Sign in to follow this  
Followers 0
TomDuffus

Malwarebytes blocking incoming connection to svchost.exe - scans pick up nothing

47 posts in this topic

I traced the IP of whatever was trying to get into svchost.exe (malwarebytes was blocking it every couple of hours) and its some adress in china. Nothing has gotten into my laptop (it was infected a few days prior to this by Smartfortress 2012) but Malwarebytes managed to clean that up (or so I hope). Now I just really want to make sure that its totally gone, and that svchost isn't infected or anything, because obviously I can't delete it. Many thanks!

-Tom

I also ran SFC in command prompt incase it found svchost to be corrupted and replaced it with the original file, but it doesn't catch anything. I've done multiple scans (full, quick) using malwarebytes, mcaffee (now uninstalled) and avast! (now installed), as well as TDSSkiller and all have failed to find anything at all- totally clean. I've even run them all on windows\system32 (where svchost is located) alone, and still they never report any problems with svchost- if it really ISN'T infected, why the hourly incoming things from the chinese IP? Malwarebytes is still blocking them, so I bought the pro version to ensure I didn't lose the real-time scanning.

Share this post


Link to post
Share on other sites

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs.

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!)

Post back the report.

MrC

Share this post


Link to post
Share on other sites

This is the DDS log:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Tom at 14:01:20 on 2012-05-11

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3990.1986 [GMT 1:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Tablet\Pen\Pen_TouchService.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\Dwm.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Tablet\Pen\Pen_TouchUser.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Tablet\Pen\Pen_Tablet.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\WINDOWS\System32\igfxtray.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\igfxpers.exe

C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\spool\drivers\x64\3\EKAiO2MUI.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Users\Tom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Nero\Update\NASvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\ctfmon.exe

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3072253

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: CorePluginIEBHO Class: {13fa2453-9287-4f18-8554-976d7c02f4ee} - C:\Perfect World Entertainment\CORE Client\Plugins\CorePluginIE.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [spotify Web Helper] "C:\Users\Tom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [<NO NAME>]

mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

TCP: DhcpNameServer = 109.246.166.1

TCP: Interfaces\{9ED863F9-95D4-4443-86E1-DD2F685CBB27} : DhcpNameServer = 109.246.166.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll

BHO-X64: CorePluginIEBHO Class: {13FA2453-9287-4F18-8554-976D7C02F4EE} - C:\Perfect World Entertainment\CORE Client\Plugins\CorePluginIE.dll

BHO-X64: CorePluginIEBHO - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [(Default)]

mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\c0owf9iu.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - about:home

FF - plugin: C:\Perfect World Entertainment\CORE Client\Plugins\npCorePluginFF.dll

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll

FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

============= SERVICES / DRIVERS ===============

.

P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-3-24 8704]

R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R1 nvkflt;nvkflt;C:\Windows\system32\DRIVERS\nvkflt.sys --> C:\Windows\system32\DRIVERS\nvkflt.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-9-3 98208]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-5-9 44768]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-9 654408]

R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]

R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-26 2823000]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-9-3 1692480]

R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2012-2-9 6583160]

R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2012-2-9 528760]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-3 2656280]

R2 WMCoreService;Mobile Broadband Service;C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode --> C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode [?]

R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]

R3 d554scard;Dell Wireless 5540 HSPA Mini-Card USIM Port;C:\Windows\system32\DRIVERS\d554scard.sys --> C:\Windows\system32\DRIVERS\d554scard.sys [?]

R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R3 ecnssndis;Service for enabling selective suspend to NDIS device;C:\Windows\system32\Drivers\wwuss64.sys --> C:\Windows\system32\Drivers\wwuss64.sys [?]

R3 ecnssndisfltr;SSNDIS filter service;C:\Windows\system32\Drivers\wwussf64.sys --> C:\Windows\system32\Drivers\wwussf64.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 iwdbus;IWD Bus Enumerator;C:\Windows\system32\DRIVERS\iwdbus.sys --> C:\Windows\system32\DRIVERS\iwdbus.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 Mbm3CBus;Dell Wireless HSPA Mini-Card Device (WDM);C:\Windows\system32\DRIVERS\Mbm3CBus.sys --> C:\Windows\system32\DRIVERS\Mbm3CBus.sys [?]

R3 Mbm3DevMt;Dell Wireless HSPA Mini-Card Device Management Driver (WDM);C:\Windows\system32\DRIVERS\Mbm3DevMt.sys --> C:\Windows\system32\DRIVERS\Mbm3DevMt.sys [?]

R3 Mbm3mdfl;Dell Wireless HSPA Mini-Card Modem Filter;C:\Windows\system32\DRIVERS\Mbm3mdfl.sys --> C:\Windows\system32\DRIVERS\Mbm3mdfl.sys [?]

R3 Mbm3Mdm;Dell Wireless HSPA Mini-Card Modem Driver;C:\Windows\system32\DRIVERS\Mbm3Mdm.sys --> C:\Windows\system32\DRIVERS\Mbm3Mdm.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 qicflt;upper Device Filter Driver;C:\Windows\system32\DRIVERS\qicflt.sys --> C:\Windows\system32\DRIVERS\qicflt.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]

R3 WwanUsbServ;Ericsson WWAN Wireless Module Device Driver;C:\Windows\system32\DRIVERS\WwanUsbMp64.sys --> C:\Windows\system32\DRIVERS\WwanUsbMp64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-9 136176]

S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-9-3 2253120]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]

S3 d554gps;Dell Wireless HSPA Mini-Card GPS Port;C:\Windows\system32\drivers\d554gps64.sys --> C:\Windows\system32\drivers\d554gps64.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-9 136176]

S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]

S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys --> C:\Windows\system32\drivers\intelaud.sys [?]

S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 129976]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]

S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\system32\drivers\nvstusb.sys --> C:\Windows\system32\drivers\nvstusb.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]

.

=============== Created Last 30 ================

.

2073-10-27 10:55:34 2404352 ----a-w- C:\Program Files (x86)\Microsoft Games\Halo Custom Edition\haloce.exe

2073-10-27 10:55:34 1835008 ----a-w- C:\Program Files (x86)\Microsoft Games\Halo Custom Edition\haloceded.exe

2073-10-27 10:55:34 1118208 ----a-w- C:\Program Files (x86)\Microsoft Games\Halo Custom Edition\Strings.dll

2012-05-11 09:00:15 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0AF98FE7-830A-4FF8-82E7-418B7340C2CA}\offreg.dll

2012-05-11 08:40:28 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0AF98FE7-830A-4FF8-82E7-418B7340C2CA}\mpengine.dll

2012-05-09 19:54:38 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2012-05-09 19:54:38 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2012-05-09 19:54:37 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2012-05-09 19:54:21 41184 ----a-w- C:\Windows\avastSS.scr

2012-05-09 19:54:13 -------- d-----w- C:\ProgramData\AVAST Software

2012-05-09 19:54:13 -------- d-----w- C:\Program Files\AVAST Software

2012-05-09 19:50:51 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-05-09 19:12:28 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-05-09 18:47:40 -------- d-----w- C:\Users\Tom\AppData\Roaming\Malwarebytes

2012-05-09 18:47:34 -------- d-----w- C:\ProgramData\Malwarebytes

2012-05-09 18:47:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-05-09 18:13:03 -------- d-----w- C:\Users\Tom\AppData\Local\{9B961FC4-9A02-11E1-826E-B8AC6F996F26}

2012-05-09 18:12:27 -------- d-----w- C:\Users\Tom\AppData\Local\WMDRM

2012-05-09 18:12:20 -------- d-----w- C:\ProgramData\B7E858A700002A1E00015AE6B4EB2367

2012-05-08 10:58:51 -------- d-----w- C:\Users\Tom\AppData\Local\{3674938C-1EA0-4C16-9441-8CFBA13A2DB6}

2012-05-07 22:03:26 -------- d-----w- C:\Users\Tom\AppData\Roaming\Ygyhm

2012-05-07 22:03:26 -------- d-----w- C:\Users\Tom\AppData\Roaming\Oruki

2012-05-07 22:03:26 -------- d-----w- C:\Users\Tom\AppData\Roaming\Kowuur

2012-05-07 18:54:48 -------- d-----w- C:\Users\Tom\AppData\Roaming\My Battle for Middle-earth II Files

2012-05-07 18:54:17 -------- d-----w- C:\Users\Tom\SC-1.15.2-enGB

2012-05-07 14:46:17 -------- d-----w- C:\Program Files (x86)\Starcraft

2012-05-07 09:52:30 -------- d-----w- C:\Program Files (x86)\Lighthouse Interactive

2012-05-07 02:32:21 -------- d-----w- C:\Users\Tom\AppData\Local\Google

2012-05-07 02:32:19 -------- d-----w- C:\Users\Tom\AppData\Local\CRE

2012-05-07 02:32:13 -------- d-----w- C:\Program Files (x86)\Conduit

2012-05-07 02:32:07 -------- d-----w- C:\Users\Tom\AppData\Local\Conduit

2012-05-07 02:31:06 -------- d-----w- C:\Users\Tom\AppData\Roaming\uTorrent

2012-05-06 12:32:39 -------- d-----w- C:\Users\Tom\AppData\Local\{678AE895-1519-4689-B621-600A470E16A8}

2012-05-06 12:32:29 -------- d-----w- C:\Users\Tom\AppData\Local\{3FBF73F7-E400-49A6-97F7-8AB8CD969B33}

2012-05-06 12:31:36 -------- d-----w- C:\Windows\en

2012-05-06 12:26:51 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\838417791cd2b8303\MeshBetaRemover.exe

2012-05-06 12:26:50 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8316ae0f1cd2b8302\DSETUP.dll

2012-05-06 12:26:50 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8316ae0f1cd2b8302\DXSETUP.exe

2012-05-06 12:26:50 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8316ae0f1cd2b8302\dsetup32.dll

2012-05-06 12:24:11 -------- d-----w- C:\Users\Tom\AppData\Local\{654BADDC-EBF1-41A9-A7BC-43C757F330D4}

2012-05-06 12:23:49 -------- d-----w- C:\Users\Tom\AppData\Local\{B9C1FF48-E67B-476A-BF35-E4DF58AA256F}

2012-05-05 17:16:49 -------- d-----w- C:\Program Files (x86)\Savage2

2012-04-29 20:47:38 -------- d-----w- C:\Users\Tom\AppData\Local\{3FCB9FC0-29B0-401C-9145-D1F843980277}

2012-04-28 23:50:24 40960 ----a-r- C:\Users\Tom\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe

2012-04-28 23:50:24 40960 ----a-r- C:\Users\Tom\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe

2012-04-28 19:17:05 -------- d-----w- C:\Users\Tom\AppData\Local\signal studios

2012-04-28 00:24:09 -------- d-----w- C:\Users\Tom\AppData\Local\BladesOfTimeDemo

2012-04-27 23:28:02 -------- d-----w- C:\Users\Tom\AppData\Local\SniperV2 Demo

2012-04-27 00:42:59 -------- d-----w- C:\Users\Tom\AppData\Local\AquaNox2

2012-04-26 20:22:03 -------- d-----w- C:\Users\Tom\AppData\Roaming\Trine2

2012-04-26 08:49:26 -------- d-----w- C:\Program Files (x86)\directx

2012-04-25 16:05:51 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service

2012-04-25 16:05:50 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe

2012-04-25 16:05:50 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe

2012-04-25 00:27:09 0 ----a-w- C:\Windows\SysWow64\sho6723.tmp

2012-04-24 09:21:48 -------- d-----w- C:\Users\Tom\AppData\Local\.inapptracking

2012-04-23 17:22:37 -------- d-----w- C:\ProgramData\id Software

2012-04-23 17:00:39 -------- d-----w- C:\Windows\SysWow64\Adobe

2012-04-23 16:20:52 -------- d-----w- C:\Users\Tom\AppData\Local\{E0ED27EB-C330-4FD6-9FDB-5B9FF5F08C0F}

2012-04-23 16:20:29 -------- d-----w- C:\Users\Tom\AppData\Local\{4236FDD7-1ADD-45EF-AA8D-E569ABA5494B}

2012-04-22 13:01:33 -------- d-----w- C:\Users\Tom\AppData\Local\{543B58CB-B3D6-4113-A296-EF8B0B92CE86}

2012-04-22 10:59:14 -------- d-----w- C:\ProgramData\Citrix

2012-04-22 10:58:12 -------- d-----w- C:\Program Files (x86)\Citrix

2012-04-22 10:57:51 -------- d-----w- C:\Users\Tom\AppData\Local\Citrix

2012-04-21 00:44:18 -------- d-----w- C:\Users\Tom\AppData\Local\{04D87311-4C4C-4D23-8810-CF337DA1A402}

2012-04-21 00:44:07 -------- d-----w- C:\Users\Tom\AppData\Local\{F23A3158-62B0-4A7B-B6C4-A953DC61F28C}

2012-04-20 21:52:41 -------- d-----w- C:\Users\Tom\AppData\Local\{C5764A61-EE46-4EEF-A34F-8502A42F169B}

2012-04-17 02:00:26 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-04-17 02:00:25 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-04-17 02:00:25 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-04-17 02:00:25 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-04-17 02:00:25 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-04-17 02:00:25 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-04-17 02:00:25 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-04-11 21:46:54 -------- d-----w- C:\ProgramData\Solidshield

2012-04-11 21:19:47 -------- d-----w- C:\Users\Tom\AppData\Local\Ubisoft

2012-04-11 20:58:37 -------- d-----w- C:\Users\Tom\AppData\Local\THQ

.

==================== Find3M ====================

.

