WiredWX Hobby Weather ToolsLog in

 


Unknown Malware....

2 posters

descriptionUnknown Malware.... EmptyUnknown Malware....

more_horiz
I was using my laptop over the weekend, and at some point I guess it must have picked up a virus or malware. The internet would slow right now, on restarting icons on my desktop enlarged and moved around for no reason.

I ran Malware Bytes and it found two threats. I removed/quarrentined them, however Malware Bytes keeps telling me yzic.exe or another threat are trying to access a port on my computer. So I thought it was about time I came here to see if you guys could help?


****I tried to copy and paste in the log, however it was too long. I then tried different sections, however the computer I'm using to post this has a tiny screen makes it incredibly hard to figure out which bits I have or haven't posted before, so I will try to attach the log instead.****


In the posts follwing this I will then post the aswMBR log & the Security Check log.

descriptionUnknown Malware.... EmptyRe: Unknown Malware....

more_horiz
It didn't seem to attach so I'll try copy and pasting....sorry if there are repeats or errors:

OTL logfile created on: 7/30/2012 6:18:02 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Martlin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.75 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 48.51% Memory free
3.49 Gb Paging File | 1.89 Gb Available in Paging File | 54.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447.91 Gb Total Space | 104.37 Gb Free Space | 23.30% Space Free | Partition Type: NTFS
Drive D: | 17.55 Gb Total Space | 2.54 Gb Free Space | 14.47% Space Free | Partition Type: NTFS
Drive F: | 1397.26 Gb Total Space | 211.25 Gb Free Space | 15.12% Space Free | Partition Type: NTFS
Drive H: | 7.47 Gb Total Space | 2.34 Gb Free Space | 31.31% Space Free | Partition Type: FAT32

Computer Name: MARTLIN-HP | User Name: Martlin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/30 18:02:48 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Martlin\Desktop\OTL.com
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/05/25 04:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Martlin\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/12/05 09:14:08 | 000,263,535 | ---- | M] (polmop) -- C:\Users\Martlin\AppData\Roaming\Exywu\yzic.exe
PRC - [2011/10/06 04:35:10 | 001,401,224 | ---- | M] (CleanMyPC Software) -- C:\Program Files (x86)\CleanMyPC\Registry Cleaner\RCHelper.exe
PRC - [2011/04/17 10:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
PRC - [2011/02/04 16:32:02 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/11/10 08:16:22 | 000,154,816 | ---- | M] (Zecter Inc.) -- C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exe
PRC - [2010/09/29 16:55:32 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010/09/29 11:08:58 | 000,584,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/09/29 11:08:58 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2009/06/08 04:57:20 | 006,831,616 | ---- | M] () -- C:\Program Files (x86)\SuperFlexible\ExtremeSyncService.exe
PRC - [2009/06/07 13:20:20 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NlsSrv32.exe
PRC - [2008/11/10 06:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/07 13:49:00 | 000,091,648 | ---- | M] () -- C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/30 17:50:41 | 000,379,904 | ---- | M] () -- C:\Users\Martlin\AppData\Local\Temp\libsqlitejdbc-4984430783870625375.lib
MOD - [2012/07/30 17:50:15 | 000,199,168 | ---- | M] () -- C:\Users\Martlin\AppData\Local\Temp\WindowsAPI.dll4395552185739993825.lib
MOD - [2010/08/17 06:21:30 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/08/17 06:21:30 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/08/17 06:21:30 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/06/08 04:57:20 | 006,831,616 | ---- | M] () -- C:\Program Files (x86)\SuperFlexible\ExtremeSyncService.exe
MOD - [2008/08/07 13:49:00 | 000,091,648 | ---- | M] () -- C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/30 16:49:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/08/06 12:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/07/22 07:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/06/25 08:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2009/11/18 12:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/14 11:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/27 19:55:06 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/20 07:04:27 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/04/17 10:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe -- (NIS)
SRV - [2011/02/04 16:32:02 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/09/29 11:08:58 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/06/19 11:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/06/02 08:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/15 22:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/07 13:20:20 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NlsSrv32.exe -- (nlsX86cc)
SRV - [2008/11/10 06:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/11/28 13:51:44 | 000,033,872 | ---- | M] (AnvSoft Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\anvsnddrv.sys -- (anvsnddrv)
DRV:64bit: - [2011/07/20 17:45:54 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/07/20 17:45:54 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/07/20 17:45:54 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2011/07/20 17:45:54 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/07/20 17:45:54 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/05/12 07:50:37 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/04/21 11:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/31 13:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/31 13:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/03/15 12:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 16:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 16:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 16:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 15:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/12/21 15:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/12/21 15:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/12/21 15:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/11/20 23:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 19:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/30 18:51:14 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/30 16:13:38 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/09/29 16:55:54 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/09/27 13:15:22 | 002,374,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/09/14 04:00:08 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/06/17 23:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010/05/15 12:04:16 | 000,073,856 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/05/15 12:04:16 | 000,028,800 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/05/08 05:19:58 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/05/06 23:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/04/29 23:43:20 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/03/23 11:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/21 14:05:14 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2009/07/21 14:05:14 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2009/07/21 14:05:14 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/11 07:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/11 07:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/11 07:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/11 06:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/11 06:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/11 06:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/08/12 10:27:14 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV - [2011/07/07 17:01:40 | 000,488,056 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110707.031\IDSviA64.sys -- (IDSVia64)
DRV - [2011/05/20 05:37:05 | 001,143,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110701.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/05/18 19:26:11 | 002,011,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110707.032\EX64.SYS -- (NAVEX15)
DRV - [2011/05/18 19:26:09 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110707.032\ENG64.SYS -- (NAVENG)
DRV - [2011/05/10 17:48:51 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/05/10 17:48:51 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/14 11:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/CQALL/13
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/CQALL/13
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/705-111071-2357-0/4?satitle={searchTerms}&mfe=Notebooks
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/CQALL/13
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/CQALL/13
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/705-111071-2357-0/4?satitle={searchTerms}&mfe=Notebooks
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/CQALL/13
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/705-111071-2357-0/4?satitle={searchTerms}&mfe=Notebooks
IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com.au"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.3.6


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@photoproduct.rocketlife.com/RocketLife App Viewer;version=0.8: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

descriptionUnknown Malware.... EmptyRe: Unknown Malware....

more_horiz

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/09/28 17:51:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_10_1 [2012/07/30 17:47:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/05/26 22:18:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/20 07:04:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/11 06:22:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1266764D-FC4F-4FA7-B63B-884D53B1680F}: C:\Users\Martlin\AppData\Roaming\NetAssistant\ [2011/10/14 18:51:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8C83E50B-D90C-11E1-8270-B8AC6F996F26}: C:\Users\Martlin\AppData\Local\{8C83E50B-D90C-11E1-8270-B8AC6F996F26}\ [2012/07/30 17:46:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/20 07:04:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/11 06:22:05 | 000,000,000 | ---D | M]

