/01/26 05:18:20 | 000,096,296 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\d554gps64.sys -- (d554gps)
DRV:64bit: - [2009/08/13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 18:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {06B98E07-FE91-4C9D-B521-2C89367A164A}
IE:64bit: - HKLM\..\SearchScopes\{06B98E07-FE91-4C9D-B521-2C89367A164A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {06B98E07-FE91-4C9D-B521-2C89367A164A}
IE - HKLM\..\SearchScopes\{06B98E07-FE91-4C9D-B521-2C89367A164A}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4234593452-1771345588-371266355-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3072253
IE - HKU\S-1-5-21-4234593452-1771345588-371266355-1001\..\SearchScopes,DefaultScope = {06B98E07-FE91-4C9D-B521-2C89367A164A}
IE - HKU\S-1-5-21-4234593452-1771345588-371266355-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentControl2 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "about:home"


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@perfectworld.com/npPlayNowPlugin: C:\Perfect World Entertainment\CORE Client\Plugins\npCorePluginFF.dll (Perfect World Entertainment Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/05/09 20:54:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/25 17:05:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/02/09 18:29:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Extensions
[2012/05/07 03:36:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\c0owf9iu.default\extensions
[2012/04/29 22:30:11 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\c0owf9iu.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012/04/18 00:39:24 | 000,000,935 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\c0owf9iu.default\searchplugins\conduit.xml
[2012/04/17 16:48:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/17 16:48:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/09 20:54:29 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/04/20 18:53:55 | 000,377,615 | ---- | M] () (No name found) -- C:\USERS\TOM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C0OWF9IU.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
[2012/04/25 17:05:49 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/10/14 04:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2012/04/25 17:05:48 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/14 11:28:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/25 17:05:48 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/04/25 17:05:48 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/04/25 17:05:50 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/04/25 17:05:48 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - Extension: YouTube = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: avast! WebRep = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: uTorrentControl2 = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\
CHR - Extension: Gmail = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/05/11 17:02:51 | 000,000,027 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (CorePluginIEBHO Class) - {13FA2453-9287-4F18-8554-976D7C02F4EE} - C:\Perfect World Entertainment\CORE Client\plugins\CorePluginIE.dll (Perfect World Entertainment Inc)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [EKAIO2StatusMonitor] C:\WINDOWS\SysNative\spool\drivers\x64\3\EKAiO2MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKU\S-1-5-21-4234593452-1771345588-371266355-1001..\Run: [Spotify Web Helper] C:\Users\Tom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-21-4234593452-1771345588-371266355-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4234593452-1771345588-371266355-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4234593452-1771345588-371266355-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 109.246.166.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9ED863F9-95D4-4443-86E1-DD2F685CBB27}: DhcpNameServer = 109.246.166.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\WINDOWS\System32\nvinitx.dll) - C:\WINDOWS\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\SysWOW64\nvinit.dll) - C:\WINDOWS\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/12 14:44:05 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe
[2012/05/11 17:02:55 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/05/11 16:50:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/11 16:50:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/11 16:50:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/11 16:50:03 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/11 16:49:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/11 14:06:31 | 000,000,000 | ---D | C] -- C:\Users\Tom\Desktop\Stuff for viruses
[2012/05/09 20:55:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/05/09 20:54:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/05/09 20:54:39 | 000,337,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/05/09 20:54:39 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/05/09 20:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/05/09 20:54:38 | 000,819,032 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/05/09 20:54:38 | 000,059,224 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/05/09 20:54:38 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/05/09 20:54:37 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/05/09 20:54:37 | 000,069,976 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/05/09 20:54:21 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/05/09 20:54:21 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/05/09 20:54:13 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/05/09 20:54:13 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/05/09 20:12:28 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/05/09 19:47:40 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Malwarebytes
[2012/05/09 19:47:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/09 19:47:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/09 19:47:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/09 19:16:27 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Fortress 2012
[2012/05/09 19:13:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/05/09 19:13:03 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{9B961FC4-9A02-11E1-826E-B8AC6F996F26}
[2012/05/09 19:12:27 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\WMDRM
[2012/05/09 19:12:20 | 000,000,000 | ---D | C] -- C:\ProgramData\B7E858A700002A1E00015AE6B4EB2367
[2012/05/09 17:47:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/05/08 11:58:51 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{3674938C-1EA0-4C16-9441-8CFBA13A2DB6}
[2012/05/07 23:03:26 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Ygyhm
[2012/05/07 23:03:26 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Oruki
[2012/05/07 20:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft
[2012/05/07 19:54:48 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\My Battle for Middle-earth™ II Files
[2012/05/07 19:54:17 | 000,000,000 | ---D | C] -- C:\Users\Tom\SC-1.15.2-enGB
[2012/05/07 18:48:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2012/05/07 15:46:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Starcraft
[2012/05/07 10:54:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lighthouse Interactive
[2012/05/07 10:52:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lighthouse Interactive
[2012/05/07 03:32:21 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Google
[2012/05/07 03:32:19 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\CRE
[2012/05/07 03:32:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012/05/07 03:32:07 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Conduit
[2012/05/07 03:31:06 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\uTorrent
[2012/05/06 13:32:39 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{678AE895-1519-4689-B621-600A470E16A8}
[2012/05/06 13:32:29 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{3FBF73F7-E400-49A6-97F7-8AB8CD969B33}
[2012/05/06 13:31:36 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/05/06 13:24:11 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{654BADDC-EBF1-41A9-A7BC-43C757F330D4}
[2012/05/06 13:23:49 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{B9C1FF48-E67B-476A-BF35-E4DF58AA256F}
[2012/05/06 00:58:00 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MekTek.net
[2012/05/06 00:39:33 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\Savage 2 - A Tortured Soul
[2012/05/05 18:23:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Savage 2
[2012/05/05 18:16:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Savage2
[2012/04/29 21:47:38 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{3FCB9FC0-29B0-401C-9145-D1F843980277}
[2012/04/29 00:51:26 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\EMULATORS
[2012/04/29 00:50:25 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\project64 1.6