2012-04-27 00:33:37 4608 ----a-w- C:\Windows\SysWow64\w95inf32.dll

2012-04-27 00:33:37 2272 ----a-w- C:\Windows\SysWow64\w95inf16.dll

2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys

2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-03-24 23:09:18 0 ----a-w- C:\Windows\SysWow64\shoDA88.tmp

2012-03-24 00:06:43 298016 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-03-24 00:06:43 298016 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-03-24 00:02:15 281408 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys

2012-03-10 15:52:06 2829 ----a-w- C:\Windows\War3Unin.pif

2012-03-10 15:52:06 126976 ----a-w- C:\Windows\War3Unin.exe

2012-03-08 17:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll

2012-03-08 17:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR

2012-03-03 22:41:47 419840 ----a-w- C:\Windows\System32\wrap_oal.dll

2012-03-03 22:41:47 413696 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2012-03-03 22:41:47 133632 ----a-w- C:\Windows\System32\OpenAL32.dll

2012-03-03 22:41:46 110592 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2012-03-03 06:35:38 1544704 ----a-w- C:\Windows\System32\DWrite.dll

2012-03-03 05:31:19 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-02-29 13:26:56 416064 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2012-02-29 00:41:19 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2012-02-28 23:01:15 3130440 ----a-w- C:\Windows\SysWow64\pbsvc_blr.exe

2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll

2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-02-23 09:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-02-20 23:45:37 2250024 ----a-w- C:\Windows\SysWow64\pbsvc.exe

2012-02-19 02:16:59 0 ----a-w- C:\Windows\SysWow64\shoEC95.tmp

2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

.

============= FINISH: 14:01:51.18 ===============

And this is the Attatch one:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 09/02/2012 17:20:10

System Uptime: 11/05/2012 09:35:06 (5 hours ago)

.

Motherboard: Dell Inc. | | 0YR8NN

Processor: Intel® Core i5-2410M CPU @ 2.30GHz | CPU | 2277/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 446 GiB total, 77.071 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP138: 10/05/2012 03:34:31 - Scheduled Checkpoint

RP139: 10/05/2012 09:37:11 - Windows Update

RP140: 10/05/2012 22:17:25 - Installed DirectX

.

==== Installed Programs ======================

.

AccelerometerP11

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.3) MUI

Adobe Shockwave Player 11.6

Advanced Audio FX Engine

Age of Empires Online

Age of Empires® III: Complete Collection

Akamai NetSession Interface

Allods Online 3.0.00.50

ArtRage 2

µTorrent

Audacity 2.0

avast! Free Antivirus

Bastion

BattleForge™

Blacklight Retribution

Brink

Cave Story+

Chrome

Chrome: Specforce

Command and Conquer 3: Tiberium Wars

Company of Heroes

CORE Client

D3DX10

DAEMON Tools Lite

Dead Space 2

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell DataSafe Online

Dell Getting Started Guide

Dell Mobile Broadband Manager

Dell MusicStage

Dell PhotoStage

Dell Stage

Dell VideoStage

Dell Webcam Central

Dell Wireless HSPA Mini-Card Drivers

DirectX 9 Runtime

DOOM 3

eBay

Enemy Territory: Quake Wars

Evolva

F.E.A.R. 3

Fraps

From Dust

Google Chrome

Google Update Helper

GoToAssist Corporate

Ground Control II

Hi-Rez Studios Authenticate and Update Service

High-Definition Video Playback

Homeworld2

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® WiDi

Java Auto Updater

Java 6 Update 24

Junk Mail filter update

Kingdoms of Amalur: Reckoning Demo

LAME v3.99.3 (for Windows)

Left 4 Dead 2

Lost Planet 2

Magic Carpet

Malwarebytes Anti-Malware version 1.61.0.1400

Mesh Runtime

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Halo Custom Edition

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft XNA Framework Redistributable 3.1

Monday Night Combat

Mozilla Firefox 12.0 (x86 en-GB)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MTX

Nero 10 Movie ThemePack Basic

Nero Control Center 10

Nero ControlCenter 10 Help (CHM)

Nero Core Components 10

Nero Update

NirSoft BlueScreenView

NVIDIA PhysX

Oddworld: Munch's Oddysee

Oddworld: Stranger's Wrath

OpenAL

OpenSauce for Halo CE

Pando Media Booster

PhotoShowExpress

PlayReady PC Runtime x86

Populous: The Beginning

Portal 2

Project64 1.6

PunkBuster Services

Quake Live Mozilla Plugin

RAGE

Rayman Origins Demo

Realtek High Definition Audio Driver

Ridge Racer™ Unbounded Demo

Roxio Activation Module

Roxio BackOnTrack

Roxio Burn

Roxio Creator Starter

Roxio Express Labeler 3

Savage 2

Sculptris Alpha 6

Section 8: Prejudice

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Skype Click to Call

Skype™ 5.8

Sniper Elite V2 Demo

Sonic CinePlayer Decoder Pack

Sonic Generations

Spiral Knights

Spore

Spotify

Star Wars - Battlefront II

Star Wars Jedi Knight: Jedi Academy

StarCraft

Steam

Sunage

Supreme Commander 2

swMSM

SyncUP

The Battle for Middle-earth II

Tribes Ascend Open Beta

Trine 2

Ubisoft Game Launcher

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Warcraft III

Warhammer 40,000 Space Marine

Warhammer 40,000: Dawn of War – Soulstorm

Warlock - Master of the Arcane Demo

WebTablet FB Plugin

WebTablet IE Plugin

WebTablet Netscape Plugin

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Zinio Reader 4

.

==== Event Viewer Messages From Past Week ========

.

11/05/2012 09:38:29, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: unknown user name or bad password. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

11/05/2012 09:38:29, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

11/05/2012 09:36:20, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{9ED863F9-95D4-4443-86E1-DD2F685CBB27} because another computer on the network has the same name. The server could not start.

11/05/2012 09:36:18, Error: NetBT [4321] - The name "TOM-PC :20" could not be registered on the interface with IP address 109.246.166.193. The computer with the IP address 109.246.166.31 did not allow the name to be claimed by this computer.

11/05/2012 09:35:33, Error: NetBT [4321] - The name "TOM-PC :0" could not be registered on the interface with IP address 109.246.166.193. The computer with the IP address 109.246.166.31 did not allow the name to be claimed by this computer.

10/05/2012 10:05:35, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

10/05/2012 02:07:07, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

10/05/2012 02:07:07, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

10/05/2012 02:07:02, Error: Service Control Manager [7034] - The Hi-Rez Studios Authenticate and Update Service service terminated unexpectedly. It has done this 1 time(s).

10/05/2012 02:06:18, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 87

10/05/2012 00:44:11, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

09/05/2012 20:31:05, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024809

09/05/2012 19:55:54, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

09/05/2012 19:55:52, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

09/05/2012 19:55:51, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.

09/05/2012 19:55:51, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

09/05/2012 19:46:02, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

09/05/2012 19:44:30, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

09/05/2012 19:42:19, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21

09/05/2012 19:42:12, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

09/05/2012 19:42:12, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

09/05/2012 19:42:08, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

09/05/2012 19:42:00, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6

09/05/2012 19:42:00, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

09/05/2012 19:41:59, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

09/05/2012 19:41:59, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.

09/05/2012 18:54:09, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..

08/05/2012 21:58:32, Error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

08/05/2012 21:58:32, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

08/05/2012 21:58:32, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

08/05/2012 21:58:32, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

08/05/2012 21:58:32, Error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

08/05/2012 21:58:32, Error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

08/05/2012 20:19:59, Error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

08/05/2012 20:19:59, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

08/05/2012 20:19:59, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

08/05/2012 20:19:59, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

08/05/2012 20:19:59, Error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

08/05/2012 20:19:59, Error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

08/05/2012 09:41:28, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 0, function 1. Please contact your system vendor for technical assistance.

07/05/2012 14:57:05, Error: Service Control Manager [7034] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 3 time(s).

07/05/2012 14:57:05, Error: Service Control Manager [7034] - The McAfee Services service terminated unexpectedly. It has done this 3 time(s).

07/05/2012 14:57:05, Error: Service Control Manager [7034] - The McAfee Proxy Service service terminated unexpectedly. It has done this 3 time(s).

07/05/2012 14:57:05, Error: Service Control Manager [7034] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 3 time(s).

07/05/2012 14:57:05, Error: Service Control Manager [7034] - The McAfee Network Agent service terminated unexpectedly. It has done this 3 time(s).

07/05/2012 14:57:05, Error: Service Control Manager [7034] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 3 time(s).

06/05/2012 01:26:15, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.

06/05/2012 01:26:15, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running.

06/05/2012 01:26:15, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.

06/05/2012 01:26:15, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running.

06/05/2012 01:25:15, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.

06/05/2012 01:24:15, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

06/05/2012 01:24:15, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

06/05/2012 01:24:15, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

06/05/2012 01:24:15, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

06/05/2012 01:24:15, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

06/05/2012 01:24:15, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

06/05/2012 01:24:15, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

06/05/2012 01:24:15, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

06/05/2012 01:24:15, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

06/05/2012 01:24:15, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

06/05/2012 01:24:15, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

06/05/2012 01:24:15, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

06/05/2012 00:57:43, Error: volsnap [67] - The shadow copy of volume C: being created failed to install.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Here is the report from roguekiller:

RogueKiller V7.4.4 [05/08/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Tom [Admin rights]

Mode: Scan -- Date: 05/11/2012 14:08:43

¤¤¤ Bad processes: 1 ¤¤¤

[sUSP PATH] SpotifyWebHelper.exe -- C:\Users\Tom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 5 ¤¤¤

[sUSP PATH] HKCU\[...]\Run : Spotify Web Helper ("C:\Users\Tom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe") -> FOUND

[RANDOMNAME] HKLM\[...]\Run : EKAIO2StatusMonitor (C:\Windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe) -> FOUND

[sUSP PATH] HKUS\S-1-5-21-4234593452-1771345588-371266355-1001[...]\Run : Spotify Web Helper ("C:\Users\Tom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe") -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500423AS +++++

--- User ---

[MBR] 281aa41ad73f5ab1c550ca2ccc1bd049

[bSP] 0d9bdc844c4d286fe0b40717de6e9b3f : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 212992 | Size: 20000 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41172992 | Size: 456835 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

Share this post


Link to post
Share on other sites

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:

If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Share this post


Link to post
Share on other sites

Okay, I'll run that now. Also, the address of the IP that keeps contacting my svchost.exe is 60.191.186.52 if thats any use? Not sure if it is, but its there anyway. It's always been that same IP for days. Anyway, I'll go and run combofix. Should I disable Malwarebytes? Its the only thing keeping that IP out, so I'm not sure what to do if it tries to get in whilst it's disabled for this scan?

Share this post


Link to post
Share on other sites

You can keep it enabled, but if ComboFix alerts you about it, then disable it and just disconnect from the internet.

MrC

Share this post


Link to post
Share on other sites

ComboFix 12-05-11.02 - Tom 11/05/2012 16:52:06.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3990.1733 [GMT 1:00]

Running from: c:\users\Tom\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\program files (x86)\INSTALL.LOG

c:\programdata\Roaming

c:\users\Tom\AppData\Local\.#

c:\users\Tom\AppData\Roaming\Kowuur

c:\users\Tom\AppData\Roaming\Kowuur\ycovo.ehu

.

.

((((((((((((((((((((((((( Files Created from 2012-04-11 to 2012-05-11 )))))))))))))))))))))))))))))))

.

.

2073-10-27 10:55 . 2009-10-03 18:32 1118208 ----a-w- c:\program files (x86)\Microsoft Games\Halo Custom Edition\Strings.dll

2073-10-27 10:55 . 2009-10-03 18:32 1835008 ----a-w- c:\program files (x86)\Microsoft Games\Halo Custom Edition\haloceded.exe

2073-10-27 10:55 . 2009-10-03 18:31 2404352 ----a-w- c:\program files (x86)\Microsoft Games\Halo Custom Edition\haloce.exe

2012-05-11 08:40 . 2012-04-18 02:03 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0AF98FE7-830A-4FF8-82E7-418B7340C2CA}\mpengine.dll

2012-05-09 19:54 . 2012-05-09 19:55 -------- d-----w- c:\program files (x86)\Google

2012-05-09 19:54 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-05-09 19:54 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-05-09 19:54 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-05-09 19:54 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-05-09 19:54 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-05-09 19:54 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe

2012-05-09 19:54 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-05-09 19:54 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr

2012-05-09 19:54 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-05-09 19:54 . 2012-05-09 19:54 -------- d-----w- c:\programdata\AVAST Software

2012-05-09 19:54 . 2012-05-09 19:54 -------- d-----w- c:\program files\AVAST Software

2012-05-09 19:12 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-09 18:47 . 2012-05-09 18:47 -------- d-----w- c:\users\Tom\AppData\Roaming\Malwarebytes

2012-05-09 18:47 . 2012-05-09 19:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-05-09 18:47 . 2012-05-09 18:47 -------- d-----w- c:\programdata\Malwarebytes

2012-05-09 18:13 . 2012-05-09 18:13 -------- d-----w- c:\windows\system32\Macromed

2012-05-09 18:13 . 2012-05-09 18:13 -------- d-----w- c:\users\Tom\AppData\Local\{9B961FC4-9A02-11E1-826E-B8AC6F996F26}

2012-05-09 18:12 . 2012-05-09 18:51 -------- d-----w- c:\users\Tom\AppData\Local\WMDRM

2012-05-09 18:12 . 2012-05-09 18:12 -------- d-----w- c:\programdata\B7E858A700002A1E00015AE6B4EB2367

2012-05-07 22:03 . 2012-05-09 19:30 -------- d-----w- c:\users\Tom\AppData\Roaming\Oruki

2012-05-07 22:03 . 2012-05-09 19:09 -------- d-----w- c:\users\Tom\AppData\Roaming\Ygyhm

2012-05-07 18:54 . 2012-05-07 19:00 -------- d-----w- c:\users\Tom\AppData\Roaming\My Battle for Middle-earth II Files

2012-05-07 18:54 . 2012-05-07 19:15 -------- d-----w- c:\users\Tom\SC-1.15.2-enGB

2012-05-07 14:46 . 2012-05-08 11:56 -------- d-----w- c:\program files (x86)\Starcraft

2012-05-07 09:52 . 2012-05-07 09:52 -------- d-----w- c:\program files (x86)\Lighthouse Interactive

2012-05-07 02:32 . 2012-05-09 19:54 -------- d-----w- c:\users\Tom\AppData\Local\Google

2012-05-07 02:32 . 2012-05-07 02:32 -------- d-----w- c:\users\Tom\AppData\Local\CRE

2012-05-07 02:32 . 2012-05-07 02:32 -------- d-----w- c:\program files (x86)\Conduit

2012-05-07 02:32 . 2012-05-10 00:09 -------- d-----w- c:\users\Tom\AppData\Local\Conduit

2012-05-07 02:31 . 2012-05-10 00:06 -------- d-----w- c:\users\Tom\AppData\Roaming\uTorrent