[2011/05/09 21:02:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martlin\AppData\Roaming\Mozilla\Extensions
[2012/07/19 17:31:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martlin\AppData\Roaming\Mozilla\Firefox\Profiles\dx6bqd9s.default\extensions
[2012/03/30 16:19:02 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Martlin\AppData\Roaming\Mozilla\Firefox\Profiles\dx6bqd9s.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/10/14 18:51:40 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Martlin\AppData\Roaming\Mozilla\Firefox\Profiles\dx6bqd9s.default\extensions\plugin@yontoo.com
[2012/05/04 17:29:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/22 20:16:10 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/30 17:46:10 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\MARTLIN\APPDATA\LOCAL\{8C83E50B-D90C-11E1-8270-B8AC6F996F26}
[2012/07/19 17:31:01 | 000,339,888 | ---- | M] () (No name found) -- C:\USERS\MARTLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DX6BQD9S.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
[2012/07/07 09:29:55 | 000,340,684 | ---- | M] () (No name found) -- C:\USERS\MARTLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DX6BQD9S.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
[2012/03/23 17:44:45 | 000,083,679 | ---- | M] () (No name found) -- C:\USERS\MARTLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DX6BQD9S.DEFAULT\EXTENSIONS\MULTIFOX@HULTMANN.XPI
[2012/07/20 07:04:27 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/03/27 18:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll
[2012/04/11 08:44:50 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/20 07:35:07 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/20 07:35:07 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/05/26 22:21:32 | 000,001,412 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 0.0.0.0 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CatcherBHO Class) - {9B4DF450-DCC7-4B07-935D-0CD757A64583} - C:\Program Files (x86)\Moyea\YouTube FLV Downloader\MoyeaCatcher.dll (Moyea Software Co., Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [autodetect] C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe ()
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ZumoDrive] C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk ()
O4 - HKCU..\Run: [cmidg] C:\Users\Martlin\AppData\Roaming\cmidg.dll (Crytek)
O4 - HKCU..\Run: [conde] C:\Users\Martlin\AppData\Roaming\conde.dll (Stardock Systems, Inc)
O4 - HKCU..\Run: [ExtremeSync Background Scheduler] C:\Program Files (x86)\SuperFlexible\ExtremeSyncService.exe ()
O4 - HKCU..\Run: [Laifliep] C:\Users\Martlin\AppData\Roaming\Exywu\yzic.exe (polmop)
O4 - HKCU..\Run: [Registry Cleaner Scheduler] C:\Program Files (x86)\CleanMyPC\Registry Cleaner\RCHelper.exe (CleanMyPC Software)
O4 - HKCU..\Run: [ZumoDrive] C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk ()
O4 - Startup: C:\Users\Martlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Martlin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3FC7590-7339-410A-B8D4-0938DBF388CB}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DCDC8AAE-72CF-475D-A03D-F49970D5DD19}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/10 12:06:41 | 000,000,000 | RH-D | M] - F:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/16 22:56:50 | 000,000,036 | RH-- | M] () - F:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012/05/08 20:30:30 | 000,000,051 | RHS- | M] () - H:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{ed994b76-9bc3-11e1-a8b4-2c27d7c0287a}\Shell - "" = AutoRun
O33 - MountPoints2\{ed994b76-9bc3-11e1-a8b4-2c27d7c0287a}\Shell\AutoRun\command - "" = F:\Windows\CHECK\DriveNavigator.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7380752B-DFFB-42DB-157D-A8460AADD355} - Internet Explorer
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()

descriptionUnknown Malware.... EmptyRe: Unknown Malware....

more_horiz

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/30 18:11:28 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Martlin\Desktop\aswMBR.exe
[2012/07/30 18:11:28 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Martlin\Desktop\OTL.com
[2012/07/30 17:48:23 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{E1EC5F3C-49D1-44E6-9C41-8C3D805EB5F1}
[2012/07/30 17:37:32 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{9319F840-AAF1-4FE6-B620-7D49E9D1598C}
[2012/07/30 17:21:18 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{8B01E12E-6341-45AC-8245-AC5FBE9D0B80}
[2012/07/29 21:34:03 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{F16AE24B-CB3C-4542-9484-A840F8C21AF1}
[2012/07/29 09:34:25 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{8C83E50B-D90C-11E1-8270-B8AC6F996F26}
[2012/07/29 09:32:51 | 000,435,712 | ---- | C] (Stardock Systems, Inc) -- C:\Users\Martlin\AppData\Roaming\conde.dll
[2012/07/29 09:32:46 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{1D6AF53D-13B7-4BDB-BA9C-CC4B875371BB}
[2012/07/29 09:30:57 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{3BBD742F-1F21-4365-8CC5-3F5200294796}
[2012/07/28 19:38:24 | 000,131,072 | -HS- | C] (Crytek) -- C:\Users\Martlin\AppData\Roaming\cmidg.dll
[2012/07/28 19:38:01 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Roaming\Yqemo
[2012/07/28 19:38:01 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Roaming\Orca
[2012/07/28 19:38:01 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Roaming\Exywu
[2012/07/28 09:27:22 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{6BFD0C58-6B53-43CB-86F2-08952C9B8751}
[2012/07/28 09:26:59 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{F7B4B099-10F8-4279-9222-569FEE5CEADD}
[2012/07/27 07:36:16 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{EAA45DC2-D833-4AF1-8124-D13181EF0B3A}
[2012/07/27 07:35:56 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{10FDEE92-F88D-4443-9751-F8F2984B48F3}
[2012/07/26 07:38:30 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{E2AD9392-B05B-4AED-8136-E3B403FA6E77}
[2012/07/26 07:38:11 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{34AFE524-B263-47B2-9641-5A18BCAEF8B1}
[2012/07/25 19:37:34 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{FCA4A0FB-45A2-4CBE-88B7-5AE87885F6D5}
[2012/07/25 19:37:21 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{B97EFE3F-55B5-4B6F-A764-5ED51C85A309}
[2012/07/25 07:36:24 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{68263965-2E67-480D-9002-85C1B297C412}
[2012/07/25 07:36:08 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{0E96F863-50D1-4BE8-8C6E-6FCE143026A2}
[2012/07/24 19:35:27 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{2D329D76-B1B3-496E-9BD2-C577B444B643}
[2012/07/24 19:35:13 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{03B06150-D611-4E83-BDE0-886E3C6BFC00}
[2012/07/24 19:19:29 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
[2012/07/24 07:33:51 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{1BCBB1C0-93B5-4B98-BC2B-859BB9C584BA}
[2012/07/24 07:33:31 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{44691B81-33FB-4A0C-B615-D317BD88A638}
[2012/07/23 19:32:48 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{3F38A075-3C60-4481-B896-EFD91B95D58B}
[2012/07/23 19:32:35 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{47744C18-65FF-4F1C-8797-3313EB6D14E0}
[2012/07/23 07:31:14 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{7AA0AF47-C3B3-4272-9C0C-F04E38F9C88F}
[2012/07/23 07:30:42 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{5EC80708-11DA-437C-9F85-39729C1C30E7}
[2012/07/22 15:02:30 | 000,000,000 | ---D | C] -- C:\Users\Martlin\Desktop\sd card
[2012/07/22 12:57:29 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{5CB614A6-5816-44B0-B110-31C89C0B6CE2}
[2012/07/22 12:53:46 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{B1BE1058-262C-4FA9-9783-2596A68B6143}
[2012/07/21 17:13:59 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{863393A3-3C5B-4F51-8E57-34433889A10F}
[2012/07/21 17:13:35 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{2B8708C0-8A60-445A-A845-B9A7EAB05F59}
[2012/07/21 09:48:42 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{11ACE0F3-C8D3-46A4-9451-0AB9A1017234}
[2012/07/20 19:21:00 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{2E14B339-60FD-4FFC-83B0-33B8B3A5D7E9}
[2012/07/20 07:20:27 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{E5CA2573-404B-40BF-92EA-BB87CBEF9662}
[2012/07/20 07:20:13 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{20F58424-43DB-43E2-9975-3C6436BBC294}
[2012/07/19 19:19:36 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{FE8723FD-7341-41DA-9A93-F48286066CDB}
[2012/07/19 19:19:23 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{ACCBFF81-3684-4EA0-8679-CC30D3270C74}
[2012/07/19 07:18:52 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{AA87F0BB-8FC1-4697-B671-03379095F5B2}
[2012/07/19 07:18:39 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{4B689586-DD0D-4AEC-9FCE-2FF7F4DA9790}
[2012/07/18 19:18:06 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{3517CA46-182C-4BA3-934B-49B82AAF6B1D}
[2012/07/18 19:17:45 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{AF6E1669-F539-444A-9CF0-2BAF9B537DE9}
[2012/07/18 07:16:30 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{8A8023A5-6E43-4B66-9BD9-180B5D8A2269}
[2012/07/18 07:16:15 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{949B755F-3D30-43C9-910C-3E70339E663D}
[2012/07/17 07:41:53 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{156FD38E-90E7-43BB-82D2-710857BB54F2}
[2012/07/17 07:40:36 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{01547206-4A0E-4C60-B6C3-3213A53F02A7}
[2012/07/16 20:25:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis Disk Director Suite
[2012/07/16 20:25:31 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acronis Disk Director Suite
[2012/07/16 20:25:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acronis Disk Director Suite
[2012/07/16 18:41:55 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/07/16 17:51:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Flexible File Synchronizer
[2012/07/16 17:40:58 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Roaming\CleanMyPC Software
[2012/07/16 17:40:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanMyPC Registry Cleaner
[2012/07/16 17:40:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CleanMyPC
[2012/07/16 07:24:39 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{432709AF-3EDF-4CE1-ACCC-84DA7A91E5EA}
[2012/07/16 07:24:19 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{4D2FE887-FAE8-4F40-B85E-FAAD2129C1EA}
[2012/07/15 11:43:08 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{A6D822D2-567F-4706-9EE4-7E81FEF17602}
[2012/07/15 11:42:46 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{5BE768DF-8413-4309-8833-63C08C14EBAE}
[2012/07/14 20:43:29 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{C3A0B4BF-BC73-4DB3-A898-B1054790982B}
[2012/07/14 20:43:16 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{B4D8ED4F-60D7-4563-A780-D3F9245F3719}
[2012/07/14 08:42:05 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{2E0B9CBE-B88B-40A0-85D7-332909B90946}
[2012/07/14 08:41:48 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{FEFE98F8-8971-48BF-A913-3EBCBF0A5852}
[2012/07/13 07:27:15 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{94C31185-08BC-4A64-8569-FDB2FEC025A7}
[2012/07/13 07:26:55 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{8275A07F-BC3E-4170-A355-7812FEED6884}
[2012/07/12 17:38:32 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{9AF96C78-DCED-4ABB-B00D-F27F9C7BDFEB}
[2012/07/12 17:38:13 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{5B623B61-8780-424F-A712-1EDE4985BF65}
[2012/07/11 22:14:16 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{24E92400-E85B-4A49-B0AD-4F8F348456BA}
[2012/07/11 22:13:58 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{02D68A14-ED34-44F4-AA4F-9A18A5AFDD1A}
[2012/07/11 07:08:29 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{279D7BF3-741E-4F9F-91AC-19BB8D5E3E16}
[2012/07/11 07:08:09 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{F85715CA-1944-45F6-8E09-89D7E3E4A682}
[2012/07/10 20:38:39 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2012/07/10 20:38:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2012/07/10 20:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
[2012/07/10 20:38:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software
[2012/07/10 20:38:03 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Roaming\NCH Software
[2012/07/10 07:14:56 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{6868937F-5B14-4872-853E-5082344B5C4B}
[2012/07/10 07:14:32 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{6BE19A82-B003-4CB1-A87B-EFDD6CA46D97}
[2012/07/09 07:24:34 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{6E299C0D-DEB0-495E-A70B-A2021C16F9DC}
[2012/07/09 07:24:14 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{41CB0006-86BA-49DD-B6F1-681A016AA4A1}
[2012/07/08 11:20:35 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{A9632B61-9AAA-43EC-8047-E37465A88FC1}
[2012/07/08 11:20:19 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{98111811-05D7-4E08-B90B-8017AA48C8D3}
[2012/07/07 21:29:53 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{515B425A-EE3D-4A60-9DCA-836D1CA8F09F}
[2012/07/07 21:29:39 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{377E7F57-1BD2-4922-B487-87616D22E22B}
[2012/07/07 09:28:12 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{22E5C143-33EE-4D80-8502-64714764645C}
[2012/07/07 09:27:52 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{189C6A00-FCE1-4FCC-82F0-8BCC8B43CCC7}
[2012/07/06 19:26:18 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{6A5B5229-07A2-408C-B773-506DDA40BF0F}
[2012/07/06 19:26:02 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{B373EAB1-8C33-4B26-8DE8-9C246F87B2BC}
[2012/07/06 07:24:31 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{83B322CB-E78D-4F17-AB8F-3D0E8DC5736C}
[2012/07/06 07:23:57 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{1372B32D-E666-4CB3-9504-5913E7C9540C}
[2012/07/05 07:42:27 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{8D1DCBFB-9C76-4656-9086-3A412DEC6857}
[2012/07/05 07:42:07 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{C55B3A43-47CF-4D92-B50B-56A59D54A339}
[2012/07/04 07:22:49 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{43BB1718-2B67-4853-B15A-947D413AD70C}
[2012/07/04 07:22:27 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{CEFE1D07-8801-49C5-9C07-F91E45FD2D2D}
[2012/07/03 07:42:48 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{DDCFE8B9-684E-4484-8F0E-3CD75966D938}
[2012/07/03 07:42:35 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{639FD061-63F4-48F8-8809-EE5EA007AABD}
[2012/07/02 19:42:01 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{1966B80B-3ECD-4A55-AAF7-427135E5CD7A}
[2012/07/02 19:41:46 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{F70149F9-2E1E-4BE7-883B-014DFF74F73F}
[2012/07/02 07:40:12 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{AF7EAC87-3011-492D-929A-01EDF49BBA1D}
[2012/07/02 07:39:41 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{22D9483E-F990-45E9-800D-4B640B9FCFC0}
[2012/07/01 12:05:37 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{E9C6C840-CD7D-40AB-BE08-EDA8B4B87CF5}
[2012/07/01 12:05:16 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{9F604785-898E-4E67-93DA-673D4DB642F3}