[2012/04/28 20:17:05 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\signal studios
[2012/04/28 01:24:09 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\BladesOfTimeDemo
[2012/04/28 00:28:02 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\SniperV2 Demo
[2012/04/27 01:42:59 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\AquaNox2
[2012/04/27 01:42:59 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\AquaNox2
[2012/04/27 01:33:44 | 000,140,800 | ---- | C] (The Duck Corporation) -- C:\Windows\SysWow64\tm20dec.ax
[2012/04/27 01:33:37 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Heavy Gear 2 Demo
[2012/04/27 01:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heavy Gear 2 Demo
[2012/04/27 01:33:35 | 000,151,292 | ---- | C] (Extreme Audio Reality, Inc.) -- C:\Windows\SysWow64\earpds.dll
[2012/04/27 01:25:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JoWooD
[2012/04/26 21:22:03 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Trine2
[2012/04/26 20:53:38 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\Games for Windows - LIVE Demos
[2012/04/26 20:42:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2012/04/26 09:49:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\directx
[2012/04/25 17:05:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/04/25 17:05:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/04/24 10:21:48 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\.inapptracking
[2012/04/23 18:22:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\id Software
[2012/04/23 18:22:37 | 000,000,000 | ---D | C] -- C:\ProgramData\id Software
[2012/04/23 18:00:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2012/04/23 17:20:52 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{E0ED27EB-C330-4FD6-9FDB-5B9FF5F08C0F}
[2012/04/23 17:20:29 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{4236FDD7-1ADD-45EF-AA8D-E569ABA5494B}
[2012/04/22 14:01:33 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{543B58CB-B3D6-4113-A296-EF8B0B92CE86}
[2012/04/22 11:59:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix
[2012/04/22 11:58:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2012/04/22 11:57:51 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Citrix
[2012/04/21 01:44:18 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{04D87311-4C4C-4D23-8810-CF337DA1A402}
[2012/04/21 01:44:07 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{F23A3158-62B0-4A7B-B6C4-A953DC61F28C}
[2012/04/20 22:52:41 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{C5764A61-EE46-4EEF-A34F-8502A42F169B}
[2012/04/20 15:40:26 | 000,000,000 | ---D | C] -- C:\Users\Tom\Desktop\New folder
[2012/04/17 17:42:32 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Reallusion
[2012/04/17 17:41:58 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\InstallShield
[2012/04/17 16:53:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
[2012/04/17 16:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/04/17 16:48:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/12 14:44:19 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe
[2012/05/12 14:04:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/11 21:04:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/11 17:17:28 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/11 17:17:28 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/11 17:09:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/11 17:09:18 | 3137,994,752 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/11 17:02:51 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/05/10 10:03:44 | 000,319,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/10 09:42:59 | 000,794,946 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/10 09:42:59 | 000,657,062 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/10 09:42:59 | 000,125,544 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/10 01:02:04 | 000,000,784 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/09 20:55:58 | 000,002,257 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/05/09 20:55:58 | 000,002,241 | ---- | M] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/05/09 20:54:39 | 000,001,803 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/05/09 20:54:37 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/05/09 20:12:36 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/08 12:29:21 | 000,002,110 | ---- | M] () -- C:\Users\Tom\Desktop\Unit Tester.lnk
[2012/05/08 00:12:16 | 000,002,050 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft - Brood War.lnk
[2012/05/07 18:49:24 | 000,002,347 | ---- | M] () -- C:\Users\Public\Desktop\The Battle for Middle-earth ™ II.lnk
[2012/05/07 10:54:52 | 000,001,104 | ---- | M] () -- C:\Users\Public\Desktop\SunAge.lnk
[2012/05/07 03:31:56 | 000,000,969 | ---- | M] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/05/06 14:31:44 | 000,991,816 | ---- | M] () -- C:\Users\Tom\Desktop\final engine.mp3
[2012/05/06 01:31:59 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/05/05 18:33:54 | 000,001,867 | ---- | M] () -- C:\Users\Tom\Desktop\Savage 2.lnk
[2012/05/01 22:30:01 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2012/05/01 21:00:49 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/04/29 13:13:23 | 000,000,918 | ---- | M] () -- C:\Users\Tom\Desktop\Jnes.lnk
[2012/04/29 00:52:36 | 000,007,466 | ---- | M] () -- C:\Users\Tom\Desktop\SNES 9X.lnk
[2012/04/29 00:52:30 | 000,001,986 | ---- | M] () -- C:\Users\Tom\Desktop\Project64 1.6.lnk
[2012/04/20 23:25:24 | 002,060,119 | ---- | M] () -- C:\Users\Tom\Desktop\engine_33.mp3
[2012/04/20 23:16:34 | 000,033,792 | R--- | M] () -- C:\Users\Tom\Desktop\airbrake.mp3
[2012/04/17 16:48:22 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/11 16:50:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/11 16:50:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/11 16:50:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/11 16:50:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/11 16:50:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/09 20:55:58 | 000,002,257 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/05/09 20:55:58 | 000,002,241 | ---- | C] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/05/09 20:54:48 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/09 20:54:43 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/09 20:54:39 | 000,001,803 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/05/09 20:54:37 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/05/09 20:12:36 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/08 12:28:43 | 000,002,110 | ---- | C] () -- C:\Users\Tom\Desktop\Unit Tester.lnk
[2012/05/07 20:19:28 | 000,002,050 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft - Brood War.lnk
[2012/05/07 18:49:24 | 000,002,347 | ---- | C] () -- C:\Users\Public\Desktop\The Battle for Middle-earth ™ II.lnk
[2012/05/07 10:54:52 | 000,001,104 | ---- | C] () -- C:\Users\Public\Desktop\SunAge.lnk
[2012/05/07 03:31:56 | 000,000,969 | ---- | C] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/05/06 14:31:43 | 000,991,816 | ---- | C] () -- C:\Users\Tom\Desktop\final engine.mp3
[2012/05/06 13:30:38 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/05/06 01:31:59 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/05/05 18:33:32 | 000,001,867 | ---- | C] () -- C:\Users\Tom\Desktop\Savage 2.lnk
[2012/05/01 21:00:33 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2012/04/29 13:13:23 | 000,000,918 | ---- | C] () -- C:\Users\Tom\Desktop\Jnes.lnk
[2012/04/29 00:50:38 | 000,001,986 | ---- | C] () -- C:\Users\Tom\Desktop\Project64 1.6.lnk
[2012/04/27 01:33:39 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2012/04/27 01:33:39 | 000,005,672 | ---- | C] () -- C:\Windows\SysWow64\quartz.vxd
[2012/04/20 23:25:23 | 002,060,119 | ---- | C] () -- C:\Users\Tom\Desktop\engine_33.mp3
[2012/04/20 23:16:36 | 000,033,792 | R--- | C] () -- C:\Users\Tom\Desktop\airbrake.mp3
[2012/04/17 16:48:22 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/03/18 15:57:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2012/03/10 16:52:07 | 000,019,063 | ---- | C] () -- C:\Windows\War3Unin.dat
[2012/03/03 16:57:19 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2012/02/29 14:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/02/21 00:45:37 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/02/10 01:35:50 | 000,298,016 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/02/10 01:35:34 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/02/10 01:35:33 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/03 14:28:16 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/09/03 14:27:28 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/09/03 14:27:25 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/09/03 14:27:23 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/02/10 17:10:51 | 000,788,116 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== LOP Check ==========