2012-05-06 12:31 . 2012-05-06 12:31 -------- d-----w- c:\windows\en

2012-05-06 12:26 . 2012-05-06 12:26 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\838417791cd2b8303\MeshBetaRemover.exe

2012-05-06 12:26 . 2012-05-06 12:26 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8316ae0f1cd2b8302\DSETUP.dll

2012-05-06 12:26 . 2012-05-06 12:26 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8316ae0f1cd2b8302\DXSETUP.exe

2012-05-06 12:26 . 2012-05-06 12:26 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8316ae0f1cd2b8302\dsetup32.dll

2012-05-05 17:16 . 2012-05-05 17:32 -------- d-----w- c:\program files (x86)\Savage2

2012-04-28 23:50 . 2012-04-28 23:50 40960 ----a-r- c:\users\Tom\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe

2012-04-28 23:50 . 2012-04-28 23:50 40960 ----a-r- c:\users\Tom\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe

2012-04-28 19:17 . 2012-04-28 19:17 -------- d-----w- c:\users\Tom\AppData\Local\signal studios

2012-04-28 00:24 . 2012-04-28 00:24 -------- d-----w- c:\users\Tom\AppData\Local\BladesOfTimeDemo

2012-04-27 23:28 . 2012-04-27 23:28 -------- d-----w- c:\users\Tom\AppData\Local\SniperV2 Demo

2012-04-27 00:42 . 2012-04-27 00:49 -------- d-----w- c:\users\Tom\AppData\Local\AquaNox2

2012-04-26 20:22 . 2012-04-26 20:22 -------- d-----w- c:\users\Tom\AppData\Roaming\Trine2

2012-04-26 08:49 . 2012-04-26 08:49 -------- d-----w- c:\program files (x86)\directx

2012-04-25 16:05 . 2012-04-25 16:05 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2012-04-25 16:05 . 2012-04-25 16:05 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe

2012-04-25 16:05 . 2012-04-25 16:05 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe

2012-04-25 00:27 . 2012-04-25 00:27 0 ----a-w- c:\windows\SysWow64\sho6723.tmp

2012-04-24 09:21 . 2012-04-24 09:21 -------- d-----w- c:\users\Tom\AppData\Local\.inapptracking

2012-04-23 17:22 . 2012-04-23 17:22 -------- d-----w- c:\programdata\id Software

2012-04-23 17:00 . 2012-04-23 17:01 -------- d-----w- c:\windows\SysWow64\Adobe

2012-04-22 10:59 . 2012-04-22 10:59 -------- d-----w- c:\programdata\Citrix

2012-04-22 10:58 . 2012-04-22 10:58 -------- d-----w- c:\program files (x86)\Citrix

2012-04-22 10:57 . 2012-04-22 10:57 -------- d-----w- c:\users\Tom\AppData\Local\Citrix

2012-04-17 16:41 . 2012-04-17 16:41 -------- d-----w- c:\users\Tom\AppData\Roaming\InstallShield

2012-04-17 15:53 . 2012-04-17 15:53 -------- d-----w- c:\programdata\Creative

2012-04-17 15:48 . 2012-04-17 15:48 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-04-17 02:00 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-17 02:00 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-17 02:00 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-17 02:00 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-17 02:00 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-17 02:00 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-17 02:00 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-04-11 21:46 . 2012-04-11 21:46 -------- d-----w- c:\programdata\Solidshield

2012-04-11 21:19 . 2012-04-11 21:19 -------- d-----w- c:\users\Tom\AppData\Local\Ubisoft

2012-04-11 21:19 . 2012-04-11 21:19 -------- d-----w- c:\programdata\Ubisoft

2012-04-11 20:58 . 2012-04-11 20:58 -------- d-----w- c:\users\Tom\AppData\Local\THQ

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-06 12:28 . 2010-06-24 16:33 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-03-24 23:09 . 2012-03-24 23:09 0 ----a-w- c:\windows\SysWow64\shoDA88.tmp

2012-03-24 00:06 . 2012-02-19 02:12 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-03-24 00:06 . 2012-02-10 00:35 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-03-24 00:02 . 2012-02-10 00:35 281408 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-03-10 15:52 . 2012-03-10 15:52 2829 ----a-w- c:\windows\War3Unin.pif

2012-03-10 15:52 . 2012-03-10 15:52 126976 ----a-w- c:\windows\War3Unin.exe

2012-03-08 17:50 . 2012-03-08 17:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll

2012-03-08 17:37 . 2012-03-08 17:37 302448 ----a-w- c:\windows\WLXPGSS.SCR

2012-03-03 22:41 . 2012-03-03 22:41 419840 ----a-w- c:\windows\system32\wrap_oal.dll

2012-03-03 22:41 . 2012-03-03 22:41 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2012-03-03 22:41 . 2012-03-03 22:41 133632 ----a-w- c:\windows\system32\OpenAL32.dll

2012-03-03 22:41 . 2012-03-03 22:41 110592 ----a-w- c:\windows\SysWow64\OpenAL32.dll

2012-02-29 13:26 . 2012-02-29 13:26 416064 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2012-02-29 00:41 . 2012-02-10 00:35 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2012-02-28 23:01 . 2012-02-10 00:35 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe

2012-02-23 09:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-02-20 23:45 . 2012-02-20 23:45 2250024 ----a-w- c:\windows\SysWow64\pbsvc.exe

2012-02-19 02:16 . 2012-02-19 02:16 0 ----a-w- c:\windows\SysWow64\shoEC95.tmp

2012-02-17 06:38 . 2012-03-14 06:22 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-14 06:22 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-14 06:22 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-14 06:22 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{13FA2453-9287-4F18-8554-976D7C02F4EE}]

2012-01-10 21:43 63368 ----a-w- c:\perfect world entertainment\CORE Client\plugins\CorePluginIE.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-02-09 1242448]

"Spotify Web Helper"="c:\users\Tom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-06 932528]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]

"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-09 136176]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]

R3 d554gps;Dell Wireless HSPA Mini-Card GPS Port;c:\windows\system32\drivers\d554gps64.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-09 136176]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]

R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-03 63928]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]

S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]

S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160]

S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]

S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode [x]

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 d554scard;Dell Wireless 5540 HSPA Mini-Card USIM Port;c:\windows\system32\DRIVERS\d554scard.sys [x]

S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S3 ecnssndis;Service for enabling selective suspend to NDIS device;c:\windows\system32\Drivers\wwuss64.sys [x]

S3 ecnssndisfltr;SSNDIS filter service;c:\windows\system32\Drivers\wwussf64.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 Mbm3CBus;Dell Wireless HSPA Mini-Card Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys [x]

S3 Mbm3DevMt;Dell Wireless HSPA Mini-Card Device Management Driver (WDM);c:\windows\system32\DRIVERS\Mbm3DevMt.sys [x]

S3 Mbm3mdfl;Dell Wireless HSPA Mini-Card Modem Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys [x]

S3 Mbm3Mdm;Dell Wireless HSPA Mini-Card Modem Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]

S3 WwanUsbServ;Ericsson WWAN Wireless Module Device Driver;c:\windows\system32\DRIVERS\WwanUsbMp64.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-09 19:54]

.

2012-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-09 19:54]

.

2012-05-01 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]

.

2012-05-01 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]

.

2012-02-26 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]

"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]

"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-01-25 4479648]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"EKAIO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe" [2011-12-11 3240448]

"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-10-15 539456]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3072253

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 109.246.166.1

FF - ProfilePath - c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\c0owf9iu.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - about:home

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe

AddRemove-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe

c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2012-05-11 17:06:39 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-11 16:06

.

Pre-Run: 82,636,087,296 bytes free

Post-Run: 82,618,212,352 bytes free

.

- - End Of File - - 97F585BDA46A678EECCC566F1D1668EB

Share this post


Link to post
Share on other sites

Sorry, just a small update: A new IP was blocked, this is the first time it wasn't the IP 60.191.186.52, which did try again today. This new IP was still trying to get into svchost.exe, but was 121.10.114.101, another IP from a different part of China. What does this mean?? Is my svchost managing to spread out my details to other IPs now?

Share this post


Link to post
Share on other sites

Sorry, actually, anyone who can give me a break down in very basic terms of what the hell is happening here- it would be much appreciated. Many thanks!

Share this post


Link to post
Share on other sites

First, have you uninstalled uTorrent and any other P2P programs:

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

It's also against our policy:

http://forums.malwar...showtopic=97700

-------------------------------------------------

These alerts are incoming??

--------------------------------------------------

Can you take a look at these folders...do you recognize them:

c:\users\Tom\AppData\Roaming\Oruki

c:\users\Tom\AppData\Roaming\Ygyhm

c:\users\Tom\AppData\Local\THQ

-------------------------------

These two temp files:

c:\windows\SysWow64\shoDA88.tmp

c:\windows\SysWow64\sho6723.tmp

Upload them to VirusTotal for a free scan, let me know the results (just copy back the url)

http://www.virustotal.com/

MrC

Share this post


Link to post
Share on other sites

I have done once before, but I have deleted the program and everything I had downloaded. I no longer trust P2P file sharing, and do not agree with piracy. I will go to the files you mentioned and see what I find. Many thanks.

Share this post


Link to post
Share on other sites

Okay, I went to Oruki and ygyhm folders and they do not contain any files- I believe that the scan may have deleted them? They are completely empty. As for THQ, yes I do recognise it, the only file within it is a .cfg file for a videogame by the developer THQ.

As for the temp files, here are virustotal's scan URLs:

https://www.virustotal.com/file/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/analysis/1336827274/

https://www.virustotal.com/file/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/analysis/1336827405/

Both come out clean.

Share this post


Link to post
Share on other sites

OK, delete those two folders.

Take a look at the link below regarding the IP module and how it works:

http://forums.malwar...ndpost&p=162100

You said that these were incoming??

Can you take a screen shot of one of them and post it.

MrC

Share this post


Link to post
Share on other sites

It may be many hours before it tries to attack again, and yes they are incoming. The 2 IPs that have been incoming to svchost.exe have been:

60.191.186.52

121.10.114.101

The last port that I recorded them attempting to get in through was 35521, but I do not know if that is the only port as I only checked the last time.

Share this post


Link to post
Share on other sites

Run this scan and post back the two reports:

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Share this post


Link to post
Share on other sites

I looked in the Malwarebytes IP protection logs and this is what I found. Here are the logs from the 4 different files, called protection-log-2012-05-12.txt, 2012-05-11.txt, 2012-05-10.txt, 2012-05-9.txt.

2012/05/12 01:37:02 +0100 TOM-PC Tom IP-BLOCK 78.140.143.48 (Type: outgoing, Port: 55384, Process: avastsvc.exe)

2012/05/12 01:37:02 +0100 TOM-PC Tom IP-BLOCK 78.140.143.48 (Type: outgoing, Port: 55385, Process: avastsvc.exe)

2012/05/12 01:38:23 +0100 TOM-PC Tom IP-BLOCK 91.223.82.63 (Type: outgoing, Port: 55810, Process: avastsvc.exe)

2012/05/12 01:38:23 +0100 TOM-PC Tom IP-BLOCK 91.223.82.63 (Type: outgoing, Port: 55811, Process: avastsvc.exe)

2012/05/12 01:57:15 +0100 TOM-PC Tom IP-BLOCK 91.223.82.63 (Type: outgoing, Port: 56581, Process: avastsvc.exe)

2012/05/12 01:57:15 +0100 TOM-PC Tom IP-BLOCK 91.223.82.63 (Type: outgoing, Port: 56582, Process: avastsvc.exe)

2012/05/12 03:24:11 +0100 TOM-PC Tom IP-BLOCK 60.191.186.52 (Type: incoming, Port: 26305, Process: svchost.exe)

2012/05/12 07:38:33 +0100 TOM-PC Tom IP-BLOCK 60.191.186.52 (Type: incoming, Port: 61121, Process: svchost.exe)

2012/05/12 07:38:33 +0100 TOM-PC Tom IP-BLOCK 60.191.186.52 (Type: incoming, Port: 61121, Process: svchost.exe)

2012/05/12 08:55:43 +0100 TOM-PC Tom MESSAGE Executing scheduled update: Daily

2012/05/12 08:55:49 +0100 TOM-PC Tom MESSAGE Scheduled update executed successfully: database updated from version v2012.05.11.02 to version v2012.05.12.04

2012/05/12 08:55:49 +0100 TOM-PC Tom MESSAGE Starting database refresh

2012/05/12 08:55:49 +0100 TOM-PC Tom MESSAGE Stopping IP protection

2012/05/12 08:56:58 +0100 TOM-PC Tom MESSAGE IP Protection stopped

2012/05/12 08:57:00 +0100 TOM-PC Tom MESSAGE Database refreshed successfully

2012/05/12 08:57:00 +0100 TOM-PC Tom MESSAGE Starting IP protection

2012/05/12 08:57:00 +0100 TOM-PC Tom MESSAGE IP Protection started successfully

2012/05/12 11:53:07 +0100 TOM-PC Tom IP-BLOCK 60.191.186.52 (Type: incoming, Port: 31425, Process: svchost.exe)

2012/05/12 11:53:07 +0100 TOM-PC Tom IP-BLOCK 60.191.186.52 (Type: incoming, Port: 31425, Process: svchost.exe)

2012/05/11 01:02:27 +0100 TOM-PC Tom IP-BLOCK 204.188.215.194 (Type: outgoing, Port: 52706, Process: avastsvc.exe)

2012/05/11 01:02:27 +0100 TOM-PC Tom IP-BLOCK 204.188.215.194 (Type: outgoing, Port: 52707, Process: avastsvc.exe)

2012/05/11 09:38:28 +0100 TOM-PC Tom MESSAGE Starting protection

2012/05/11 09:38:30 +0100 TOM-PC Tom MESSAGE Protection started successfully

2012/05/11 09:38:33 +0100 TOM-PC Tom MESSAGE Starting IP protection

2012/05/11 09:38:34 +0100 TOM-PC Tom MESSAGE IP Protection started successfully

2012/05/11 09:45:46 +0100 TOM-PC Tom MESSAGE Executing scheduled update: Daily

2012/05/11 09:45:51 +0100 TOM-PC Tom MESSAGE Starting database refresh

2012/05/11 09:45:51 +0100 TOM-PC Tom MESSAGE Scheduled update executed successfully: database updated from version v2012.05.10.04 to version v2012.05.11.02