========== Files - Modified Within 30 Days ==========

[2012/07/30 18:12:29 | 000,732,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/30 18:12:29 | 000,632,602 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/30 18:12:29 | 000,112,556 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/30 18:07:18 | 000,881,494 | ---- | M] () -- C:\Users\Martlin\Desktop\SecurityCheck.exe
[2012/07/30 18:06:38 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Martlin\Desktop\aswMBR.exe
[2012/07/30 18:02:48 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Martlin\Desktop\OTL.com
[2012/07/30 17:57:48 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/30 17:57:48 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/30 17:54:14 | 000,147,071 | ---- | M] () -- C:\Users\Martlin\Desktop\system restor error note.jpg
[2012/07/30 17:54:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/30 17:51:15 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/30 17:51:02 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/30 17:47:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/30 17:47:05 | 1405,276,160 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/29 18:25:39 | 000,001,456 | ---- | M] () -- C:\Users\Martlin\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/07/29 09:32:55 | 000,435,712 | ---- | M] (Stardock Systems, Inc) -- C:\Users\Martlin\AppData\Roaming\conde.dll
[2012/07/28 19:37:48 | 000,131,072 | -HS- | M] (Crytek) -- C:\Users\Martlin\AppData\Roaming\cmidg.dll
[2012/07/27 19:55:06 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/27 19:55:06 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/24 18:31:55 | 000,001,382 | -H-- | M] () -- C:\Users\Martlin\Desktop\new nuds - Shortcut.lnk
[2012/07/24 18:31:47 | 000,001,454 | -H-- | M] () -- C:\Users\Martlin\Desktop\The All Seeing O - Shortcut.lnk
[2012/07/20 07:04:33 | 000,002,044 | ---- | M] () -- C:\Users\Martlin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/07/18 07:14:43 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMartlin.job
[2012/07/12 21:26:24 | 005,026,536 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/07/30 18:11:28 | 000,881,494 | ---- | C] () -- C:\Users\Martlin\Desktop\SecurityCheck.exe
[2012/07/30 17:54:11 | 000,147,071 | ---- | C] () -- C:\Users\Martlin\Desktop\system restor error note.jpg
[2012/07/28 20:00:25 | 000,092,160 | ---- | C] () -- C:\Users\Martlin\AppData\Local\{589b81f6-b018-d8ef-ca08-ba8dfdca5d69}\U\80000032.@
[2012/07/28 20:00:24 | 000,080,896 | ---- | C] () -- C:\Users\Martlin\AppData\Local\{589b81f6-b018-d8ef-ca08-ba8dfdca5d69}\U\80000064.@
[2012/07/28 20:00:24 | 000,000,804 | ---- | C] () -- C:\Users\Martlin\AppData\Local\{589b81f6-b018-d8ef-ca08-ba8dfdca5d69}\L\00000004.@
[2012/07/28 20:00:23 | 000,016,896 | ---- | C] () -- C:\Users\Martlin\AppData\Local\{589b81f6-b018-d8ef-ca08-ba8dfdca5d69}\U\80000000.@
[2012/07/28 20:00:22 | 000,002,048 | ---- | C] () -- C:\Users\Martlin\AppData\Local\{589b81f6-b018-d8ef-ca08-ba8dfdca5d69}\U\00000004.@
[2012/07/28 20:00:22 | 000,001,632 | ---- | C] () -- C:\Users\Martlin\AppData\Local\{589b81f6-b018-d8ef-ca08-ba8dfdca5d69}\U\000000cb.@
[2012/07/24 18:31:55 | 000,001,382 | -H-- | C] () -- C:\Users\Martlin\Desktop\new nuds - Shortcut.lnk
[2012/07/24 18:31:47 | 000,001,454 | -H-- | C] () -- C:\Users\Martlin\Desktop\The All Seeing O - Shortcut.lnk
[2012/07/17 17:39:31 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForMartlin.job
[2012/07/10 20:38:09 | 000,001,122 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk
[2012/04/14 10:38:58 | 000,000,132 | ---- | C] () -- C:\Users\Martlin\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/03/13 17:29:31 | 000,001,328 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/03/13 17:29:31 | 000,000,957 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/01/31 17:30:26 | 000,002,048 | -HS- | C] () -- C:\Users\Martlin\AppData\Local\{589b81f6-b018-d8ef-ca08-ba8dfdca5d69}\@
[2012/01/30 19:32:20 | 000,235,520 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/01/09 21:41:48 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\rmc_rtspdl.dll
[2011/11/19 13:53:02 | 000,003,584 | ---- | C] () -- C:\Users\Martlin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/29 20:53:51 | 000,001,456 | ---- | C] () -- C:\Users\Martlin\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/08/23 17:32:50 | 000,001,854 | ---- | C] () -- C:\Users\Martlin\AppData\Roaming\GhostObjGAFix.xml
[2011/06/22 15:52:14 | 004,130,816 | ---- | C] () -- C:\Windows\SysWow64\LS3Renderer.dll
[2011/06/22 13:10:32 | 004,070,912 | ---- | C] () -- C:\Windows\SysWow64\PhotoLooksRenderer.dll
[2011/06/12 18:15:57 | 000,129,024 | ---- | C] () -- C:\Windows\SysWow64\AVERM.dll
[2011/06/12 18:15:56 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\AVEQT.dll
[2011/05/10 08:31:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/05/10 08:09:36 | 000,722,802 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/27 13:19:32 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/04/11 18:46:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/04/11 18:38:40 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2011/04/11 18:38:40 | 000,000,223 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2011/02/18 21:23:26 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/02/18 21:23:26 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/02/18 21:23:26 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/02/18 21:23:26 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010/12/13 18:21:26 | 000,326,656 | ---- | C] () -- C:\Program Files\VOBMerge252.exe
[2010/10/21 07:47:42 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/09/22 03:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