[2012/03/28 00:32:21 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\.minecraft
[2012/02/09 18:53:02 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Ambient Design
[2012/05/06 14:31:48 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Audacity
[2012/03/03 01:42:01 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\BigHugeEngine
[2012/02/10 00:15:24 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\CoreClient
[2012/05/10 01:06:12 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\DAEMON Tools Lite
[2012/02/25 14:21:26 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Day 1 Studios
[2012/02/09 18:23:18 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Fingertapps
[2012/03/10 16:51:12 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\GetRightToGo
[2012/02/15 22:25:47 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\ImTOO Software Studio
[2012/03/08 19:13:41 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Kornner Studios
[2012/05/07 20:00:46 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\My Battle for Middle-earth™ II Files
[2012/02/21 20:54:36 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Nitro PDF
[2012/02/21 20:52:55 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\OpenCandy
[2012/05/09 20:30:40 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Oruki
[2012/02/10 17:03:34 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\PCDr
[2012/02/22 02:51:48 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\PrimoPDF
[2012/03/21 00:41:09 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\RIFT
[2012/02/21 14:33:18 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\RotMG.Production
[2012/05/06 01:19:18 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\SoftGrid Client
[2012/02/11 23:31:06 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Spore
[2012/05/10 22:11:58 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Spotify
[2012/02/18 23:27:46 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\TP
[2012/04/26 21:22:03 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Trine2
[2012/03/27 00:12:11 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Tropico 4 Demo
[2012/05/10 01:06:12 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\uTorrent
[2012/02/24 14:26:53 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Wacom
[2012/02/24 14:27:46 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2012/02/24 23:35:26 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Warsow 0.6
[2012/05/09 20:09:17 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Ygyhm
[2012/05/01 22:30:01 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2012/05/01 21:00:49 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/05/10 10:03:48 | 000,032,642 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/02/26 11:02:29 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