2012/05/11 09:45:51 +0100 TOM-PC Tom MESSAGE Stopping IP protection

2012/05/11 09:47:04 +0100 TOM-PC Tom MESSAGE IP Protection stopped

2012/05/11 09:47:06 +0100 TOM-PC Tom MESSAGE Database refreshed successfully

2012/05/11 09:47:06 +0100 TOM-PC Tom MESSAGE Starting IP protection

2012/05/11 09:47:07 +0100 TOM-PC Tom MESSAGE IP Protection started successfully

2012/05/11 10:26:27 +0100 TOM-PC Tom IP-BLOCK 60.191.186.52 (Type: incoming, Port: 16065, Process: svchost.exe)

2012/05/11 16:49:41 +0100 TOM-PC Tom MESSAGE Stopping IP protection

2012/05/11 16:50:59 +0100 TOM-PC Tom MESSAGE IP Protection stopped

2012/05/11 17:12:18 +0100 TOM-PC Tom MESSAGE Starting protection

2012/05/11 17:12:20 +0100 TOM-PC Tom MESSAGE Protection started successfully

2012/05/11 17:12:23 +0100 TOM-PC Tom MESSAGE Starting IP protection

2012/05/11 17:12:24 +0100 TOM-PC Tom MESSAGE IP Protection started successfully

2012/05/11 18:55:17 +0100 TOM-PC Tom IP-BLOCK 60.191.186.52 (Type: incoming, Port: 21185, Process: svchost.exe)

2012/05/11 23:09:45 +0100 TOM-PC Tom IP-BLOCK 60.191.186.52 (Type: incoming, Port: 56001, Process: svchost.exe)

2012/05/11 23:09:45 +0100 TOM-PC Tom IP-BLOCK 60.191.186.52 (Type: incoming, Port: 56001, Process: svchost.exe)

2012/05/11 23:15:22 +0100 TOM-PC Tom IP-BLOCK 121.10.114.101 (Type: incoming, Port: 30415, Process: svchost.exe)

2012/05/11 23:15:22 +0100 TOM-PC Tom IP-BLOCK 121.10.114.101 (Type: incoming, Port: 30415, Process: svchost.exe)

2012/05/10 00:27:40 +0100 TOM-PC Tom IP-BLOCK 87.118.92.88 (Type: outgoing, Port: 54145, Process: avastsvc.exe)

2012/05/10 00:27:40 +0100 TOM-PC Tom IP-BLOCK 87.118.92.88 (Type: outgoing, Port: 54146, Process: avastsvc.exe)

2012/05/10 00:27:48 +0100 TOM-PC Tom IP-BLOCK 87.118.92.88 (Type: outgoing, Port: 54148, Process: avastsvc.exe)

2012/05/10 00:27:48 +0100 TOM-PC Tom IP-BLOCK 87.118.92.88 (Type: outgoing, Port: 54149, Process: avastsvc.exe)

2012/05/10 00:30:45 +0100 TOM-PC Tom IP-BLOCK 60.191.186.52 (Type: incoming, Port: 60097, Process: svchost.exe)

2012/05/10 02:09:04 +0100 TOM-PC Tom MESSAGE Starting protection

2012/05/10 02:09:06 +0100 TOM-PC Tom MESSAGE Protection started successfully

2012/05/10 02:09:09 +0100 TOM-PC Tom MESSAGE Starting IP protection

2012/05/10 02:09:10 +0100 TOM-PC Tom MESSAGE IP Protection started successfully

2012/05/10 03:15:49 +0100 TOM-PC Tom IP-BLOCK 121.10.115.62 (Type: incoming, Port: 28356, Process: svchost.exe)

2012/05/10 06:53:14 +0100 TOM-PC Tom IP-BLOCK 121.10.115.62 (Type: incoming, Port: 55185, Process: svchost.exe)

2012/05/10 08:58:43 +0100 TOM-PC Tom MESSAGE Executing scheduled update: Daily

2012/05/10 08:58:48 +0100 TOM-PC Tom MESSAGE Starting database refresh

2012/05/10 08:58:48 +0100 TOM-PC Tom MESSAGE Scheduled update executed successfully: database updated from version v2012.05.09.05 to version v2012.05.10.01

2012/05/10 08:58:48 +0100 TOM-PC Tom MESSAGE Stopping IP protection

2012/05/10 09:00:00 +0100 TOM-PC Tom MESSAGE IP Protection stopped

2012/05/10 09:00:02 +0100 TOM-PC Tom MESSAGE Database refreshed successfully

2012/05/10 09:00:02 +0100 TOM-PC Tom MESSAGE Starting IP protection

2012/05/10 09:00:03 +0100 TOM-PC Tom MESSAGE IP Protection started successfully

2012/05/10 10:06:26 +0100 TOM-PC Tom MESSAGE Starting protection

2012/05/10 10:06:28 +0100 TOM-PC Tom MESSAGE Protection started successfully

2012/05/10 10:06:31 +0100 TOM-PC Tom MESSAGE Starting IP protection

2012/05/10 10:06:33 +0100 TOM-PC Tom MESSAGE IP Protection started successfully

2012/05/10 10:32:02 +0100 TOM-PC Tom IP-BLOCK 121.10.115.62 (Type: incoming, Port: 17502, Process: svchost.exe)

2012/05/10 13:14:17 +0100 TOM-PC Tom IP-BLOCK 60.191.186.52 (Type: incoming, Port: 35521, Process: svchost.exe)

2012/05/10 13:14:17 +0100 TOM-PC Tom IP-BLOCK 60.191.186.52 (Type: incoming, Port: 35521, Process: svchost.exe)

2012/05/10 20:06:06 +0100 TOM-PC Tom MESSAGE Stopping IP protection

2012/05/10 20:07:25 +0100 TOM-PC Tom MESSAGE IP Protection stopped

2012/05/10 20:07:42 +0100 TOM-PC Tom MESSAGE Starting database refresh

2012/05/10 20:07:51 +0100 TOM-PC Tom MESSAGE Database refreshed successfully

2012/05/10 20:17:09 +0100 TOM-PC Tom MESSAGE Starting protection

2012/05/10 20:17:11 +0100 TOM-PC Tom MESSAGE Protection started successfully

2012/05/10 20:17:14 +0100 TOM-PC Tom MESSAGE Starting IP protection

2012/05/10 20:17:16 +0100 TOM-PC Tom MESSAGE IP Protection started successfully

2012/05/10 20:36:27 +0100 TOM-PC Tom IP-BLOCK 37.221.160.51 (Type: outgoing, Port: 50826, Process: avastsvc.exe)

2012/05/10 20:36:27 +0100 TOM-PC Tom IP-BLOCK 37.221.160.51 (Type: outgoing, Port: 50827, Process: avastsvc.exe)

2012/05/10 20:36:27 +0100 TOM-PC Tom IP-BLOCK 37.221.160.51 (Type: outgoing, Port: 50829, Process: avastsvc.exe)

2012/05/10 20:36:27 +0100 TOM-PC Tom IP-BLOCK 37.221.160.51 (Type: outgoing, Port: 50828, Process: avastsvc.exe)

2012/05/09 20:14:12 +0100 TOM-PC Tom MESSAGE Starting protection

2012/05/09 20:14:14 +0100 TOM-PC Tom MESSAGE Protection started successfully

2012/05/09 20:14:17 +0100 TOM-PC Tom MESSAGE Starting IP protection

2012/05/09 20:14:18 +0100 TOM-PC Tom MESSAGE IP Protection started successfully

2012/05/09 20:14:41 +0100 TOM-PC Tom MESSAGE Executing scheduled update: Daily

2012/05/09 20:15:37 +0100 TOM-PC Tom MESSAGE Database already up-to-date

2012/05/09 20:16:19 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 49622, Process: ybeq.exe)

2012/05/09 20:16:20 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50214, Process: ybeq.exe)

2012/05/09 20:16:20 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50215, Process: ybeq.exe)

2012/05/09 20:16:20 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50216, Process: ybeq.exe)

2012/05/09 20:16:20 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50223, Process: ybeq.exe)

2012/05/09 20:16:20 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50224, Process: ybeq.exe)

2012/05/09 20:16:20 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50225, Process: ybeq.exe)

2012/05/09 20:16:20 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50226, Process: ybeq.exe)

2012/05/09 20:16:28 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50231, Process: ybeq.exe)

2012/05/09 20:16:28 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50232, Process: ybeq.exe)

2012/05/09 20:16:28 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50234, Process: ybeq.exe)

2012/05/09 20:16:28 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50235, Process: ybeq.exe)

2012/05/09 20:16:36 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50240, Process: ybeq.exe)

2012/05/09 20:16:36 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50241, Process: ybeq.exe)

2012/05/09 20:16:36 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50242, Process: ybeq.exe)

2012/05/09 20:16:36 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50243, Process: ybeq.exe)

2012/05/09 20:16:36 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50249, Process: ybeq.exe)

2012/05/09 20:16:36 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50250, Process: ybeq.exe)

2012/05/09 20:16:36 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50251, Process: ybeq.exe)

2012/05/09 20:16:36 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50252, Process: ybeq.exe)

2012/05/09 20:16:36 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50253, Process: ybeq.exe)

2012/05/09 20:16:36 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50254, Process: ybeq.exe)

2012/05/09 20:16:44 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50260, Process: ybeq.exe)

2012/05/09 20:16:44 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50261, Process: ybeq.exe)

2012/05/09 20:16:44 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50262, Process: ybeq.exe)

2012/05/09 20:16:44 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50263, Process: ybeq.exe)

2012/05/09 20:16:44 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50266, Process: ybeq.exe)

2012/05/09 20:16:44 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50267, Process: ybeq.exe)

2012/05/09 20:16:44 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50268, Process: ybeq.exe)

2012/05/09 20:16:44 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50274, Process: ybeq.exe)

2012/05/09 20:16:44 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50275, Process: ybeq.exe)

2012/05/09 20:16:44 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50277, Process: ybeq.exe)

2012/05/09 20:16:44 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50278, Process: ybeq.exe)

2012/05/09 20:16:44 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50281, Process: ybeq.exe)

2012/05/09 20:16:52 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50286, Process: ybeq.exe)

2012/05/09 20:16:52 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50287, Process: ybeq.exe)

2012/05/09 20:16:52 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50288, Process: ybeq.exe)

2012/05/09 20:16:52 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50289, Process: ybeq.exe)

2012/05/09 20:16:52 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50294, Process: ybeq.exe)

2012/05/09 20:17:00 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50299, Process: ybeq.exe)

2012/05/09 20:17:00 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50300, Process: ybeq.exe)

2012/05/09 20:17:00 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50301, Process: ybeq.exe)

2012/05/09 20:17:00 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50302, Process: ybeq.exe)

2012/05/09 20:17:00 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50303, Process: ybeq.exe)

2012/05/09 20:17:00 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50304, Process: ybeq.exe)

2012/05/09 20:17:00 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50308, Process: ybeq.exe)

2012/05/09 20:17:00 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50313, Process: ybeq.exe)

2012/05/09 20:17:00 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50314, Process: ybeq.exe)

2012/05/09 20:17:00 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50315, Process: ybeq.exe)

2012/05/09 20:17:00 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50316, Process: ybeq.exe)

2012/05/09 20:17:00 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50317, Process: ybeq.exe)

2012/05/09 20:17:00 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50318, Process: ybeq.exe)

2012/05/09 20:17:00 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50322, Process: ybeq.exe)

2012/05/09 20:17:08 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50327, Process: ybeq.exe)

2012/05/09 20:17:08 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50328, Process: ybeq.exe)

2012/05/09 20:17:08 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50330, Process: ybeq.exe)

2012/05/09 20:17:08 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50331, Process: ybeq.exe)

2012/05/09 20:17:08 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50336, Process: ybeq.exe)

2012/05/09 20:17:08 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50337, Process: ybeq.exe)

2012/05/09 20:17:08 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50338, Process: ybeq.exe)

2012/05/09 20:17:08 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50339, Process: ybeq.exe)

2012/05/09 20:17:17 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50345, Process: ybeq.exe)

2012/05/09 20:17:17 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50346, Process: ybeq.exe)

2012/05/09 20:17:17 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50347, Process: ybeq.exe)

2012/05/09 20:17:17 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50348, Process: ybeq.exe)

2012/05/09 20:17:25 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50354, Process: ybeq.exe)

2012/05/09 20:17:25 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50355, Process: ybeq.exe)

2012/05/09 20:25:04 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50505, Process: ybeq.exe)

2012/05/09 20:25:05 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50508, Process: ybeq.exe)

2012/05/09 20:25:13 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50509, Process: ybeq.exe)

2012/05/09 20:25:13 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50510, Process: ybeq.exe)

2012/05/09 20:25:13 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50513, Process: ybeq.exe)

2012/05/09 20:25:13 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50514, Process: ybeq.exe)

2012/05/09 20:25:13 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50515, Process: ybeq.exe)

2012/05/09 20:25:13 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50516, Process: ybeq.exe)

2012/05/09 20:25:13 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50517, Process: ybeq.exe)

2012/05/09 20:25:21 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50520, Process: ybeq.exe)

2012/05/09 20:25:21 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50521, Process: ybeq.exe)

2012/05/09 20:25:21 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50522, Process: ybeq.exe)

2012/05/09 20:25:21 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50523, Process: ybeq.exe)

2012/05/09 20:25:21 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50524, Process: ybeq.exe)

2012/05/09 20:25:21 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50527, Process: ybeq.exe)

2012/05/09 20:25:29 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50528, Process: ybeq.exe)

2012/05/09 20:25:29 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50529, Process: ybeq.exe)

2012/05/09 20:25:29 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50530, Process: ybeq.exe)

2012/05/09 20:25:29 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50531, Process: ybeq.exe)

2012/05/09 20:25:29 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50532, Process: ybeq.exe)

2012/05/09 20:25:29 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50533, Process: ybeq.exe)

2012/05/09 20:25:29 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50534, Process: ybeq.exe)

2012/05/09 20:25:29 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50535, Process: ybeq.exe)

2012/05/09 20:25:29 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50536, Process: ybeq.exe)

2012/05/09 20:25:29 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50537, Process: ybeq.exe)

2012/05/09 20:25:37 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50538, Process: ybeq.exe)

2012/05/09 20:25:37 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50539, Process: ybeq.exe)

2012/05/09 20:25:37 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50540, Process: ybeq.exe)

2012/05/09 20:25:37 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50541, Process: ybeq.exe)