========== Custom Scans ==========

< %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

< %AppData%\Local\ >

< %systemroot%\system32\sysprep >

< *.xpi /md5 >

< %systemroot%\Downloaded Program Files\ >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/20 07:04:26 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/20 07:04:26 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/20 07:04:26 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/07/20 07:04:27 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/07/20 07:04:27 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/20 07:04:27 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 22:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 22:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 22:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2010/11/20 22:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2010/11/20 22:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/07/20 07:04:26 | 000,865,776 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/07/20 07:04:26 | 000,865,776 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/07/20 07:04:26 | 000,865,776 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/07/20 07:04:27 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/07/20 07:04:27 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/07/20 07:04:27 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/14 11:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/14 11:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/14 11:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2010/11/20 22:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2010/11/20 22:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >

< %systemroot%\System32\config\*.sav >

< %SYSTEMDRIVE%\*.exe /md5 >

< "%WinDir%\$NtUninstallKB*$." /30 >

< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< %USERPROFILE%\AppData\Local\ /s >

< %systemroot%\Installer\ /s >

< %systemroot%\system32\Cache\ /s >

descriptionUnknown Malware.... EmptyRe: Unknown Malware....

more_horiz

< %systemroot%\system32\config\systemprofile\Application Data /s >

< %PROGRAMFILES%\*. >
[2011/05/09 21:17:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Ableton
[2012/07/16 20:25:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Acronis Disk Director Suite
[2012/01/06 16:10:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2011/05/26 21:51:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe Media Player
[2012/01/30 19:32:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AnvSoft
[2011/07/07 09:51:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2011/04/11 18:43:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Atheros
[2011/04/11 18:40:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ATI Technologies
[2011/05/15 20:35:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AviSynth 2.5
[2011/10/15 16:44:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2011/04/11 18:43:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cisco
[2012/07/16 17:40:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CleanMyPC
[2012/07/30 17:46:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2011/04/11 18:54:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberLink
[2011/11/19 14:08:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Deskshare
[2011/05/15 21:02:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Digiarty
[2012/03/08 20:32:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DivX
[2011/06/12 14:36:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DVD Decrypter
[2011/05/11 20:03:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DVD Shrink
[2012/05/22 07:12:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2012/07/24 19:19:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Handbrake
[2011/05/17 19:03:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hewlett-Packard
[2011/04/11 19:03:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP Games
[2010/10/21 07:42:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP Photo Creations
[2012/01/26 15:00:16 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/02/01 06:21:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2012/05/29 19:01:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
[2012/01/08 11:01:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Jaksta Technologies
[2012/02/08 17:22:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\JAM Software
[2012/04/11 08:44:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2011/05/09 20:59:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\JRE
[2011/09/21 18:40:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Last.fm
[2012/03/13 17:29:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\lmw32
[2012/01/26 15:00:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LooksBuilder
[2012/07/14 17:56:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/09/02 18:23:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MarkAny
[2012/04/19 18:11:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\McAfee Security Scan
[2011/05/11 19:41:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mediafour
[2011/04/11 19:04:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2012/02/19 14:26:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012/02/19 14:31:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2012/02/01 05:59:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/02/19 14:31:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2012/02/19 14:31:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Sync Framework
[2012/02/19 14:32:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2012/02/19 14:27:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2012/07/24 18:32:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2011/06/12 18:38:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MKVtoolnix
[2011/11/19 13:41:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Moyea
[2012/07/20 07:04:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2012/07/20 16:54:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/02/19 14:33:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2011/05/26 21:50:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\My Company Name
[2011/09/02 18:30:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MyFree Codec
[2012/01/13 22:26:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MysticCoder
[2012/07/10 20:38:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NCH Software
[2011/04/11 18:56:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Norton Internet Security
[2011/04/11 18:56:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NortonInstaller
[2011/05/09 20:43:35 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Online Services
[2011/05/09 20:58:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OpenOffice.org 3
[2012/04/29 19:33:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Photobook Designer
[2011/04/11 18:53:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PictureMover
[2011/10/31 06:36:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2011/05/26 21:24:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\RarZilla Free Unrar
[2011/04/11 18:42:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2011/05/15 20:35:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Red Kawa
[2009/07/14 15:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2011/05/15 20:35:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Regensoft
[2011/09/02 18:24:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Samsung
[2012/07/30 17:46:16 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2011/04/11 18:47:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SoftStylus
[2012/07/16 17:51:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SuperFlexible
[2011/04/11 18:55:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Symantec
[2011/09/23 18:47:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Telstra Turbo Connection Manager
[2011/04/11 18:42:00 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
[2012/01/05 15:20:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Topaz Labs
[2009/07/14 14:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2011/05/09 21:01:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN
[2009/07/14 15:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2012/06/21 17:57:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2012/02/01 06:21:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2012/02/01 06:21:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/14 15:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2012/02/01 06:21:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2012/02/01 06:21:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2012/02/01 06:21:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2012/01/08 11:48:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WMR14
[2011/10/15 17:04:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Yahoo!
[2011/10/14 18:51:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Yontoo Layers Runtime
[2011/05/10 08:13:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ZTEDriver

< %appdata%\*.* >
[2012/05/23 21:01:39 | 000,000,132 | ---- | M] () -- C:\Users\Martlin\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/07/28 19:37:48 | 000,131,072 | -HS- | M] (Crytek) -- C:\Users\Martlin\AppData\Roaming\cmidg.dll
[2012/07/29 09:32:55 | 000,435,712 | ---- | M] (Stardock Systems, Inc) -- C:\Users\Martlin\AppData\Roaming\conde.dll
[2012/05/15 17:33:57 | 000,001,854 | ---- | M] () -- C:\Users\Martlin\AppData\Roaming\GhostObjGAFix.xml