< End of report >

[TomDuffus]

Extras.txt


OTL Extras logfile created on: 5/12/2012 2:46:18 PM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Tom\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.90 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 33.37% Memory free
7.79 Gb Paging File | 5.17 Gb Available in Paging File | 66.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446.13 Gb Total Space | 72.83 Gb Free Space | 16.32% Space Free | Partition Type: NTFS

Computer Name: TOM-PC | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-4234593452-1771345588-371266355-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{27AC80A7-9FB0-461B-9353-4AA3D20A2A33}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{652C8069-C5DB-4A77-8646-80B52990FC4A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{6C2CC718-AD5F-4659-B3F1-78CCE9AC80B6}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{C01FB91E-6BA5-482D-93F9-58917EFF3785}" = lport=9700 | protocol=6 | dir=in | name=syncup_tcp_9700 |
"{C55C9C56-6311-4848-9320-211DBBCCDBAB}" = lport=9702 | protocol=6 | dir=in | name=syncup_tcp_9702 |
"{EA78AF46-A8B9-4C2D-95FB-1E7EFC0CC513}" = lport=9701 | protocol=6 | dir=in | name=syncup_tcp_9701 |
"{F1297D72-E104-428A-B76D-AC75FAFD37EC}" = lport=9700 | protocol=17 | dir=in | name=syncup_udp_9700 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01653520-5121-40FA-96ED-F5120B1D02BE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
"{025CC9CE-839E-4661-91F7-535AF6CCB3D1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer 3 tiberium wars\support\ea help\electronic_arts_technical_support.htm |
"{03B80368-16E8-47F9-AA64-6F5C034C0AAE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space 2\deadspace2.exe |
"{03E71F34-8287-411B-8FAA-6F6D3A3B63C7}" = protocol=6 | dir=in | app=c:\users\tom\appdata\roaming\spotify\spotify.exe |
"{0481E027-A6CE-4970-94BC-F1A63F3D080C}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{05A55B78-FC84-482E-A350-E262F0450A5F}" = dir=in | app=c:\gpotato.eu\allods online\bin\launcher.exe |
"{0676564E-B5FA-447B-9AC7-3A01108C8539}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sniper elite v2 demo\bin\sniperelitev2demo.exe |
"{07B779C3-D9CE-4B86-A8E3-B7BA0D28335A}" = dir=in | name=chinese hacker block |
"{08193A14-F746-437F-8FD8-B61CF29570D0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer 3 tiberium wars\support\ea help\electronic_arts_technical_support.htm |
"{12684F77-8D12-4651-A621-ABB4FC24C37E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{137EEEA7-B45A-4672-B667-90ACB839DEB9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\splintercell chaos theory\system\splintercell3.exe |
"{13967EE8-350B-4868-ACCA-4DBFB80178D2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jedi academy\gamedata\jamp.exe |
"{14FD3D3A-8FE5-459A-B83A-ABBCED3F2145}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\enemy territory quake wars\etqw.exe |
"{15E0F8CD-4CE1-49C4-A983-EFCA4EB95022}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer 3 tiberium wars\cnc3.exe |
"{1ABCACC7-8B41-4AB1-A8F5-5C50FF37F7CF}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{20A9D30B-7749-44E8-9BC4-D89EBCDCE14C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{21947D51-5F7E-4E61-906E-44B700A56702}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\battleforge.exe |
"{21E561B8-BDFE-451B-9A1C-5A263F93FEF6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\from dust\from_dust.exe |
"{2336A7E1-92C3-476C-8CBD-95A73A1E3761}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{26F46DF5-F405-4B55-8A88-B4490735CE0B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\monday night combat\binaries\win32\mnc.exe |
"{292D5AD6-A4AE-4C31-BD8F-E967CBB1EB62}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{29796DEC-3024-4A6D-A97A-94A804CF3B63}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\enemy territory quake wars\etqw.exe |
"{2A05D386-FDD4-4908-A408-1D7E2395B5FF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warhammer 40,000 space marine\spacemarine.exe |
"{2BB899C4-F353-4AC3-9ACD-D4713CBAE943}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spore\support\ea help\electronic_arts_technical_support.htm |
"{2D68E1B6-6D93-4C80-8D9F-837308CFA833}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
"{303825F5-4B78-494A-8FDE-341D2CDC748E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\section 8 prejudice\s9.exe |
"{30AD7461-EC30-4747-921E-0BB43C07AE11}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires online\aoeonline.exe |
"{363F1234-9E01-48B1-92EE-217C7AA1DFD6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jedi academy\gamedata\jasp.exe |
"{3B521995-F1EF-472A-BE28-2B7C4A93892E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warhammer 40,000 space marine\spacemarine.exe |
"{405DEB5C-C7E0-4D33-8BB6-65BC05C8FB58}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{45AFEE84-6D03-4E03-8947-57908BD12027}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ridge racer unbounded demo\rru_demo.exe |
"{47FD616D-7D39-4EA0-80AA-04D5A75C4BE3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\monday night combat\binaries\win32\mnc.exe |
"{482C9226-BA54-41FC-9D2C-8B8D4995DAE9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chrome\chrome.exe |
"{483D540D-B05E-47D8-8296-6B8816F075D8}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\the battle for middle-earth ™ ii\game.dat |
"{4EFD97C8-C2D8-4BE2-84FB-5D44DB3BCC52}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{5444354F-1B33-4542-98E7-D94848786C4C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brink\brink.exe |
"{55E0116F-6E57-4658-BCA2-208CEEB7440A}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5E77A7DA-4941-451A-80CD-E8947A12AAC3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space 2\support\ea help\electronic_arts_technical_support.htm |
"{5F7A51E3-45F0-4F23-B07B-70F42950C5CE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oddworld munchs oddysee\bin\launcher.exe |
"{5FF3F22E-1BF7-41AC-B6C9-C29B2C018713}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{6302AC7D-8BC6-4C43-AF45-19185F08E4F4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{65C01A3D-F56F-4E63-9402-D530795011C3}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\battleforge.exe |
"{717C014F-9CA5-4C84-B377-E61D4C690ADD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{72863997-0E31-4990-A6F5-69DC5A3ACA2A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe |
"{729B5301-DA81-473A-BA07-2307BA851BF0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jedi academy\gamedata\jasp.exe |
"{763A911F-A414-4F6B-B214-147F7BE6A95B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe |
"{789CAF6C-4787-4B71-B45E-697559908C33}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wars battlefront ii\gamedata\battlefrontii.exe |
"{7B9E1168-6098-4E98-BE31-553F8E32FF2A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rayman origins demo\rayman origins.exe |
"{7F32B3A0-D95F-4B29-9C26-FCD3A8599F7F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stranger's wrath\launcher.exe |
"{81D2612E-85FB-4E6D-8F6F-C043007461BB}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\the battle for middle-earth ™ ii\game.dat |
"{82E79986-456F-421A-8721-F7FAE68B62FB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lost planet 2\launcher.exe |
"{8713BCF7-4E93-4390-8B31-B0841B02A582}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{89CAC78D-8579-4538-B454-7E24E2DCEADD}" = protocol=17 | dir=in | app=c:\users\tom\appdata\roaming\spotify\spotify.exe |
"{8B89709E-536D-4470-8274-C25B5EAC3085}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rayman origins demo\rayman origins.exe |
"{8DD2C1F0-695B-4DC6-851B-F9A68C9D4329}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\bootstrapper.exe |
"{8F8A4C49-D37E-4073-B194-F02E4058EB8C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{8FE5B104-E103-4518-9839-27EEB37DFF0D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warlock - master of the arcane demo\game.exe |
"{9140AEED-BF1B-4DB0-8920-815C7E4BB6B8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe |
"{94BA6267-25A5-483B-A92B-40314ACC8927}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\splintercell chaos theory\system\splintercell3.exe |
"{95E51338-88BA-4E44-8635-997EF5FB5E2F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jedi academy\gamedata\jamp.exe |
"{9798A6D1-E164-41EF-875F-9481796B9DF1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{97B06929-6F84-476B-8492-3EDFA71B6BAC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war soulstorm\soulstorm.exe |
"{991F55F9-3977-4DA1-846E-4FA50270A143}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe |
"{9A5C9709-DFDD-435B-9C60-BD846650B615}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sniper elite v2 demo\bin\sniperelitev2demo.exe |
"{9D14291C-6C32-4D77-AADB-DB952BD8C688}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\doom 3\doom3.exe |
"{A16D3D14-4422-485A-8412-0707B7BD3190}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brink\brink.exe |
"{A3D7B301-C26D-44A5-91CB-DFA20F495C0F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires online\aoeonline.exe |
"{A4AD5E5D-3D8A-4FE3-9D7F-2DCD98FF142F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{A57D10FA-21F4-479B-93B7-7EC0890D8742}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rage\rage.exe |
"{A95DD91B-713E-4D3E-9FCB-006D828B3F19}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wars the force unleashed\swtfu launcher.exe |
"{AAA728E0-1EDD-43D1-8785-EB2B90A66E32}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{AB90F889-FB8C-40EB-9F73-6069BD58CD4B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer 3 tiberium wars\cnc3.exe |
"{AFC21861-40E2-4E8F-908B-EABE3D616D86}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations\sonicgenerations.exe |
"{B3C785D0-EA09-423D-9FBD-1900D44A70BB}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B4C7640D-EC54-4771-9DFF-C71E502E4D2B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
"{B567FC68-D18B-43FA-8E0E-B287332540B1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\from dust\from_dust.exe |
"{B5B6DCBB-3AA6-4C5B-8C47-EF708EA89BFD}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{B76B76A1-C883-41DF-A884-500AFAF91F6B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oddworld munchs oddysee\bin\launcher.exe |
"{BE5AD1BC-FBEE-46E6-97C9-21622DEB96C4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\doom 3\doom3.exe |
"{C195FF5E-FA2D-4602-8009-DF3311A7C4BC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wars battlefront ii\gamedata\battlefrontii.exe |
"{C2200BD0-5C7A-4FDC-8713-7871D40B1DD2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rage\rage.exe |
"{C85263FD-D165-4264-BDA7-56FFDA8D7023}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{C8D55B4B-EEC3-4F0C-8E41-DC063FD5B668}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war soulstorm\soulstorm.exe |
"{CB7C7850-56F5-43B7-9652-C3DB9A889557}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{CB7EB583-3475-41CB-BA9F-F42CD35D0352}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{CD4A36C2-DD90-40B4-BC8D-186DF072924D}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\bootstrapper.exe |
"{CEBBD460-97F7-4570-A805-7C266C2ADF30}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe |
"{D2847841-693A-46AA-895A-0C11C926DFA2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space 2\deadspace2.exe |
"{D50E87A1-02DF-40A4-9B0C-B9FF999C0C3A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe |
"{D6CF493A-2A1C-4F28-9AE4-A9278A1DDA7D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chrome specforce\specforce.exe |
"{D796AB61-9723-4A01-BF90-87C0CF02E0AB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lost planet 2\launcher.exe |
"{D8D78353-C32A-4243-9F6D-7FF0935B35D1}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{DA315ACD-61B8-4A56-A4B4-53A47769E3DB}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{DCFAEF8E-5C2B-4EDC-98B1-F0481C0AE876}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations\configurationtool.exe |
"{DF70BB7A-2BDD-49C5-A900-6B86446E5DF8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spore\support\ea help\electronic_arts_technical_support.htm |
"{E23BCAFB-774F-41D7-8D0B-B5DFCA47C219}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\section 8 prejudice\s9.exe |
"{E24F43FD-9FE2-412A-8B38-92FA05C7D556}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stranger's wrath\launcher.exe |
"{E6B547FD-EE20-4521-BC17-2B1735F2315D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chrome\chrome.exe |
"{E9205DAE-9264-4C04-AEFD-0BBFA66886E6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations\configurationtool.exe |
"{E96E0F6B-E283-4BF7-8C56-A15B8DBF5B05}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{EB0856B5-5A82-426F-BC3C-1978AE079D3B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{EC387B0A-0131-480C-B8E3-9AC85A77F436}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space 2\support\ea help\electronic_arts_technical_support.htm |