2012/05/09 20:25:37 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50542, Process: ybeq.exe)

2012/05/09 20:25:37 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50543, Process: ybeq.exe)

2012/05/09 20:25:37 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50546, Process: ybeq.exe)

2012/05/09 20:25:37 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50547, Process: ybeq.exe)

2012/05/09 20:25:37 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50548, Process: ybeq.exe)

2012/05/09 20:25:37 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50549, Process: ybeq.exe)

2012/05/09 20:25:45 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50550, Process: ybeq.exe)

2012/05/09 20:25:45 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50551, Process: ybeq.exe)

2012/05/09 20:25:45 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50552, Process: ybeq.exe)

2012/05/09 20:25:45 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50553, Process: ybeq.exe)

2012/05/09 20:25:53 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50554, Process: ybeq.exe)

2012/05/09 20:25:53 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50555, Process: ybeq.exe)

2012/05/09 20:25:53 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50556, Process: ybeq.exe)

2012/05/09 20:25:53 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50557, Process: ybeq.exe)

2012/05/09 20:25:53 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50558, Process: ybeq.exe)

2012/05/09 20:25:53 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50559, Process: ybeq.exe)

2012/05/09 20:25:53 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50560, Process: ybeq.exe)

2012/05/09 20:25:53 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50561, Process: ybeq.exe)

2012/05/09 20:25:53 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50562, Process: ybeq.exe)

2012/05/09 20:25:53 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50563, Process: ybeq.exe)

2012/05/09 20:25:53 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50564, Process: ybeq.exe)

2012/05/09 20:25:53 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50565, Process: ybeq.exe)

2012/05/09 20:26:01 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50566, Process: ybeq.exe)

2012/05/09 20:26:01 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50567, Process: ybeq.exe)

2012/05/09 20:26:01 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50568, Process: ybeq.exe)

2012/05/09 20:26:01 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50569, Process: ybeq.exe)

2012/05/09 20:26:09 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50571, Process: ybeq.exe)

2012/05/09 20:26:09 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50572, Process: ybeq.exe)

2012/05/09 20:26:09 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50574, Process: ybeq.exe)

2012/05/09 20:26:09 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50573, Process: ybeq.exe)

2012/05/09 20:26:09 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50576, Process: ybeq.exe)

2012/05/09 20:26:09 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50575, Process: ybeq.exe)

2012/05/09 20:26:09 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50577, Process: ybeq.exe)

2012/05/09 20:26:17 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50578, Process: ybeq.exe)

2012/05/09 20:26:17 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50579, Process: ybeq.exe)

2012/05/09 20:26:17 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50580, Process: ybeq.exe)

2012/05/09 20:26:17 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50581, Process: ybeq.exe)

2012/05/09 20:26:25 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50582, Process: ybeq.exe)

2012/05/09 20:26:25 +0100 TOM-PC Tom IP-BLOCK 92.241.176.102 (Type: outgoing, Port: 50583, Process: ybeq.exe)

2012/05/09 20:31:45 +0100 TOM-PC Tom MESSAGE Starting protection

2012/05/09 20:31:49 +0100 TOM-PC Tom MESSAGE Protection started successfully

2012/05/09 20:31:52 +0100 TOM-PC Tom MESSAGE Starting IP protection

2012/05/09 20:31:54 +0100 TOM-PC Tom MESSAGE IP Protection started successfully

2012/05/09 20:55:14 +0100 TOM-PC Tom MESSAGE Starting protection

2012/05/09 20:55:16 +0100 TOM-PC Tom MESSAGE Protection started successfully

2012/05/09 20:55:19 +0100 TOM-PC Tom MESSAGE Starting IP protection

2012/05/09 20:55:20 +0100 TOM-PC Tom MESSAGE IP Protection started successfully

2012/05/09 21:29:22 +0100 TOM-PC Tom IP-BLOCK 89.28.119.167 (Type: incoming, Port: 47771, Process: svchost.exe)

Remember please that it is only 121.10.114.101 and 60.191.186.52 that have attacked recently (2012-05-12)

Share this post


Link to post
Share on other sites

OTL.txt

OTL logfile created on: 5/12/2012 2:46:18 PM - Run 1

OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Tom\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.90 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 33.37% Memory free

7.79 Gb Paging File | 5.17 Gb Available in Paging File | 66.36% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 446.13 Gb Total Space | 72.83 Gb Free Space | 16.32% Space Free | Partition Type: NTFS

Computer Name: TOM-PC | User Name: Tom | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/12 14:44:19 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe

PRC - [2012/05/06 13:11:30 | 000,932,528 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

PRC - [2012/04/25 17:05:49 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2012/04/21 23:41:43 | 000,489,256 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe

PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/03/07 00:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2012/03/07 00:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2012/02/29 01:41:19 | 000,076,888 | ---- | M] () -- C:\WINDOWS\SysWOW64\PnkBstrA.exe

PRC - [2012/02/09 18:31:53 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe

PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2011/09/06 19:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

PRC - [2011/08/18 17:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

PRC - [2011/08/18 17:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe

PRC - [2011/08/01 19:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

PRC - [2010/12/21 00:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2010/12/21 00:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2010/12/17 16:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

PRC - [2010/08/18 21:43:38 | 000,463,912 | R--- | M] (Ericsson AB) -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe

PRC - [2010/05/04 18:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe

PRC - [2010/02/28 03:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE

========== Modules (No Company Name) ==========

MOD - [2012/05/10 10:30:51 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll

MOD - [2012/05/10 10:10:54 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll

MOD - [2012/05/10 10:10:27 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07f019692c382d588d3c6cb2da2a9ec5\PresentationFramework.ni.dll

MOD - [2012/05/10 10:10:15 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll

MOD - [2012/05/10 10:10:09 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll

MOD - [2012/05/10 10:10:05 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2d1fd350e9bc62ce659e5cbcfd555796\PresentationCore.ni.dll

MOD - [2012/05/10 10:09:56 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll

MOD - [2012/05/10 10:09:51 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll

MOD - [2012/05/10 10:09:48 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll

MOD - [2012/05/10 10:09:47 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll

MOD - [2012/05/10 10:09:41 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll

MOD - [2012/05/06 13:11:30 | 000,932,528 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

MOD - [2012/04/25 17:05:49 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2012/04/21 23:41:43 | 000,214,528 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\mssvoice.asi

MOD - [2012/04/21 23:41:43 | 000,095,744 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\mssmp3.asi

MOD - [2012/04/21 23:41:42 | 020,297,512 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll

MOD - [2012/04/21 23:41:40 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll

MOD - [2012/04/21 23:41:40 | 000,907,048 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll

MOD - [2012/04/21 23:41:40 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll

MOD - [2012/04/21 23:41:40 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll

MOD - [2012/02/09 18:34:42 | 008,527,008 | ---- | M] () -- C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll

MOD - [2011/08/18 17:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

MOD - [2010/12/17 16:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

MOD - [2010/02/28 03:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/07 00:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2011/09/08 18:48:36 | 006,583,160 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)

SRV:64bit: - [2011/09/08 18:48:36 | 000,528,760 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)

SRV:64bit: - [2010/12/17 20:41:32 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®

SRV:64bit: - [2010/12/17 20:28:46 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)

SRV:64bit: - [2010/12/17 20:26:50 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®

SRV:64bit: - [2010/11/29 21:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel®

SRV:64bit: - [2010/09/23 00:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2009/11/18 03:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)

SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/04/25 17:05:50 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/04/22 11:58:06 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)

SRV - [2012/04/21 23:41:43 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/02/29 01:41:19 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2012/02/21 00:26:32 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)

SRV - [2011/10/15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2011/08/18 17:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)

SRV - [2010/12/21 00:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®

SRV - [2010/12/21 00:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®

SRV - [2010/11/25 11:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)

SRV - [2010/11/25 11:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)

SRV - [2010/08/26 02:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)

SRV - [2010/08/18 21:43:38 | 000,463,912 | R--- | M] (Ericsson AB) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe -- (WMCoreService)

SRV - [2010/05/04 18:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)

SRV - [2010/03/18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/03/07 00:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2012/03/07 00:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)

DRV:64bit: - [2012/03/07 00:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\aswRdr2.sys -- (aswRdr)

DRV:64bit: - [2012/03/07 00:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)

DRV:64bit: - [2012/03/07 00:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2012/03/07 00:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/09 23:22:23 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2011/10/15 09:53:00 | 000,249,152 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\nvkflt.sys -- (nvkflt)

DRV:64bit: - [2011/10/15 09:53:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\nvpciflt.sys -- (nvpciflt)

DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2011/09/08 18:49:36 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)

DRV:64bit: - [2011/09/08 18:49:26 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)

DRV:64bit: - [2011/09/08 18:49:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\wacomvhid.sys -- (wacomvhid)

DRV:64bit: - [2011/09/03 14:45:34 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/09/03 14:45:34 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/05/17 15:27:54 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\WDKMD.sys -- (wdkmd)

DRV:64bit: - [2011/05/17 15:27:52 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\iwdbus.sys -- (iwdbus)

DRV:64bit: - [2011/05/17 15:27:50 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)

DRV:64bit: - [2011/03/26 10:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011/02/17 02:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/02/10 23:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2011/02/10 23:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2011/01/20 17:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)

DRV:64bit: - [2011/01/13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/12/22 10:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®

DRV:64bit: - [2010/12/17 18:06:32 | 001,404,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2010/12/15 18:02:04 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\jmcr.sys -- (JMCR)

DRV:64bit: - [2010/12/13 18:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Accelern.sys -- (Acceler)

DRV:64bit: - [2010/12/12 15:18:36 | 000,121,960 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\nvstusb.sys -- (NvStUSB)

DRV:64bit: - [2010/11/29 21:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\TurboB.sys -- (TurboB)

DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/10/20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®

DRV:64bit: - [2010/10/15 17:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®

DRV:64bit: - [2010/08/20 19:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\stdcfltn.sys -- (stdcfltn)

DRV:64bit: - [2010/07/30 23:42:12 | 000,274,984 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\WwanUsbMp64.sys -- (WwanUsbServ)

DRV:64bit: - [2010/07/13 03:38:06 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\qicflt.sys -- (qicflt)

DRV:64bit: - [2010/06/24 19:53:38 | 000,060,968 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\d554scard.sys -- (d554scard)

DRV:64bit: - [2010/04/27 19:02:50 | 000,468,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Mbm3Mdm.sys -- (Mbm3Mdm)

DRV:64bit: - [2010/04/27 19:02:50 | 000,416,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Mbm3DevMt.sys -- (Mbm3DevMt) Dell Wireless HSPA Mini-Card Device Management Driver (WDM)

DRV:64bit: - [2010/04/27 19:02:50 | 000,378,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Mbm3CBus.sys -- (Mbm3CBus) Dell Wireless HSPA Mini-Card Device (WDM)

DRV:64bit: - [2010/04/27 19:02:50 | 000,019,528 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Mbm3mdfl.sys -- (Mbm3mdfl)

DRV:64bit: - [2010/03/19 09:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2010/03/03 20:30:30 | 000,030,248 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\wwussf64.sys -- (ecnssndisfltr)

DRV:64bit: - [2010/03/03 20:30:30 | 000,026,664 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\wwuss64.sys -- (ecnssndis)

DRV:64bit: - [2010/02/27 08:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\Impcd.sys -- (Impcd)

DRV:64bit: - [2010/01/26 05:18:20 | 000,096,296 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\d554gps64.sys -- (d554gps)

DRV:64bit: - [2009/08/13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2006/11/01 18:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)

DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {06B98E07-FE91-4C9D-B521-2C89367A164A}

IE:64bit: - HKLM\..\SearchScopes\{06B98E07-FE91-4C9D-B521-2C89367A164A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {06B98E07-FE91-4C9D-B521-2C89367A164A}

IE - HKLM\..\SearchScopes\{06B98E07-FE91-4C9D-B521-2C89367A164A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4234593452-1771345588-371266355-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3072253

IE - HKU\S-1-5-21-4234593452-1771345588-371266355-1001\..\SearchScopes,DefaultScope = {06B98E07-FE91-4C9D-B521-2C89367A164A}

IE - HKU\S-1-5-21-4234593452-1771345588-371266355-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentControl2 Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.startup.homepage: "about:home"

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@perfectworld.com/npPlayNowPlugin: C:\Perfect World Entertainment\CORE Client\Plugins\npCorePluginFF.dll (Perfect World Entertainment Inc)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)

FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/05/09 20:54:29 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/25 17:05:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/02/09 18:29:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Extensions

[2012/05/07 03:36:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\c0owf9iu.default\extensions

[2012/04/29 22:30:11 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\c0owf9iu.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}

[2012/04/18 00:39:24 | 000,000,935 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\c0owf9iu.default\searchplugins\conduit.xml

[2012/04/17 16:48:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/04/17 16:48:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012/05/09 20:54:29 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

[2012/04/20 18:53:55 | 000,377,615 | ---- | M] () (No name found) -- C:\USERS\TOM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C0OWF9IU.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI

[2012/04/25 17:05:49 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2010/10/14 04:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll

[2012/04/25 17:05:48 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml

[2012/02/14 11:28:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/04/25 17:05:48 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml

[2012/04/25 17:05:48 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml

[2012/04/25 17:05:50 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

[2012/04/25 17:05:48 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - Extension: YouTube = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\

CHR - Extension: Google Search = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\

CHR - Extension: avast! WebRep = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\

CHR - Extension: uTorrentControl2 = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\

CHR - Extension: Gmail = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/05/11 17:02:51 | 000,000,027 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2 - BHO: (CorePluginIEBHO Class) - {13FA2453-9287-4F18-8554-976D7C02F4EE} - C:\Perfect World Entertainment\CORE Client\plugins\CorePluginIE.dll (Perfect World Entertainment Inc)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [EKAIO2StatusMonitor] C:\WINDOWS\SysNative\spool\drivers\x64\3\EKAiO2MUI.exe (Eastman Kodak Company)

O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found

O4:64bit: - HKLM..\Run: [intelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)

O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)

O4 - HKU\S-1-5-21-4234593452-1771345588-371266355-1001..\Run: [spotify Web Helper] C:\Users\Tom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()