< MD5 for: AFD.SYS >
[2011/04/25 12:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
[2009/07/14 09:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
[2010/11/20 19:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011/04/25 12:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\SysNative\drivers\afd.sys
[2011/04/25 12:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011/04/25 13:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[2011/04/25 12:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 11:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 11:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 11:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 11:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16552_none_394a8c733b252fb9\atapi.sys
[2009/07/14 11:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16593_none_39204d0d3b44b8d4\atapi.sys
[2009/07/14 11:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20545_none_39e1f82254380270\atapi.sys
[2009/07/14 11:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20669_none_39d05b5854449cd5\atapi.sys
[2009/07/14 11:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20713_none_3a006b1e5421763d\atapi.sys
[2009/07/14 11:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2010/11/20 23:25:59 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\Windows\SysNative\cryptsvc.dll
[2010/11/20 23:25:59 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[2009/07/14 11:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009/07/14 11:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
[2010/11/20 22:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\SysWOW64\cryptsvc.dll
[2010/11/20 22:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll

< MD5 for: DNSRSLVR.DLL >
[2011/03/03 16:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=16835866AAA693C7D7FCEBA8FFF706E4 -- C:\Windows\SysNative\dnsrslvr.dll
[2011/03/03 16:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=16835866AAA693C7D7FCEBA8FFF706E4 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_3fc3a19c992d2ff6\dnsrslvr.dll
[2009/07/14 11:40:32 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=676108C4E3AA6F6B34633748BD0BEBD9 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16385_none_3dd76e849c0a6a12\dnsrslvr.dll
[2011/03/03 16:17:10 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=85CF424C74A1D5EC33533E1DBFF9920A -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16772_none_3ddf452a9c04f6b8\dnsrslvr.dll
[2011/03/03 16:12:55 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=B2205BAEAE4C178ABEB1B149751FC2B9 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_40503f45b2481bc5\dnsrslvr.dll
[2010/11/20 23:26:07 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=CD55F5355D8F55D44C9F4ED875705BD6 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsrslvr.dll
[2011/03/03 16:23:37 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=D8065FA366D28746EE3D75F08ED6B2FE -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.20914_none_3eabc3f7b4f01eb1\dnsrslvr.dll

< MD5 for: ES.DLL >
[2009/07/14 11:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\SysNative\es.dll
[2009/07/14 11:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\winsxs\amd64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_68e290c46b6ea6d0\es.dll
[2009/07/14 11:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\SysWOW64\es.dll
[2009/07/14 11:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\winsxs\wow64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_73373b169fcf68cb\es.dll

< MD5 for: EXPLORER.EXE >
[2011/02/26 16:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 15:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 11:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 15:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/10/21 07:57:00 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 15:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 16:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 16:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 16:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 22:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/10/21 07:53:54 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/10/21 07:57:00 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/10/21 07:53:54 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 23:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/10/21 07:57:00 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/10/21 07:53:54 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 11:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/10/21 07:57:00 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 16:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/10/21 07:53:54 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: IPNATHLP.DLL >
[2009/07/14 11:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\SysNative\ipnathlp.dll
[2009/07/14 11:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\ipnathlp.dll

< MD5 for: NETBT.SYS >
[2010/11/20 19:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\SysNative\drivers\netbt.sys
[2010/11/20 19:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys
[2009/07/14 09:21:29 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=9162B273A44AB9DCE5B44362731D062A -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_bc59ba0910f52e0c\netbt.sys

< MD5 for: NETMAN.DLL >
[2009/07/14 11:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\SysNative\netman.dll
[2009/07/14 11:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\winsxs\amd64_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_6bb20d3d6b80d9da\netman.dll

< MD5 for: QMGR.DLL >
[2010/11/20 23:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010/11/20 23:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
[2009/07/14 11:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll

< MD5 for: RPCSS.DLL >
[2010/11/20 23:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\SysNative\rpcss.dll
[2010/11/20 23:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2009/07/14 11:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) MD5=7266972E86890E2B30C0C322E906B027 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll

< MD5 for: SERVICES.EXE >
[2009/07/14 11:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 11:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 11:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 11:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2011/04/25 15:28:24 | 001,893,248 | ---- | M] (Microsoft Corporation) MD5=1F748D5439B65E0BEBD92F65048F030D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys
[2011/09/30 03:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[2010/11/20 23:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2011/06/21 16:16:55 | 001,888,128 | ---- | M] (Microsoft Corporation) MD5=5279D4DD69C7C71524B8E7A5746D15CC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_0f8ed978993fa916\tcpip.sys
[2010/10/21 07:59:00 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2011/04/25 15:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys
[2010/10/21 07:59:00 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009/07/14 11:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2011/04/25 15:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2011/06/21 16:20:30 | 001,914,752 | ---- | M] (Microsoft Corporation) MD5=A0EB71E0DC047C7CC95CD6AB4036296E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_11a276c29643d7ec\tcpip.sys
[2011/09/30 02:17:51 | 001,886,064 | ---- | M] (Microsoft Corporation) MD5=AC3E29880DB5659532A1AA3439304A43 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_0fad20ca992955d7\tcpip.sys
[2011/04/25 16:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2011/06/21 16:27:14 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=B9D87C7707F058AC652A398CD28DE14B -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_0f4d1e3b7feb1307\tcpip.sys
[2011/06/21 16:34:00 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=F0E98C00A09FDF791525829A1D14240F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_11327af77d12659c\tcpip.sys
[2011/09/30 02:24:44 | 001,897,328 | ---- | M] (Microsoft Corporation) MD5=F18F56EFC0BFB9C87BA01C37B27F4DA5 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_0f170e9f80139ebc\tcpip.sys
[2011/09/30 02:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\SysNative\drivers\tcpip.sys
[2011/09/30 02:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys

< MD5 for: TDX.SYS >
[2009/07/14 09:21:15 | 000,099,840 | ---- | M] (Microsoft Corporation) MD5=079125C4B17B01FCAEEBCE0BCB290C0F -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_4632b9f2f5c6af5e\tdx.sys
[2010/11/20 19:21:56 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\SysNative\drivers\tdx.sys
[2010/11/20 19:21:56 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys

< MD5 for: USERINIT.EXE >
[2010/11/20 22:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 22:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 11:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 11:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 23:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 23:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2010/11/20 23:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\drivers\volsnap.sys
[2010/11/20 23:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
[2010/11/20 23:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys
[2009/07/14 11:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_71aba92815c60174\volsnap.sys

< MD5 for: WININIT.EXE >
[2009/07/14 11:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 11:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 11:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 11:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 23:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 23:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 11:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/10/21 07:57:00 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/10/21 07:57:00 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WMISVC.DLL >
[2009/07/14 11:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\SysNative\wbem\WMIsvc.dll
[2009/07/14 11:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7600.16385_none_fca7ad7710a22535\WMIsvc.dll
[2009/07/14 11:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7601.17514_none_fed8c13f0d90a8cf\WMIsvc.dll

< MD5 for: WSCSVC.DLL >
[2010/12/21 16:09:08 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=34D280957E8681E4BD9492B3F1FC27B9 -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.20862_none_76d192b6e4d9ed67\wscsvc.dll
[2010/12/21 16:16:27 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=8F9F3969933C02DA96EB0F84576DB43E -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16723_none_767435e5cb9af730\wscsvc.dll
[2009/07/14 11:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\SysNative\wscsvc.dll
[2009/07/14 11:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16385_none_76354f59cbc9dce8\wscsvc.dll
[2009/07/14 11:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7601.17514_none_78666321c8b86082\wscsvc.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:C119EC96
@Alternate Data Stream - 969 bytes -> C:\Users\Martlin\AppData\Local\Temp:Oh6TYR9s4U3WyY8Nl1XcFaxFW
@Alternate Data Stream - 157 bytes -> C:\ProgramData\Temp:ECF54A0E
@Alternate Data Stream - 1067 bytes -> C:\Users\Martlin\AppData\Local\3lSewNl8Nv5dSQ:BpHW5HP9JYncoQOKjUiQ