"{EDD17514-BADB-49DD-9077-D215BC69CB24}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ridge racer unbounded demo\rru_demo.exe |
"{EF964451-DA26-459D-B3C1-98A2A4C60DDD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warlock - master of the arcane demo\game.exe |
"{F14124A2-0C37-4A25-963E-4388A9589ADC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe |
"{F2C63BBC-E35E-411E-851B-6CE19E80F06B}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
"{F4393E5A-02C8-408A-903F-5A23746EFB1E}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{F7B3552C-5E1A-414C-9C98-B2F2BA5B777A}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{F882589F-E5C7-403D-B86A-14FA49771F54}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations\sonicgenerations.exe |
"{F88400FC-47CE-4205-9FE6-B29437498EDB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe |
"{FA7E82F4-44FB-4BA9-8B6A-EC4C6C6746E6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wars the force unleashed\swtfu launcher.exe |
"{FAA984E9-7EE1-43A6-96E9-322E8D20468C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chrome specforce\specforce.exe |
"TCP Query User{74DFC217-8B42-4C09-BCFC-D5DAC10A749E}C:\program files (x86)\lighthouse interactive\sunage\sunage.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lighthouse interactive\sunage\sunage.exe |
"UDP Query User{E133C55C-95CB-4322-982A-BFE25C9C92BF}C:\program files (x86)\lighthouse interactive\sunage\sunage.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lighthouse interactive\sunage\sunage.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java™ 6 Update 24 (64-bit)
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display
"{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel® PROSet/Wireless WiFi Software
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel® Turbo Boost Technology Monitor 2.0
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"CCleaner" = CCleaner
"Dell Support Center" = Dell Support Center
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Pen Tablet Driver" = Bamboo
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.10 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DD706AF-B542-438C-999E-B30C7F625C8D}" = Intel® WiDi
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{12766F00-807F-4978-8D24-FDD0A3D60EE4}" = ArtRage 2
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{23EEC842-57ED-4055-A056-9D4185DFB1AA}" = Dell Mobile Broadband Manager
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth ™ II
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}" = Tribes Ascend Open Beta
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}" = SyncUP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6583D00E-0924-4950-8BE9-5D09FE70B333}" = MTX
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{7A625369-34A4-4D62-9165-2EFCFA41DA1D}" = CORE Client
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}" = Dell MusicStage
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D583F01-A973-4B04-90BD-FB7886779090}" = Dell Wireless HSPA Mini-Card Drivers
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B42A6552-1A83-4D79-9137-AB0C9036249A}" = Quake Live Mozilla Plugin
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0DD6BC5-B569-4081-8EF3-D0A689B1A3E7}" = OpenSauce for Halo CE
"{D2883AB6-09B4-4981-AAF8-E695411EEC9A}" = Sculptris Alpha 6
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92C9CCE-E5F0-4125-977A-0590F3225B74}" = SyncUP
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DB97CB5A-82B2-4FB1-9E5E-C03661A1482A}" = Blacklight Retribution
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}" = Dell Stage
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"AstrumNival Allods" = Allods Online 3.0.00.50
"Audacity_is1" = Audacity 2.0
"avast" = avast! Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dell Webcam Central" = Dell Webcam Central
"Evolva_is1" = Evolva
"Fraps" = Fraps
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist Corporate
"Ground Control II_is1" = Ground Control II
"Halo CE" = Microsoft Halo Custom Edition
"Homeworld2" = Homeworld2
"InstallShield_{D2883AB6-09B4-4981-AAF8-E695411EEC9A}" = Sculptris Alpha 6
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"LAME_is1" = LAME v3.99.3 (for Windows)
"Magic Carpet_is1" = Magic Carpet
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Firefox 12.0 (x86 en-GB)" = Mozilla Firefox 12.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"OpenAL" = OpenAL
"Populous: The Beginning" = Populous: The Beginning
"PunkBusterSvc" = PunkBuster Services
"Savage 2 2.1.0.5" = Savage 2
"StarCraft" = StarCraft
"Steam App 10000" = Enemy Territory: Quake Wars
"Steam App 105430" = Age of Empires Online
"Steam App 105450" = Age of Empires® III: Complete Collection
"Steam App 107100" = Bastion
"Steam App 1250" = Killing Floor
"Steam App 15740" = Oddworld: Munch's Oddysee
"Steam App 15750" = Oddworld: Stranger's Wrath
"Steam App 17390" = Spore
"Steam App 200900" = Cave Story+
"Steam App 203970" = Kingdoms of Amalur: Reckoning Demo
"Steam App 207510" = Rayman Origins Demo
"Steam App 209040" = Ridge Racer™ Unbounded Demo
"Steam App 210470" = Sniper Elite V2 Demo
"Steam App 210840" = Warlock - Master of the Arcane Demo
"Steam App 21100" = F.E.A.R. 3
"Steam App 22350" = Brink
"Steam App 24790" = Command and Conquer 3: Tiberium Wars
"Steam App 33460" = From Dust
"Steam App 35720" = Trine 2
"Steam App 40100" = Supreme Commander 2
"Steam App 4560" = Company of Heroes
"Steam App 45750" = Lost Planet 2
"Steam App 46420" = Chrome
"Steam App 46430" = Chrome: Specforce
"Steam App 47780" = Dead Space 2
"Steam App 550" = Left 4 Dead 2
"Steam App 55150" = Warhammer 40,000 Space Marine
"Steam App 6020" = Star Wars Jedi Knight: Jedi Academy
"Steam App 6060" = Star Wars - Battlefront II
"Steam App 620" = Portal 2
"Steam App 63200" = Monday Night Combat
"Steam App 71340" = Sonic Generations
"Steam App 9050" = DOOM 3
"Steam App 9200" = RAGE
"Steam App 9450" = Warhammer 40,000: Dawn of War – Soulstorm
"Steam App 97100" = Section 8: Prejudice
"Steam App 99900" = Spiral Knights
"SunAge_is1" = Sunage
"uTorrent" = µTorrent
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"Warcraft III" = Warcraft III
"WinLiveSuite" = Windows Live Essentials
"ZinioReader4" = Zinio Reader 4