O4 - HKU\S-1-5-21-4234593452-1771345588-371266355-1001..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-4234593452-1771345588-371266355-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-4234593452-1771345588-371266355-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 109.246.166.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9ED863F9-95D4-4443-86E1-DD2F685CBB27}: DhcpNameServer = 109.246.166.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - AppInit_DLLs: (C:\WINDOWS\System32\nvinitx.dll) - C:\WINDOWS\SysNative\nvinitx.dll (NVIDIA Corporation)

O20 - AppInit_DLLs: (C:\WINDOWS\SysWOW64\nvinit.dll) - C:\WINDOWS\SysWOW64\nvinit.dll (NVIDIA Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/12 14:44:05 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe

[2012/05/11 17:02:55 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2012/05/11 16:50:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/05/11 16:50:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/05/11 16:50:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/05/11 16:50:03 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012/05/11 16:49:58 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/05/11 14:06:31 | 000,000,000 | ---D | C] -- C:\Users\Tom\Desktop\Stuff for viruses

[2012/05/09 20:55:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2012/05/09 20:54:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google

[2012/05/09 20:54:39 | 000,337,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys

[2012/05/09 20:54:39 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

[2012/05/09 20:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus

[2012/05/09 20:54:38 | 000,819,032 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys

[2012/05/09 20:54:38 | 000,059,224 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys

[2012/05/09 20:54:38 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys

[2012/05/09 20:54:37 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

[2012/05/09 20:54:37 | 000,069,976 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2012/05/09 20:54:21 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe

[2012/05/09 20:54:21 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

[2012/05/09 20:54:13 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

[2012/05/09 20:54:13 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2012/05/09 20:12:28 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/05/09 19:47:40 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Malwarebytes

[2012/05/09 19:47:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/05/09 19:47:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/05/09 19:47:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/05/09 19:16:27 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Fortress 2012

[2012/05/09 19:13:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed

[2012/05/09 19:13:03 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{9B961FC4-9A02-11E1-826E-B8AC6F996F26}

[2012/05/09 19:12:27 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\WMDRM

[2012/05/09 19:12:20 | 000,000,000 | ---D | C] -- C:\ProgramData\B7E858A700002A1E00015AE6B4EB2367

[2012/05/09 17:47:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

[2012/05/08 11:58:51 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{3674938C-1EA0-4C16-9441-8CFBA13A2DB6}

[2012/05/07 23:03:26 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Ygyhm

[2012/05/07 23:03:26 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Oruki

[2012/05/07 20:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft

[2012/05/07 19:54:48 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\My Battle for Middle-earth II Files

[2012/05/07 19:54:17 | 000,000,000 | ---D | C] -- C:\Users\Tom\SC-1.15.2-enGB

[2012/05/07 18:48:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts

[2012/05/07 15:46:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Starcraft

[2012/05/07 10:54:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lighthouse Interactive

[2012/05/07 10:52:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lighthouse Interactive

[2012/05/07 03:32:21 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Google

[2012/05/07 03:32:19 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\CRE

[2012/05/07 03:32:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit

[2012/05/07 03:32:07 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Conduit

[2012/05/07 03:31:06 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\uTorrent

[2012/05/06 13:32:39 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{678AE895-1519-4689-B621-600A470E16A8}

[2012/05/06 13:32:29 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{3FBF73F7-E400-49A6-97F7-8AB8CD969B33}

[2012/05/06 13:31:36 | 000,000,000 | ---D | C] -- C:\Windows\en

[2012/05/06 13:24:11 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{654BADDC-EBF1-41A9-A7BC-43C757F330D4}

[2012/05/06 13:23:49 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{B9C1FF48-E67B-476A-BF35-E4DF58AA256F}

[2012/05/06 00:58:00 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MekTek.net

[2012/05/06 00:39:33 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\Savage 2 - A Tortured Soul

[2012/05/05 18:23:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Savage 2

[2012/05/05 18:16:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Savage2

[2012/04/29 21:47:38 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{3FCB9FC0-29B0-401C-9145-D1F843980277}

[2012/04/29 00:51:26 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\EMULATORS

[2012/04/29 00:50:25 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\project64 1.6

[2012/04/28 20:17:05 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\signal studios

[2012/04/28 01:24:09 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\BladesOfTimeDemo

[2012/04/28 00:28:02 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\SniperV2 Demo

[2012/04/27 01:42:59 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\AquaNox2

[2012/04/27 01:42:59 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\AquaNox2

[2012/04/27 01:33:44 | 000,140,800 | ---- | C] (The Duck Corporation) -- C:\Windows\SysWow64\tm20dec.ax

[2012/04/27 01:33:37 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Heavy Gear 2 Demo

[2012/04/27 01:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heavy Gear 2 Demo

[2012/04/27 01:33:35 | 000,151,292 | ---- | C] (Extreme Audio Reality, Inc.) -- C:\Windows\SysWow64\earpds.dll

[2012/04/27 01:25:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JoWooD

[2012/04/26 21:22:03 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Trine2

[2012/04/26 20:53:38 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\Games for Windows - LIVE Demos

[2012/04/26 20:42:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace

[2012/04/26 09:49:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\directx

[2012/04/25 17:05:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service

[2012/04/25 17:05:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2012/04/24 10:21:48 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\.inapptracking

[2012/04/23 18:22:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\id Software

[2012/04/23 18:22:37 | 000,000,000 | ---D | C] -- C:\ProgramData\id Software

[2012/04/23 18:00:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe

[2012/04/23 17:20:52 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{E0ED27EB-C330-4FD6-9FDB-5B9FF5F08C0F}

[2012/04/23 17:20:29 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{4236FDD7-1ADD-45EF-AA8D-E569ABA5494B}

[2012/04/22 14:01:33 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{543B58CB-B3D6-4113-A296-EF8B0B92CE86}

[2012/04/22 11:59:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix

[2012/04/22 11:58:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix

[2012/04/22 11:57:51 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Citrix

[2012/04/21 01:44:18 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{04D87311-4C4C-4D23-8810-CF337DA1A402}

[2012/04/21 01:44:07 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{F23A3158-62B0-4A7B-B6C4-A953DC61F28C}

[2012/04/20 22:52:41 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{C5764A61-EE46-4EEF-A34F-8502A42F169B}

[2012/04/20 15:40:26 | 000,000,000 | ---D | C] -- C:\Users\Tom\Desktop\New folder

[2012/04/17 17:42:32 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Reallusion

[2012/04/17 17:41:58 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\InstallShield

[2012/04/17 16:53:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative

[2012/04/17 16:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2012/04/17 16:48:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/12 14:44:19 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe

[2012/05/12 14:04:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/05/11 21:04:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/05/11 17:17:28 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/05/11 17:17:28 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/05/11 17:09:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/05/11 17:09:18 | 3137,994,752 | -HS- | M] () -- C:\hiberfil.sys

[2012/05/11 17:02:51 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/05/10 10:03:44 | 000,319,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/05/10 09:42:59 | 000,794,946 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/05/10 09:42:59 | 000,657,062 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/05/10 09:42:59 | 000,125,544 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/05/10 01:02:04 | 000,000,784 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012/05/09 20:55:58 | 000,002,257 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2012/05/09 20:55:58 | 000,002,241 | ---- | M] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2012/05/09 20:54:39 | 000,001,803 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2012/05/09 20:54:37 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2012/05/09 20:12:36 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/05/08 12:29:21 | 000,002,110 | ---- | M] () -- C:\Users\Tom\Desktop\Unit Tester.lnk

[2012/05/08 00:12:16 | 000,002,050 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft - Brood War.lnk

[2012/05/07 18:49:24 | 000,002,347 | ---- | M] () -- C:\Users\Public\Desktop\The Battle for Middle-earth II.lnk

[2012/05/07 10:54:52 | 000,001,104 | ---- | M] () -- C:\Users\Public\Desktop\SunAge.lnk

[2012/05/07 03:31:56 | 000,000,969 | ---- | M] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk

[2012/05/06 14:31:44 | 000,991,816 | ---- | M] () -- C:\Users\Tom\Desktop\final engine.mp3

[2012/05/06 01:31:59 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2012/05/05 18:33:54 | 000,001,867 | ---- | M] () -- C:\Users\Tom\Desktop\Savage 2.lnk

[2012/05/01 22:30:01 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job

[2012/05/01 21:00:49 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job

[2012/04/29 13:13:23 | 000,000,918 | ---- | M] () -- C:\Users\Tom\Desktop\Jnes.lnk

[2012/04/29 00:52:36 | 000,007,466 | ---- | M] () -- C:\Users\Tom\Desktop\SNES 9X.lnk

[2012/04/29 00:52:30 | 000,001,986 | ---- | M] () -- C:\Users\Tom\Desktop\Project64 1.6.lnk

[2012/04/20 23:25:24 | 002,060,119 | ---- | M] () -- C:\Users\Tom\Desktop\engine_33.mp3

[2012/04/20 23:16:34 | 000,033,792 | R--- | M] () -- C:\Users\Tom\Desktop\airbrake.mp3

[2012/04/17 16:48:22 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/11 16:50:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/05/11 16:50:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/05/11 16:50:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/05/11 16:50:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/05/11 16:50:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/05/09 20:55:58 | 000,002,257 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2012/05/09 20:55:58 | 000,002,241 | ---- | C] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2012/05/09 20:54:48 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/05/09 20:54:43 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/05/09 20:54:39 | 000,001,803 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2012/05/09 20:54:37 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt

[2012/05/09 20:12:36 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/05/08 12:28:43 | 000,002,110 | ---- | C] () -- C:\Users\Tom\Desktop\Unit Tester.lnk

[2012/05/07 20:19:28 | 000,002,050 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft - Brood War.lnk

[2012/05/07 18:49:24 | 000,002,347 | ---- | C] () -- C:\Users\Public\Desktop\The Battle for Middle-earth II.lnk

[2012/05/07 10:54:52 | 000,001,104 | ---- | C] () -- C:\Users\Public\Desktop\SunAge.lnk

[2012/05/07 03:31:56 | 000,000,969 | ---- | C] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk

[2012/05/06 14:31:43 | 000,991,816 | ---- | C] () -- C:\Users\Tom\Desktop\final engine.mp3

[2012/05/06 13:30:38 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk

[2012/05/06 01:31:59 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2012/05/05 18:33:32 | 000,001,867 | ---- | C] () -- C:\Users\Tom\Desktop\Savage 2.lnk

[2012/05/01 21:00:33 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job

[2012/04/29 13:13:23 | 000,000,918 | ---- | C] () -- C:\Users\Tom\Desktop\Jnes.lnk

[2012/04/29 00:50:38 | 000,001,986 | ---- | C] () -- C:\Users\Tom\Desktop\Project64 1.6.lnk

[2012/04/27 01:33:39 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll

[2012/04/27 01:33:39 | 000,005,672 | ---- | C] () -- C:\Windows\SysWow64\quartz.vxd

[2012/04/20 23:25:23 | 002,060,119 | ---- | C] () -- C:\Users\Tom\Desktop\engine_33.mp3

[2012/04/20 23:16:36 | 000,033,792 | R--- | C] () -- C:\Users\Tom\Desktop\airbrake.mp3

[2012/04/17 16:48:22 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk

[2012/03/18 15:57:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2012/03/10 16:52:07 | 000,019,063 | ---- | C] () -- C:\Windows\War3Unin.dat

[2012/03/03 16:57:19 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat

[2012/02/29 14:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

[2012/02/21 00:45:37 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe

[2012/02/10 01:35:50 | 000,298,016 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2012/02/10 01:35:34 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2012/02/10 01:35:33 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe

[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2011/09/03 14:28:16 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll

[2011/09/03 14:27:28 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

[2011/09/03 14:27:25 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

[2011/09/03 14:27:23 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

[2011/02/10 17:10:51 | 000,788,116 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== LOP Check ==========

[2012/03/28 00:32:21 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\.minecraft

[2012/02/09 18:53:02 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Ambient Design

[2012/05/06 14:31:48 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Audacity

[2012/03/03 01:42:01 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\BigHugeEngine

[2012/02/10 00:15:24 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\CoreClient

[2012/05/10 01:06:12 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\DAEMON Tools Lite

[2012/02/25 14:21:26 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Day 1 Studios

[2012/02/09 18:23:18 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Fingertapps

[2012/03/10 16:51:12 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\GetRightToGo

[2012/02/15 22:25:47 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\ImTOO Software Studio

[2012/03/08 19:13:41 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Kornner Studios

[2012/05/07 20:00:46 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\My Battle for Middle-earth II Files

[2012/02/21 20:54:36 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Nitro PDF

[2012/02/21 20:52:55 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\OpenCandy

[2012/05/09 20:30:40 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Oruki

[2012/02/10 17:03:34 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\PCDr

[2012/02/22 02:51:48 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\PrimoPDF

[2012/03/21 00:41:09 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\RIFT

[2012/02/21 14:33:18 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\RotMG.Production

[2012/05/06 01:19:18 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\SoftGrid Client

[2012/02/11 23:31:06 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Spore

[2012/05/10 22:11:58 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Spotify

[2012/02/18 23:27:46 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\TP

[2012/04/26 21:22:03 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Trine2

[2012/03/27 00:12:11 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Tropico 4 Demo

[2012/05/10 01:06:12 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\uTorrent

[2012/02/24 14:26:53 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Wacom

[2012/02/24 14:27:46 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1

[2012/02/24 23:35:26 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Warsow 0.6

[2012/05/09 20:09:17 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Ygyhm

[2012/05/01 22:30:01 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job

[2012/05/01 21:00:49 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job

[2012/05/10 10:03:48 | 000,032,642 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012/02/26 11:02:29 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========

< End of report >

Share this post


Link to post
Share on other sites

Extras.txt

OTL Extras logfile created on: 5/12/2012 2:46:18 PM - Run 1

OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Tom\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.90 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 33.37% Memory free

7.79 Gb Paging File | 5.17 Gb Available in Paging File | 66.36% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 446.13 Gb Total Space | 72.83 Gb Free Space | 16.32% Space Free | Partition Type: NTFS

Computer Name: TOM-PC | User Name: Tom | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-4234593452-1771345588-371266355-1001\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{27AC80A7-9FB0-461B-9353-4AA3D20A2A33}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{652C8069-C5DB-4A77-8646-80B52990FC4A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{6C2CC718-AD5F-4659-B3F1-78CCE9AC80B6}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |

"{C01FB91E-6BA5-482D-93F9-58917EFF3785}" = lport=9700 | protocol=6 | dir=in | name=syncup_tcp_9700 |