< End of report >

descriptionUnknown Malware.... EmptyRe: Unknown Malware....

more_horiz
aswMRB LOG:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-30 18:58:06
-----------------------------
18:58:06.267 OS Version: Windows x64 6.1.7601 Service Pack 1
18:58:06.267 Number of processors: 2 586 0x603
18:58:06.267 ComputerName: MARTLIN-HP UserName: Martlin
18:58:10.979 Initialize success
19:00:18.180 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000061
19:00:18.180 Disk 0 Vendor: WDC_WD50 02.0 Size: 476940MB BusType: 11
19:00:18.195 Disk 0 MBR read successfully
19:00:18.195 Disk 0 MBR scan
19:00:18.211 Disk 0 unknown MBR code
19:00:18.211 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
19:00:18.211 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 458664 MB offset 409600
19:00:18.258 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17972 MB offset 939753472
19:00:18.273 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
19:00:18.320 Disk 0 scanning C:\Windows\system32\drivers
19:00:27.291 Service scanning
19:01:03.530 Modules scanning
19:01:03.546 Disk 0 trace - called modules:
19:01:03.577 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
19:01:03.592 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80025d1060]
19:01:03.608 3 CLASSPNP.SYS[fffff88001b8a43f] -> nt!IofCallDriver -> [0xfffffa8002589b80]
19:01:03.624 5 amd_xata.sys[fffff8800106c7a8] -> nt!IofCallDriver -> \Device\00000061[0xfffffa8002472850]
19:01:03.624 Scan finished successfully
19:01:56.695 Disk 0 MBR has been saved successfully to "H:\MBR.dat"
19:01:56.710 The log file has been saved successfully to "H:\aswMBR.txt"


descriptionUnknown Malware.... EmptyRe: Unknown Malware....

more_horiz
Security Check Log:

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
CleanMyPC - Registry Cleaner
Java(TM) 6 Update 20
Java(TM) 6 Update 31
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Symantec Norton Online Backup NOBuAgent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 6%
````````````````````End of Log``````````````````````

descriptionUnknown Malware.... EmptyRe: Unknown Malware....

more_horiz
oops, I nearly forgot to post the Extras Log from OTL:

OTL Extras logfile created on: 7/30/2012 6:18:02 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Martlin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.75 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 48.51% Memory free
3.49 Gb Paging File | 1.89 Gb Available in Paging File | 54.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447.91 Gb Total Space | 104.37 Gb Free Space | 23.30% Space Free | Partition Type: NTFS
Drive D: | 17.55 Gb Total Space | 2.54 Gb Free Space | 14.47% Space Free | Partition Type: NTFS
Drive F: | 1397.26 Gb Total Space | 211.25 Gb Free Space | 15.12% Space Free | Partition Type: NTFS
Drive H: | 7.47 Gb Total Space | 2.34 Gb Free Space | 31.31% Space Free | Partition Type: FAT32

Computer Name: MARTLIN-HP | User Name: Martlin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04C43897-5DE2-4EF0-A4AF-BF6BA06F1E2A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{11D71FC1-396F-4BBA-B365-D5B506A2302A}" = lport=138 | protocol=17 | dir=in | app=system |
"{17760192-8F7A-4E6B-A044-44B85BECBDD1}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1B1C20CB-98DB-46E8-AAD9-AC7347AA0FC4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{22E5D2F2-317C-4314-BBBB-316A6DFB4421}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{319279F4-6119-4DC5-A000-D4FAB6665861}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4BC1E8F5-4E33-4021-8C07-FE8D320FACE4}" = lport=137 | protocol=17 | dir=in | app=system |
"{5ABBEE89-13B9-4886-8887-95DC80C2F408}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6755692A-3382-4C96-AEAB-2933F993CBAE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{6FE965E5-0788-4B28-82FF-836EC567113D}" = lport=139 | protocol=6 | dir=in | app=system |
"{7E30C184-0549-4CD2-86F7-BC9D921CBA75}" = rport=139 | protocol=6 | dir=out | app=system |
"{87781C2E-7D49-41A2-9AC3-B6E0373DD6EF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{982D0C2E-4D57-4CC5-BB04-9AA0AF006109}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9DA8400E-7C5E-4729-9E11-F6D7341F9286}" = rport=138 | protocol=17 | dir=out | app=system |
"{A191E973-6CF5-41F7-B6A7-1A87989D21C4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AB3FF279-1CF2-4BB1-B935-E853CEDA5D81}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B6A3FBCA-665D-4DBF-86A9-D14EFD6CD578}" = rport=445 | protocol=6 | dir=out | app=system |
"{BB308298-73C4-47D3-A88E-2774005F1025}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C62A3D05-137E-4C65-A9CC-0EBEBF0C30AD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{D90936FD-D44D-41DA-A542-A3E04A3B8D18}" = lport=445 | protocol=6 | dir=in | app=system |
"{DBB28318-3973-4A92-A8A9-E107337D17CC}" = rport=137 | protocol=17 | dir=out | app=system |
"{E6CC662C-93BB-44C9-8CB1-A354A42F4C78}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EFCF86BB-5C7E-427A-8C8F-A564CB52B3AB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002112FD-B3B6-413B-9DB0-8E2C353212EA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{00257A15-4B85-4025-96FA-716CAAD883F8}" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"{0627458F-9E6C-4086-B214-A996C1B5A54E}" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"{06C2B49C-DB10-4AE0-94F2-2CD5E1CEE90B}" = protocol=6 | dir=in | app=c:\program files\adobe\adobe media encoder cs5\adobe media encoder.exe |
"{0A983FFF-B167-48F8-9BFD-051DFD623356}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{0D9C387A-B427-408C-86AD-A945599B4502}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{11422511-43AC-49B0-B84F-FA9CD5761159}" = dir=out | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
"{1199F61B-2565-4275-A1A0-C1E1AEB895EF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{279CAB48-F47B-4CDE-B316-548DE0F6145A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{284ADCDA-F73B-4DEF-9336-5BE66A831BA1}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
"{34583150-908E-4829-93FD-720F679F75DC}" = protocol=17 | dir=in | app=c:\program files\adobe\adobe media encoder cs5\adobe media encoder.exe |
"{3502845F-4CA6-4DC4-9CF4-7A6DC5165DC5}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{3B3F386A-5F9B-4342-AF35-62C3CC33FFD0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{421AE044-55EC-4863-8174-3BF777F3A6EC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{425DDC42-04EB-4395-9D71-0C69F6C49058}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{540C25FA-8F7E-47BB-82CA-C7A2AF991C20}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{6013DE5E-DBD4-4AFD-AA80-7F06D4684710}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{624685D1-1A0C-44C1-A23A-78753EB9050F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{629C3541-4EB3-451D-9954-619B697A3C06}" = protocol=6 | dir=in | app=c:\users\martlin\appdata\roaming\dropbox\bin\dropbox.exe |
"{65273B2D-52A0-4078-B59B-6B1F02FA87ED}" = protocol=6 | dir=in | app=c:\program files\adobe\adobe after effects cs5\support files\afterfx.exe |
"{70D5E573-0ACC-4464-807C-DB6F7E62E4F6}" = protocol=17 | dir=in | app=c:\program files\adobe\adobe after effects cs5\support files\afterfx.exe |
"{73C67A8F-C66B-4355-9B26-63F872BC6F27}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{7773861A-AAFA-42C0-AB04-6EDDC9F42556}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8327FF82-BA86-49FF-A717-B56E4602F3D4}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{92929CAC-7DCB-4E74-B0A4-40B4B3CE40E0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A50A01F5-7F54-4881-8C07-1108BF2CB5DB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AA7B179F-1EF0-48A4-B52F-7ABA5C5FF599}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{ADE73DDD-4E74-4A3B-8936-49D7491870CA}" = protocol=17 | dir=in | app=c:\program files\adobe\adobe premiere pro cs5\adobe premiere pro.exe |
"{B452F37C-2640-4848-9BC1-9C22F8915F25}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{C0D1EF33-B95E-4D3E-A114-8EFD252C7643}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{D21273BE-1BF6-44F1-8EDD-90AE3DC55DF5}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{E49A00DD-6247-49F7-B601-83AB8BF74800}" = protocol=6 | dir=in | app=c:\program files\adobe\adobe premiere pro cs5\adobe premiere pro.exe |
"{F8AEAB84-9443-4531-A627-D23654271232}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F8AF18D9-22B0-4C34-AB3B-4970BE16F289}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FC4B30FB-C836-4C63-B034-AFE27ED7AFD4}" = protocol=17 | dir=in | app=c:\users\martlin\appdata\roaming\dropbox\bin\dropbox.exe |
"{FFE0209E-4767-4E55-AE23-79369A3B2D5C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{1446B45F-C906-4EC3-87C9-25E066F5A91E}C:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe |
"TCP Query User{2E72C5FE-6CD7-44E3-AB31-38CD72A13F95}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{2F8C170E-0E79-4DD3-8210-5417B8B02468}C:\users\martlin\appdata\roaming\exywu\yzic.exe" = protocol=6 | dir=in | app=c:\users\martlin\appdata\roaming\exywu\yzic.exe |
"TCP Query User{642FF45B-FD0B-41A5-B645-4B900A53C254}C:\program files\adobe\adobe media encoder cs5\adobe media encoder.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe media encoder cs5\adobe media encoder.exe |
"TCP Query User{70BE4C10-26D6-4B8B-8450-D6AACAAC52E6}C:\program files\adobe\adobe after effects cs5\support files\afterfx.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe after effects cs5\support files\afterfx.exe |
"TCP Query User{C36DDBBF-A7AD-405E-8CB7-D6321F9BE8F3}C:\users\martlin\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\martlin\appdata\roaming\spotify\spotify.exe |
"TCP Query User{C3D6F140-A65E-4F26-A3E6-BDAAAFDE581C}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{E8726CAE-0974-488C-9487-2D0343B08AFE}C:\program files\adobe\adobe premiere pro cs5\adobe premiere pro.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe premiere pro cs5\adobe premiere pro.exe |
"TCP Query User{FF1555CA-7363-4374-9AAB-D2001898071F}C:\program files\adobe\adobe photoshop cs5 (64 bit)\photoshop.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe photoshop cs5 (64 bit)\photoshop.exe |
"UDP Query User{1E8D7872-ABAC-4CC2-8F30-30396FBBF8E2}C:\program files\adobe\adobe media encoder cs5\adobe media encoder.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe media encoder cs5\adobe media encoder.exe |
"UDP Query User{3831DABC-C75C-4817-BF7D-3E56A7A16BB1}C:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe |
"UDP Query User{39CEF46E-3EAC-4DF4-8DAC-B8A6A1FF5228}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{61FEBA62-8E7C-4CEB-A145-912A4CD5C05F}C:\program files\adobe\adobe premiere pro cs5\adobe premiere pro.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe premiere pro cs5\adobe premiere pro.exe |
"UDP Query User{7A30DB12-CFE5-41E2-A80F-3F699E775660}C:\users\martlin\appdata\roaming\exywu\yzic.exe" = protocol=17 | dir=in | app=c:\users\martlin\appdata\roaming\exywu\yzic.exe |
"UDP Query User{895F7519-AC0F-440F-B3BC-DE6BF4DD4064}C:\program files\adobe\adobe after effects cs5\support files\afterfx.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe after effects cs5\support files\afterfx.exe |
"UDP Query User{CCB3AFC8-8F81-4B85-9D1F-3D3347A389D8}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{E4B397D5-BB83-4DD9-B2EB-BA071076142F}C:\users\martlin\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\martlin\appdata\roaming\spotify\spotify.exe |
"UDP Query User{EDF235AE-651A-45A2-A129-A66B2587CA0A}C:\program files\adobe\adobe photoshop cs5 (64 bit)\photoshop.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe photoshop cs5 (64 bit)\photoshop.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{06B60360-9DBD-4593-90A0-FD237F0845A2}" = Topaz DeNoise 5 (64-bit)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{091A0130-A82F-4A6D-9C61-3BBBB3289030}" = RtVOsd
"{1387BA33-3FAC-49E9-B545-0E8D3BBC550B}" = Adobe Photoshop Lightroom 3 64-bit
"{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}" = HP Wireless Assistant
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0921-000001000000}" = 7-Zip 9.21 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java(TM) 6 Update 21 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{28FA742C-DC52-9804-7116-E198E0AEFAE4}" = ATI Catalyst Install Manager
"{2B092722-5855-466F-B7A5-8C5E64C64C77}" = Magic Bullet Suite 64-bit
"{2D7B64F7-E9A3-C49B-9CEA-C4FE05F887E9}" = ccc-utility64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ZTE USB Driver" = ZTE USB Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{078BE4C5-D0AA-5AD1-6195-D4E9FB7CA8F7}" = CCC Help Greek
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1266764D-FC4F-4FA7-B63B-884D53B1680F}" = NetAssistant
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19D87B80-626A-B57F-37F2-30329A5FA056}" = CCC Help Korean
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21C887C2-008E-0610-96F8-74AB3AF22784}" = CCC Help Chinese Standard
"{2385DA7C-F545-4E66-A968-D464F0519425}" = HP Documentation
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28639B03-FEF0-06B0-72AE-4DC2F5FE7197}" = Catalyst Control Center Graphics Previews Common
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2A435018-6957-76A6-36A6-FB34F4EF5F6D}" = CCC Help Turkish
"{330A754C-2B53-0C5F-057F-283EC9D01D5A}" = CCC Help Japanese