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4234593452-1771345588-371266355-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Spotify" = Spotify

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/29/2012 1:08:47 PM | Computer Name = Tom-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\Steam\steamapps\common\enemy
territory quake wars\serverlauncher.exe".Error in manifest or policy file "" on
line . A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 4/30/2012 7:46:12 PM | Computer Name = Tom-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/1/2012 4:21:10 AM | Computer Name = Tom-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/1/2012 5:07:29 AM | Computer Name = Tom-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\Steam\steamapps\common\enemy
territory quake wars\serverlauncher.exe".Error in manifest or policy file "" on
line . A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 5/1/2012 3:09:19 PM | Computer Name = Tom-PC | Source = Application Error | ID = 1000
Description = Faulting application name: McSvHost.exe, version: 2.0.230.0, time
stamp: 0x4d41ff46 Faulting module name: mpfsvc.dll, version: 12.0.351.0, time stamp:
0x4f6b9fc2 Exception code: 0xc0000005 Fault offset: 0x000000000004fddc Faulting process
id: 0x11b8 Faulting application start time: 0x01cd27735601bafd Faulting application
path: C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe Faulting module
path: c:\PROGRA~1\mcafee\mpf\mpfsvc.dll Report Id: 268818bf-93c1-11e1-90cf-028037ec0200