"{C55C9C56-6311-4848-9320-211DBBCCDBAB}" = lport=9702 | protocol=6 | dir=in | name=syncup_tcp_9702 |

"{EA78AF46-A8B9-4C2D-95FB-1E7EFC0CC513}" = lport=9701 | protocol=6 | dir=in | name=syncup_tcp_9701 |

"{F1297D72-E104-428A-B76D-AC75FAFD37EC}" = lport=9700 | protocol=17 | dir=in | name=syncup_udp_9700 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01653520-5121-40FA-96ED-F5120B1D02BE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |

"{025CC9CE-839E-4661-91F7-535AF6CCB3D1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer 3 tiberium wars\support\ea help\electronic_arts_technical_support.htm |

"{03B80368-16E8-47F9-AA64-6F5C034C0AAE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space 2\deadspace2.exe |

"{03E71F34-8287-411B-8FAA-6F6D3A3B63C7}" = protocol=6 | dir=in | app=c:\users\tom\appdata\roaming\spotify\spotify.exe |

"{0481E027-A6CE-4970-94BC-F1A63F3D080C}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |

"{05A55B78-FC84-482E-A350-E262F0450A5F}" = dir=in | app=c:\gpotato.eu\allods online\bin\launcher.exe |

"{0676564E-B5FA-447B-9AC7-3A01108C8539}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sniper elite v2 demo\bin\sniperelitev2demo.exe |

"{07B779C3-D9CE-4B86-A8E3-B7BA0D28335A}" = dir=in | name=chinese hacker block |

"{08193A14-F746-437F-8FD8-B61CF29570D0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer 3 tiberium wars\support\ea help\electronic_arts_technical_support.htm |

"{12684F77-8D12-4651-A621-ABB4FC24C37E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{137EEEA7-B45A-4672-B667-90ACB839DEB9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\splintercell chaos theory\system\splintercell3.exe |

"{13967EE8-350B-4868-ACCA-4DBFB80178D2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jedi academy\gamedata\jamp.exe |

"{14FD3D3A-8FE5-459A-B83A-ABBCED3F2145}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\enemy territory quake wars\etqw.exe |

"{15E0F8CD-4CE1-49C4-A983-EFCA4EB95022}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer 3 tiberium wars\cnc3.exe |

"{1ABCACC7-8B41-4AB1-A8F5-5C50FF37F7CF}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{20A9D30B-7749-44E8-9BC4-D89EBCDCE14C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{21947D51-5F7E-4E61-906E-44B700A56702}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\battleforge.exe |

"{21E561B8-BDFE-451B-9A1C-5A263F93FEF6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\from dust\from_dust.exe |

"{2336A7E1-92C3-476C-8CBD-95A73A1E3761}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{26F46DF5-F405-4B55-8A88-B4490735CE0B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\monday night combat\binaries\win32\mnc.exe |

"{292D5AD6-A4AE-4C31-BD8F-E967CBB1EB62}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{29796DEC-3024-4A6D-A97A-94A804CF3B63}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\enemy territory quake wars\etqw.exe |

"{2A05D386-FDD4-4908-A408-1D7E2395B5FF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warhammer 40,000 space marine\spacemarine.exe |

"{2BB899C4-F353-4AC3-9ACD-D4713CBAE943}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spore\support\ea help\electronic_arts_technical_support.htm |

"{2D68E1B6-6D93-4C80-8D9F-837308CFA833}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |

"{303825F5-4B78-494A-8FDE-341D2CDC748E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\section 8 prejudice\s9.exe |

"{30AD7461-EC30-4747-921E-0BB43C07AE11}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires online\aoeonline.exe |

"{363F1234-9E01-48B1-92EE-217C7AA1DFD6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jedi academy\gamedata\jasp.exe |

"{3B521995-F1EF-472A-BE28-2B7C4A93892E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warhammer 40,000 space marine\spacemarine.exe |

"{405DEB5C-C7E0-4D33-8BB6-65BC05C8FB58}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{45AFEE84-6D03-4E03-8947-57908BD12027}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ridge racer unbounded demo\rru_demo.exe |

"{47FD616D-7D39-4EA0-80AA-04D5A75C4BE3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\monday night combat\binaries\win32\mnc.exe |

"{482C9226-BA54-41FC-9D2C-8B8D4995DAE9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chrome\chrome.exe |

"{483D540D-B05E-47D8-8296-6B8816F075D8}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\the battle for middle-earth ii\game.dat |

"{4EFD97C8-C2D8-4BE2-84FB-5D44DB3BCC52}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{5444354F-1B33-4542-98E7-D94848786C4C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brink\brink.exe |

"{55E0116F-6E57-4658-BCA2-208CEEB7440A}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{5E77A7DA-4941-451A-80CD-E8947A12AAC3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space 2\support\ea help\electronic_arts_technical_support.htm |

"{5F7A51E3-45F0-4F23-B07B-70F42950C5CE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oddworld munchs oddysee\bin\launcher.exe |

"{5FF3F22E-1BF7-41AC-B6C9-C29B2C018713}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |

"{6302AC7D-8BC6-4C43-AF45-19185F08E4F4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{65C01A3D-F56F-4E63-9402-D530795011C3}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\battleforge.exe |

"{717C014F-9CA5-4C84-B377-E61D4C690ADD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |

"{72863997-0E31-4990-A6F5-69DC5A3ACA2A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe |

"{729B5301-DA81-473A-BA07-2307BA851BF0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jedi academy\gamedata\jasp.exe |

"{763A911F-A414-4F6B-B214-147F7BE6A95B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe |

"{789CAF6C-4787-4B71-B45E-697559908C33}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wars battlefront ii\gamedata\battlefrontii.exe |

"{7B9E1168-6098-4E98-BE31-553F8E32FF2A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rayman origins demo\rayman origins.exe |

"{7F32B3A0-D95F-4B29-9C26-FCD3A8599F7F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stranger's wrath\launcher.exe |

"{81D2612E-85FB-4E6D-8F6F-C043007461BB}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\the battle for middle-earth ii\game.dat |

"{82E79986-456F-421A-8721-F7FAE68B62FB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lost planet 2\launcher.exe |

"{8713BCF7-4E93-4390-8B31-B0841B02A582}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |

"{89CAC78D-8579-4538-B454-7E24E2DCEADD}" = protocol=17 | dir=in | app=c:\users\tom\appdata\roaming\spotify\spotify.exe |

"{8B89709E-536D-4470-8274-C25B5EAC3085}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rayman origins demo\rayman origins.exe |

"{8DD2C1F0-695B-4DC6-851B-F9A68C9D4329}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\bootstrapper.exe |

"{8F8A4C49-D37E-4073-B194-F02E4058EB8C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |

"{8FE5B104-E103-4518-9839-27EEB37DFF0D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warlock - master of the arcane demo\game.exe |

"{9140AEED-BF1B-4DB0-8920-815C7E4BB6B8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe |

"{94BA6267-25A5-483B-A92B-40314ACC8927}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\splintercell chaos theory\system\splintercell3.exe |

"{95E51338-88BA-4E44-8635-997EF5FB5E2F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jedi academy\gamedata\jamp.exe |

"{9798A6D1-E164-41EF-875F-9481796B9DF1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |

"{97B06929-6F84-476B-8492-3EDFA71B6BAC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war soulstorm\soulstorm.exe |

"{991F55F9-3977-4DA1-846E-4FA50270A143}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe |

"{9A5C9709-DFDD-435B-9C60-BD846650B615}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sniper elite v2 demo\bin\sniperelitev2demo.exe |

"{9D14291C-6C32-4D77-AADB-DB952BD8C688}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\doom 3\doom3.exe |

"{A16D3D14-4422-485A-8412-0707B7BD3190}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brink\brink.exe |

"{A3D7B301-C26D-44A5-91CB-DFA20F495C0F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires online\aoeonline.exe |

"{A4AD5E5D-3D8A-4FE3-9D7F-2DCD98FF142F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{A57D10FA-21F4-479B-93B7-7EC0890D8742}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rage\rage.exe |

"{A95DD91B-713E-4D3E-9FCB-006D828B3F19}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wars the force unleashed\swtfu launcher.exe |

"{AAA728E0-1EDD-43D1-8785-EB2B90A66E32}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |

"{AB90F889-FB8C-40EB-9F73-6069BD58CD4B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer 3 tiberium wars\cnc3.exe |

"{AFC21861-40E2-4E8F-908B-EABE3D616D86}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations\sonicgenerations.exe |

"{B3C785D0-EA09-423D-9FBD-1900D44A70BB}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{B4C7640D-EC54-4771-9DFF-C71E502E4D2B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |

"{B567FC68-D18B-43FA-8E0E-B287332540B1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\from dust\from_dust.exe |

"{B5B6DCBB-3AA6-4C5B-8C47-EF708EA89BFD}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{B76B76A1-C883-41DF-A884-500AFAF91F6B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oddworld munchs oddysee\bin\launcher.exe |

"{BE5AD1BC-FBEE-46E6-97C9-21622DEB96C4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\doom 3\doom3.exe |

"{C195FF5E-FA2D-4602-8009-DF3311A7C4BC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wars battlefront ii\gamedata\battlefrontii.exe |

"{C2200BD0-5C7A-4FDC-8713-7871D40B1DD2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rage\rage.exe |

"{C85263FD-D165-4264-BDA7-56FFDA8D7023}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{C8D55B4B-EEC3-4F0C-8E41-DC063FD5B668}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war soulstorm\soulstorm.exe |

"{CB7C7850-56F5-43B7-9652-C3DB9A889557}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |

"{CB7EB583-3475-41CB-BA9F-F42CD35D0352}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |

"{CD4A36C2-DD90-40B4-BC8D-186DF072924D}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\bootstrapper.exe |

"{CEBBD460-97F7-4570-A805-7C266C2ADF30}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe |

"{D2847841-693A-46AA-895A-0C11C926DFA2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space 2\deadspace2.exe |

"{D50E87A1-02DF-40A4-9B0C-B9FF999C0C3A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe |

"{D6CF493A-2A1C-4F28-9AE4-A9278A1DDA7D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chrome specforce\specforce.exe |

"{D796AB61-9723-4A01-BF90-87C0CF02E0AB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lost planet 2\launcher.exe |

"{D8D78353-C32A-4243-9F6D-7FF0935B35D1}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |

"{DA315ACD-61B8-4A56-A4B4-53A47769E3DB}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{DCFAEF8E-5C2B-4EDC-98B1-F0481C0AE876}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations\configurationtool.exe |

"{DF70BB7A-2BDD-49C5-A900-6B86446E5DF8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spore\support\ea help\electronic_arts_technical_support.htm |

"{E23BCAFB-774F-41D7-8D0B-B5DFCA47C219}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\section 8 prejudice\s9.exe |

"{E24F43FD-9FE2-412A-8B38-92FA05C7D556}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stranger's wrath\launcher.exe |

"{E6B547FD-EE20-4521-BC17-2B1735F2315D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chrome\chrome.exe |

"{E9205DAE-9264-4C04-AEFD-0BBFA66886E6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations\configurationtool.exe |

"{E96E0F6B-E283-4BF7-8C56-A15B8DBF5B05}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{EB0856B5-5A82-426F-BC3C-1978AE079D3B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{EC387B0A-0131-480C-B8E3-9AC85A77F436}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space 2\support\ea help\electronic_arts_technical_support.htm |

"{EDD17514-BADB-49DD-9077-D215BC69CB24}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ridge racer unbounded demo\rru_demo.exe |

"{EF964451-DA26-459D-B3C1-98A2A4C60DDD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warlock - master of the arcane demo\game.exe |

"{F14124A2-0C37-4A25-963E-4388A9589ADC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe |

"{F2C63BBC-E35E-411E-851B-6CE19E80F06B}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |

"{F4393E5A-02C8-408A-903F-5A23746EFB1E}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{F7B3552C-5E1A-414C-9C98-B2F2BA5B777A}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |

"{F882589F-E5C7-403D-B86A-14FA49771F54}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations\sonicgenerations.exe |

"{F88400FC-47CE-4205-9FE6-B29437498EDB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe |

"{FA7E82F4-44FB-4BA9-8B6A-EC4C6C6746E6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wars the force unleashed\swtfu launcher.exe |

"{FAA984E9-7EE1-43A6-96E9-322E8D20468C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chrome specforce\specforce.exe |

"TCP Query User{74DFC217-8B42-4C09-BCFC-D5DAC10A749E}C:\program files (x86)\lighthouse interactive\sunage\sunage.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lighthouse interactive\sunage\sunage.exe |

"UDP Query User{E133C55C-95CB-4322-982A-BFE25C9C92BF}C:\program files (x86)\lighthouse interactive\sunage\sunage.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lighthouse interactive\sunage\sunage.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java 6 Update 24 (64-bit)

"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display

"{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel® PROSet/Wireless WiFi Software

"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer

"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.5.20

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.24.0

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel® Turbo Boost Technology Monitor 2.0

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager

"CCleaner" = CCleaner

"Dell Support Center" = Dell Support Center

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Pen Tablet Driver" = Bamboo

"ProInst" = Intel PROSet Wireless

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"WinRAR archiver" = WinRAR 4.10 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0DD706AF-B542-438C-999E-B30C7F625C8D}" = Intel® WiDi

"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup

"{12766F00-807F-4978-8D24-FDD0A3D60EE4}" = ArtRage 2

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback

"{23EEC842-57ED-4055-A056-9D4185DFB1AA}" = Dell Mobile Broadband Manager

"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10

"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java 6 Update 24

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth II

"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}" = Tribes Ascend Open Beta

"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service

"{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}" = SyncUP

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{6583D00E-0924-4950-8BE9-5D09FE70B333}" = MTX

"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10

"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn

"{7A625369-34A4-4D62-9165-2EFCFA41DA1D}" = CORE Client

"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide

"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online

"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4

"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11

"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English

"{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}" = Dell MusicStage

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9D583F01-A973-4B04-90BD-FB7886779090}" = Dell Wireless HSPA Mini-Card Drivers

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI

"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime

"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR

"{B42A6552-1A83-4D79-9137-AB0C9036249A}" = Quake Live Mozilla Plugin

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D0DD6BC5-B569-4081-8EF3-D0A689B1A3E7}" = OpenSauce for Halo CE