Error - 5/2/2012 4:24:49 PM | Computer Name = Tom-PC | Source = Application Error | ID = 1000
Description = Faulting application name: McSvHost.exe, version: 2.0.230.0, time
stamp: 0x4d41ff46 Faulting module name: mpfsvc.dll, version: 12.0.351.0, time stamp:
0x4f6b9fc2 Exception code: 0xc0000005 Fault offset: 0x000000000004fddc Faulting process
id: 0xed4 Faulting application start time: 0x01cd27ce108afef0 Faulting application
path: C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe Faulting module
path: c:\PROGRA~1\mcafee\mpf\mpfsvc.dll Report Id: dce9a550-9494-11e1-90cf-028037ec0200

Error - 5/2/2012 6:12:29 PM | Computer Name = Tom-PC | Source = Application Error | ID = 1000
Description = Faulting application name: McSvHost.exe, version: 2.0.230.0, time
stamp: 0x4d41ff46 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec4aa8e Exception code: 0xc0000374 Fault offset: 0x00000000000c40f2 Faulting
process id: 0x1210 Faulting application start time: 0x01cd28a1c3f91d29 Faulting application
path: C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe Faulting module
path: C:\Windows\SYSTEM32\ntdll.dll Report Id: e763c44c-94a3-11e1-90cf-028037ec0200

Error - 5/2/2012 6:19:41 PM | Computer Name = Tom-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/3/2012 4:06:57 AM | Computer Name = Tom-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/3/2012 4:17:36 AM | Computer Name = Tom-PC | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: HTTP status 304: The server's response was not valid. The
server was not following the defined protocol. Resume the job, and then Background
Intelligent Transfer Service (BITS) will try again.

[ System Events ]
Error - 5/11/2012 12:48:25 PM | Computer Name = Tom-PC | Source = NetBT | ID = 4321
Description = The name "TOM-PC :0" could not be registered on the interface
with IP address 109.246.166.193. The computer with the IP address 109.246.166.31
did not allow the name to be claimed by this computer.

Error - 5/11/2012 3:57:08 PM | Computer Name = Tom-PC | Source = NetBT | ID = 4321
Description = The name "TOM-PC :0" could not be registered on the interface
with IP address 109.246.166.193. The computer with the IP address 109.246.166.31
did not allow the name to be claimed by this computer.

Error - 5/11/2012 3:57:08 PM | Computer Name = Tom-PC | Source = NetBT | ID = 4321
Description = The name "TOM-PC :0" could not be registered on the interface
with IP address 109.246.166.193. The computer with the IP address 109.246.166.31
did not allow the name to be claimed by this computer.

Error - 5/12/2012 8:51:00 AM | Computer Name = Tom-PC | Source = NetBT | ID = 4321
Description = The name "TOM-PC :0" could not be registered on the interface
with IP address 109.246.166.193. The computer with the IP address 109.246.166.31
did not allow the name to be claimed by this computer.

Error - 5/12/2012 8:51:06 AM | Computer Name = Tom-PC | Source = NetBT | ID = 4321
Description = The name "TOM-PC :0" could not be registered on the interface
with IP address 109.246.166.193. The computer with the IP address 109.246.166.31
did not allow the name to be claimed by this computer.

Error - 5/12/2012 8:53:16 AM | Computer Name = Tom-PC | Source = NetBT | ID = 4321
Description = The name "TOM-PC :0" could not be registered on the interface
with IP address 109.246.166.193. The computer with the IP address 109.246.166.31
did not allow the name to be claimed by this computer.

Error - 5/12/2012 8:53:21 AM | Computer Name = Tom-PC | Source = NetBT | ID = 4321
Description = The name "TOM-PC :0" could not be registered on the interface
with IP address 109.246.166.193. The computer with the IP address 109.246.166.31
did not allow the name to be claimed by this computer.

Error - 5/12/2012 8:53:26 AM | Computer Name = Tom-PC | Source = NetBT | ID = 4321
Description = The name "TOM-PC :0" could not be registered on the interface
with IP address 109.246.166.193. The computer with the IP address 109.246.166.31
did not allow the name to be claimed by this computer.

Error - 5/12/2012 8:53:33 AM | Computer Name = Tom-PC | Source = NetBT | ID = 4321
Description = The name "TOM-PC :0" could not be registered on the interface
with IP address 109.246.166.193. The computer with the IP address 109.246.166.31
did not allow the name to be claimed by this computer.

Error - 5/12/2012 8:53:48 AM | Computer Name = Tom-PC | Source = NetBT | ID = 4321
Description = The name "TOM-PC :0" could not be registered on the interface
with IP address 109.246.166.193. The computer with the IP address 109.246.166.31
did not allow the name to be claimed by this computer.


< End of report >