"{D2883AB6-09B4-4981-AAF8-E695411EEC9A}" = Sculptris Alpha 6

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D92C9CCE-E5F0-4125-977A-0590F3225B74}" = SyncUP

"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX

"{DB97CB5A-82B2-4FB1-9E5E-C03661A1482A}" = Blacklight Retribution

"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}" = Dell Stage

"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8

"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter

"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Advanced Audio FX Engine" = Advanced Audio FX Engine

"AstrumNival Allods" = Allods Online 3.0.00.50

"Audacity_is1" = Audacity 2.0

"avast" = avast! Free Antivirus

"DAEMON Tools Lite" = DAEMON Tools Lite

"Dell Webcam Central" = Dell Webcam Central

"Evolva_is1" = Evolva

"Fraps" = Fraps

"Google Chrome" = Google Chrome

"GoToAssist" = GoToAssist Corporate

"Ground Control II_is1" = Ground Control II

"Halo CE" = Microsoft Halo Custom Edition

"Homeworld2" = Homeworld2

"InstallShield_{D2883AB6-09B4-4981-AAF8-E695411EEC9A}" = Sculptris Alpha 6

"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage

"LAME_is1" = LAME v3.99.3 (for Windows)

"Magic Carpet_is1" = Magic Carpet

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"Mozilla Firefox 12.0 (x86 en-GB)" = Mozilla Firefox 12.0 (x86 en-GB)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"NirSoft BlueScreenView" = NirSoft BlueScreenView

"Office14.Click2Run" = Microsoft Office Click-to-Run 2010

"OpenAL" = OpenAL

"Populous: The Beginning" = Populous: The Beginning

"PunkBusterSvc" = PunkBuster Services

"Savage 2 2.1.0.5" = Savage 2

"StarCraft" = StarCraft

"Steam App 10000" = Enemy Territory: Quake Wars

"Steam App 105430" = Age of Empires Online

"Steam App 105450" = Age of Empires® III: Complete Collection

"Steam App 107100" = Bastion

"Steam App 1250" = Killing Floor

"Steam App 15740" = Oddworld: Munch's Oddysee

"Steam App 15750" = Oddworld: Stranger's Wrath

"Steam App 17390" = Spore

"Steam App 200900" = Cave Story+

"Steam App 203970" = Kingdoms of Amalur: Reckoning Demo

"Steam App 207510" = Rayman Origins Demo

"Steam App 209040" = Ridge Racer™ Unbounded Demo

"Steam App 210470" = Sniper Elite V2 Demo

"Steam App 210840" = Warlock - Master of the Arcane Demo

"Steam App 21100" = F.E.A.R. 3

"Steam App 22350" = Brink

"Steam App 24790" = Command and Conquer 3: Tiberium Wars

"Steam App 33460" = From Dust

"Steam App 35720" = Trine 2

"Steam App 40100" = Supreme Commander 2

"Steam App 4560" = Company of Heroes

"Steam App 45750" = Lost Planet 2

"Steam App 46420" = Chrome

"Steam App 46430" = Chrome: Specforce

"Steam App 47780" = Dead Space 2

"Steam App 550" = Left 4 Dead 2

"Steam App 55150" = Warhammer 40,000 Space Marine

"Steam App 6020" = Star Wars Jedi Knight: Jedi Academy

"Steam App 6060" = Star Wars - Battlefront II

"Steam App 620" = Portal 2

"Steam App 63200" = Monday Night Combat

"Steam App 71340" = Sonic Generations

"Steam App 9050" = DOOM 3

"Steam App 9200" = RAGE

"Steam App 9450" = Warhammer 40,000: Dawn of War – Soulstorm

"Steam App 97100" = Section 8: Prejudice

"Steam App 99900" = Spiral Knights

"SunAge_is1" = Sunage

"uTorrent" = µTorrent

"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin

"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin

"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin

"Warcraft III" = Warcraft III

"WinLiveSuite" = Windows Live Essentials

"ZinioReader4" = Zinio Reader 4

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4234593452-1771345588-371266355-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Akamai" = Akamai NetSession Interface

"Spotify" = Spotify

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 4/29/2012 1:08:47 PM | Computer Name = Tom-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "c:\program files (x86)\Steam\steamapps\common\enemy

territory quake wars\serverlauncher.exe".Error in manifest or policy file "" on

line . A component version required by the application conflicts with another component

version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Component

2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 4/30/2012 7:46:12 PM | Computer Name = Tom-PC | Source = WinMgmt | ID = 10

Description =

Error - 5/1/2012 4:21:10 AM | Computer Name = Tom-PC | Source = WinMgmt | ID = 10

Description =

Error - 5/1/2012 5:07:29 AM | Computer Name = Tom-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "c:\program files (x86)\Steam\steamapps\common\enemy

territory quake wars\serverlauncher.exe".Error in manifest or policy file "" on

line . A component version required by the application conflicts with another component

version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Component

2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 5/1/2012 3:09:19 PM | Computer Name = Tom-PC | Source = Application Error | ID = 1000

Description = Faulting application name: McSvHost.exe, version: 2.0.230.0, time

stamp: 0x4d41ff46 Faulting module name: mpfsvc.dll, version: 12.0.351.0, time stamp:

0x4f6b9fc2 Exception code: 0xc0000005 Fault offset: 0x000000000004fddc Faulting process

id: 0x11b8 Faulting application start time: 0x01cd27735601bafd Faulting application

path: C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe Faulting module

path: c:\PROGRA~1\mcafee\mpf\mpfsvc.dll Report Id: 268818bf-93c1-11e1-90cf-028037ec0200

Error - 5/2/2012 4:24:49 PM | Computer Name = Tom-PC | Source = Application Error | ID = 1000

Description = Faulting application name: McSvHost.exe, version: 2.0.230.0, time

stamp: 0x4d41ff46 Faulting module name: mpfsvc.dll, version: 12.0.351.0, time stamp:

0x4f6b9fc2 Exception code: 0xc0000005 Fault offset: 0x000000000004fddc Faulting process

id: 0xed4 Faulting application start time: 0x01cd27ce108afef0 Faulting application

path: C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe Faulting module

path: c:\PROGRA~1\mcafee\mpf\mpfsvc.dll Report Id: dce9a550-9494-11e1-90cf-028037ec0200

Error - 5/2/2012 6:12:29 PM | Computer Name = Tom-PC | Source = Application Error | ID = 1000

Description = Faulting application name: McSvHost.exe, version: 2.0.230.0, time

stamp: 0x4d41ff46 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time

stamp: 0x4ec4aa8e Exception code: 0xc0000374 Fault offset: 0x00000000000c40f2 Faulting

process id: 0x1210 Faulting application start time: 0x01cd28a1c3f91d29 Faulting application

path: C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe Faulting module

path: C:\Windows\SYSTEM32\ntdll.dll Report Id: e763c44c-94a3-11e1-90cf-028037ec0200

Error - 5/2/2012 6:19:41 PM | Computer Name = Tom-PC | Source = WinMgmt | ID = 10

Description =

Error - 5/3/2012 4:06:57 AM | Computer Name = Tom-PC | Source = WinMgmt | ID = 10

Description =

Error - 5/3/2012 4:17:36 AM | Computer Name = Tom-PC | Source = CVHSVC | ID = 100

Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):

DownloadLatest Failed: HTTP status 304: The server's response was not valid. The

server was not following the defined protocol. Resume the job, and then Background

Intelligent Transfer Service (BITS) will try again.

[ System Events ]

Error - 5/11/2012 12:48:25 PM | Computer Name = Tom-PC | Source = NetBT | ID = 4321

Description = The name "TOM-PC :0" could not be registered on the interface

with IP address 109.246.166.193. The computer with the IP address 109.246.166.31

did not allow the name to be claimed by this computer.

Error - 5/11/2012 3:57:08 PM | Computer Name = Tom-PC | Source = NetBT | ID = 4321

Description = The name "TOM-PC :0" could not be registered on the interface

with IP address 109.246.166.193. The computer with the IP address 109.246.166.31

did not allow the name to be claimed by this computer.

Error - 5/11/2012 3:57:08 PM | Computer Name = Tom-PC | Source = NetBT | ID = 4321

Description = The name "TOM-PC :0" could not be registered on the interface

with IP address 109.246.166.193. The computer with the IP address 109.246.166.31

did not allow the name to be claimed by this computer.

Error - 5/12/2012 8:51:00 AM | Computer Name = Tom-PC | Source = NetBT | ID = 4321

Description = The name "TOM-PC :0" could not be registered on the interface

with IP address 109.246.166.193. The computer with the IP address 109.246.166.31

did not allow the name to be claimed by this computer.

Error - 5/12/2012 8:51:06 AM | Computer Name = Tom-PC | Source = NetBT | ID = 4321

Description = The name "TOM-PC :0" could not be registered on the interface

with IP address 109.246.166.193. The computer with the IP address 109.246.166.31

did not allow the name to be claimed by this computer.

Error - 5/12/2012 8:53:16 AM | Computer Name = Tom-PC | Source = NetBT | ID = 4321

Description = The name "TOM-PC :0" could not be registered on the interface

with IP address 109.246.166.193. The computer with the IP address 109.246.166.31

did not allow the name to be claimed by this computer.

Error - 5/12/2012 8:53:21 AM | Computer Name = Tom-PC | Source = NetBT | ID = 4321

Description = The name "TOM-PC :0" could not be registered on the interface

with IP address 109.246.166.193. The computer with the IP address 109.246.166.31

did not allow the name to be claimed by this computer.

Error - 5/12/2012 8:53:26 AM | Computer Name = Tom-PC | Source = NetBT | ID = 4321

Description = The name "TOM-PC :0" could not be registered on the interface

with IP address 109.246.166.193. The computer with the IP address 109.246.166.31

did not allow the name to be claimed by this computer.

Error - 5/12/2012 8:53:33 AM | Computer Name = Tom-PC | Source = NetBT | ID = 4321

Description = The name "TOM-PC :0" could not be registered on the interface

with IP address 109.246.166.193. The computer with the IP address 109.246.166.31

did not allow the name to be claimed by this computer.

Error - 5/12/2012 8:53:48 AM | Computer Name = Tom-PC | Source = NetBT | ID = 4321

Description = The name "TOM-PC :0" could not be registered on the interface

with IP address 109.246.166.193. The computer with the IP address 109.246.166.31

did not allow the name to be claimed by this computer.

< End of report >

Share this post


Link to post
Share on other sites

ID: 21   Posted (edited)

I thought you said you uninstalled µTorrent? Please uninstall it now!

You have a lot of junk on this computer including these tool bars and searchplugins, they're all going.

So look the log over and if you see something you want to save, let me know.

Please do this: (the computer will reboot)

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}"
    IE - HKU\S-1-5-21-4234593452-1771345588-371266355-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3072253
    FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentControl2 Customized Web Search"
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
    [2012/05/07 23:03:26 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Ygyhm
    [2012/05/07 23:03:26 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Oruki
    [2012/05/07 03:31:06 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\uTorrent
    [2012/05/07 03:31:56 | 000,000,969 | ---- | C] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
    [2012/05/10 01:06:12 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\uTorrent
    [2012/04/18 00:39:24 | 000,000,935 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\c0owf9iu.default\searchplugins\conduit.xml
    :Commands
    [EMPTYJAVA]
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

--------------------------------

You have to manually delete this one:

CHR - Extension: uTorrentControl2 = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\

The link below will show you how to do it: (look for extensions)

http://deletemalware...tall-guide.html

---------------------------------------------------------

Go to your control panels add/remove programs and uninstall these:

Java Auto Updater

Java™ 6 Update 24

Then download and install the latest version Java™ 6 Update 32.

http://www.java.com/...load/manual.jsp <---latest version

http://www.java.com/...d/installed.jsp <---verify your Java

MrC

Edited by MrCharlie

Share this post


Link to post
Share on other sites

I would like to keep my coreclient from perfect world entertainment, as I play a game that uses that very often. Everything else can go. I have uninstalled utorrent! But I did it manually and there are remnants left on my machine. Everything else can go and I want my pc as clean as possible, so thankyou. How do I keep my perfect world entertainment core client from being wiped?

Share this post


Link to post
Share on other sites

OK, I took it out of the script:

O2 - BHO: (CorePluginIEBHO Class) - {13FA2453-9287-4F18-8554-976D7C02F4EE} - C:\Perfect World Entertainment\CORE Client\plugins\CorePluginIE.dll (Perfect World Entertainment Inc)

MrC

Share this post


Link to post
Share on other sites

Okay everything is done. I went ahead and deleted everything, including perfect world entertainment coreclient, as I can always just download it later anyway. Uninstalled the java things and installed the newer one you linked me to, and heres the log that you asked me to post:

All processes killed

========== OTL ==========

Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl

HKU\S-1-5-21-4234593452-1771345588-371266355-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Prefs.js: "uTorrentControl2 Customized Web Search" removed from browser.search.defaultthis.engineName

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13FA2453-9287-4F18-8554-976D7C02F4EE}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{13FA2453-9287-4F18-8554-976D7C02F4EE}\ deleted successfully.

C:\Perfect World Entertainment\CORE Client\plugins\CorePluginIE.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

C:\Users\Tom\AppData\Roaming\Ygyhm folder moved successfully.

C:\Users\Tom\AppData\Roaming\Oruki folder moved successfully.

Folder C:\Users\Tom\AppData\Roaming\uTorrent\ not found.

C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk moved successfully.

Folder C:\Users\Tom\AppData\Roaming\uTorrent\ not found.

C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\c0owf9iu.default\searchplugins\conduit.xml moved successfully.

========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Tom

->Java cache emptied: 2690497 bytes

User: UpdatusUser

Total Java Files Cleaned = 3.00 mb

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56466 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

->Temp folder emptied: 0 bytes

User: Tom

->Temp folder emptied: 1606823 bytes

->Temporary Internet Files folder emptied: 2684071 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 776843923 bytes

->Flash cache emptied: 62946 bytes

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 2834 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 401408 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1485898 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes

%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 666 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 747.00 mb

OTL by OldTimer - Version 3.2.42.3 log created on 05122012_161134

Share this post


Link to post
Share on other sites

Total Files Cleaned = 747.00 mb<----that's how much temp files you had on the system

Perfect World Entertainment > read below why I suggested to remove it:

http://www.systemloo...uginIE_dll.html

You said you ran TDSSKiller and it found nothing??

Let me know how things are. MrC

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.