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}" = Adobe Shockwave Player 11.5
"{3EB4E1B3-5C51-D460-D305-9077DA4711B7}" = CCC Help French
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{489A887E-1F33-2DB8-B856-291B6729D832}" = CCC Help Dutch
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D31A225-453B-4798-8452-9F2181CA6971}" = SoftStylus
"{4F649712-FA36-502C-B26B-88A9D091E1DF}" = CCC Help Finnish
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52DE3AF0-1C26-4258-9A04-9AEBF3E145F7}" = Catalyst Control Center - Branding
"{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup
"{5535B1B7-AB06-2922-C3F6-DEDA4E823903}" = CCC Help Italian
"{5559EC94-8051-4E5B-B878-C23AF633697B}" = FixerBundle
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5A19A119-86B6-FD94-7479-7A4AED4F2D82}" = Catalyst Control Center Graphics Previews Vista
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5F479D0A-ABB5-DE85-2C6A-92566C7FB813}" = CCC Help Polish
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6863508E-00B6-34DF-31FA-DD8D57E8CEE0}" = CCC Help Thai
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{705B639E-FAAF-40D7-AD58-C445321C7C3F}" = LightScribe System Software
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A0AAE7D-BEED-DD34-58EA-304DAC2EF7B6}" = CCC Help Norwegian
"{7B939E98-D099-5172-FF4C-673B96ED3D13}" = CCC Help Portuguese
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8337F301-A848-71AC-4699-51B5153085EE}" = CCC Help German
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84160DF4-D1B0-428F-EFE7-4CA2E14B5CD2}" = Catalyst Control Center Localization All
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89EBB60F-5F24-2153-AEF2-F7E33B2DD8DB}" = CCC Help Russian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E07D32B-162C-4AF3-BCF1-6A8E7FC5772D}" = MysticThumbs
"{8EFD09A6-E374-8519-68A9-A3F7383C29AA}" = CCC Help Hungarian
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7C5B1ECD-FE93-4FB2-A51A-06451BA49969}" =
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = Telstra Turbo Connection Manager
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97174E88-52F9-445A-A28E-704A45332D19}" = HP Software Framework
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E82D1DB-3AFB-4D18-A221-081F1B4B4789}" = Topaz DeNoise 5
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2C23ED8-6C37-F32D-3108-3E91BEDEDCA8}" = CCC Help Swedish
"{A47B6CB9-E31C-B471-75FF-F42236292750}" = CCC Help Spanish
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3.3 MUI
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = Compaq Setup Manager
"{AF306BD8-F9D1-4627-89B9-246E59074A05}" = HP Power Manager
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE081CB8-1970-88F1-A4D8-FC435D2E86C1}" = ccc-core-static
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9DB57B7-7C15-596C-6D5B-4CF06CF98E41}" = CCC Help English
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E599494B-C668-E1C7-09A4-76A33BDC03F6}" = CCC Help Czech
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E68A38AA-A1B2-114E-19FA-F07D54683077}" = Catalyst Control Center InstallProxy
"{EA426461-31AA-4AB3-B15D-EDD748F08394}_is1" = Moyea YouTube FLV Downloader version: 3.1.2.26
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skypeâ„¢ 5.10
"{EF682D1C-591D-48B5-9803-628DA622C281}" = HP Quick Launch
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F12B4E57-D702-E193-E8AF-C93EDB8DF63E}" = CCC Help Chinese Traditional
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0E7A1C-68C3-99E1-A5DD-0749CFAB7AB9}" = CCC Help Danish
"Ableton Live_is1" = Ableton Live v6.0.3
"Acronis Disk Director Suite" = Acronis Disk Director Suite 11
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Android SDK Tools" = Android SDK Tools
"Any Video Converter Ultimate_is1" = Any Video Converter Ultimate 4.3.1
"AviSynth" = AviSynth 2.5
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CleanMyPC - Registry Cleaner_is1" = CleanMyPC - Registry Cleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Debut" = Debut Video Capture Software
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"Focus Magic" = Focus Magic
"HandBrake" = HandBrake 0.9.8
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2B092722-5855-466F-B7A5-8C5E64C64C77}" = Magic Bullet Suite 64-bit
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"Label Matrix 32" = Label Matrix 32
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"MKVtoolnix" = MKVtoolnix 4.8.0
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"My HP Game Console" = HP Game Console
"My Screen Recorder 3.0_is1" = My Screen Recorder 3.0
"My Screen Recorder Pro_is1" = My Screen Recorder Pro 2.67
"NIS" = Norton Internet Security
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"RarZilla Free Unrar" = RarZilla Free Unrar
"Super Flexible File Synchronizer_is1" = Super Flexible File Synchronizer v4.59b
"Topaz DeNoise 5" = Topaz DeNoise 5
"Topaz DeNoise 5 (64-bit)" = Topaz DeNoise 5 (64-bit)
"TreeSize Free_is1" = TreeSize Free V2.6
"Videora iPod Converter" = Videora iPod Converter 6
"VLC media player" = VLC media player 1.1.9
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WinX Free VOB to MP4 Converter_is1" = WinX Free VOB to MP4 Converter 2.0.7
"WM Recorder 14" = WM Recorder 14
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087343" = Dora's World Adventure
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087533" = Zuma Deluxe
"WT089299" = Mystery P.I. - The London Caper
"WT089300" = World Cup Cricket 20-20
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"Yahoo! Software Update" = Yahoo! Software Update
"Yahoo!7 Messenger" = Yahoo!7 Messenger
"YouTube Downloader App" = YouTube Downloader App 3.00
"YTdetect" = Yahoo! Detect
"ZumoDrive" = HP CloudDrive

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"MyFreeCodec" = MyFreeCodec
"NetAssistant 3.6.5" = NetAssistant for Firefox
"Photobook Designer" = Photobook Designer
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/10/2012 6:48:41 AM | Computer Name = Martlin-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/10/2012 6:48:41 AM | Computer Name = Martlin-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 16287

Error - 3/10/2012 6:48:41 AM | Computer Name = Martlin-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16287

Error - 3/11/2012 12:36:47 AM | Computer Name = Martlin-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/11/2012 12:36:47 AM | Computer Name = Martlin-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4119

Error - 3/11/2012 12:36:47 AM | Computer Name = Martlin-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4119

Error - 3/11/2012 12:36:48 AM | Computer Name = Martlin-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/11/2012 12:36:48 AM | Computer Name = Martlin-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5398

Error - 3/11/2012 12:36:48 AM | Computer Name = Martlin-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5398

Error - 3/11/2012 4:53:07 PM | Computer Name = Martlin-HP | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
Multiple
requestedPrivileges elements are not allowed in manifest.

Error - 3/11/2012 4:57:27 PM | Computer Name = Martlin-HP | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

[ Hewlett-Packard Events ]
Error - 6/21/2011 3:38:50 AM | Computer Name = Martlin-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061121053843.xml
File not created by asset agent

Error - 7/5/2011 4:00:02 AM | Computer Name = Martlin-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\071105055956.xml
File not created by asset agent

Error - 8/23/2011 3:32:44 AM | Computer Name = Martlin-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081123053240.xml
File not created by asset agent

Error - 9/20/2011 3:31:31 AM | Computer Name = Martlin-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091120053126.xml
File not created by asset agent

Error - 10/11/2011 2:25:57 AM | Computer Name = Martlin-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\101111052552.xml
File not created by asset agent

Error - 12/20/2011 2:48:01 AM | Computer Name = Martlin-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\121120054756.xml
File not created by asset agent

Error - 2/7/2012 2:45:45 AM | Computer Name = Martlin-HP | Source = Hewlett-Packard | ID = 0
Description = en-AU Exception of type 'System.Exception' was thrown. Configurator
at Configurator.ConfiguratorClass.loadXML() at Configurator.ConfiguratorClass..ctor(Boolean
loadxml) at HPSFConfigReader.ConfigHelper..ctor() at HPAssistant.csSettings.loadApplicationResources(Boolean
isOnAppLoad)

[ HP Wireless Assistant Events ]
Error - 6/29/2012 7:52:54 PM | Computer Name = Martlin-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 7/4/2012 5:15:32 AM | Computer Name = Martlin-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 7/8/2012 5:26:17 PM | Computer Name = Martlin-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 7/9/2012 3:23:53 AM | Computer Name = Martlin-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 7/10/2012 3:52:39 AM | Computer Name = Martlin-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 7/12/2012 3:42:56 AM | Computer Name = Martlin-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.b__c()

Error - 7/16/2012 3:19:56 AM | Computer Name = Martlin-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.b__c()

Error - 7/17/2012 3:19:03 AM | Computer Name = Martlin-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 7/20/2012 7:50:52 PM | Computer Name = Martlin-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 7/23/2012 3:22:06 AM | Computer Name = Martlin-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

[ System Events ]
Error - 7/29/2012 12:14:18 AM | Computer Name = Martlin-HP | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.

Error - 7/29/2012 3:00:27 AM | Computer Name = Martlin-HP | Source = DCOM | ID = 10010
Description =

Error - 7/29/2012 3:07:46 AM | Computer Name = Martlin-HP | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.

Error - 7/29/2012 4:48:11 AM | Computer Name = Martlin-HP | Source = DCOM | ID = 10010
Description =

Error - 7/29/2012 4:58:57 AM | Computer Name = Martlin-HP | Source = DCOM | ID = 10010
Description =

Error - 7/30/2012 3:39:08 AM | Computer Name = Martlin-HP | Source = Service Control Manager | ID = 7038
Description = The sppsvc service was unable to log on as NT AUTHORITY\NetworkService
with the currently configured password due to the following error: %%1352 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 7/30/2012 3:39:08 AM | Computer Name = Martlin-HP | Source = Service Control Manager | ID = 7000
Description = The Software Protection service failed to start due to the following
error: %%1069

Error - 7/30/2012 3:39:08 AM | Computer Name = Martlin-HP | Source = Service Control Manager | ID = 7038
Description = The wscsvc service was unable to log on as NT AUTHORITY\LocalService
with the currently configured password due to the following error: %%1352 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 7/30/2012 3:39:08 AM | Computer Name = Martlin-HP | Source = Service Control Manager | ID = 7000
Description = The Security Center service failed to start due to the following error:
%%1069

Error - 7/30/2012 3:39:24 AM | Computer Name = Martlin-HP | Source = Service Control Manager | ID = 7023
Description = The Windows Update service terminated with the following error: %%-2147467243


< End of report >

descriptionUnknown Malware.... EmptyRe: Unknown Malware....

more_horiz
I hope someone can help!!

Thanks Smile...

descriptionUnknown Malware.... EmptyRe: Unknown Malware....

more_horiz
Hi!

  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan

Unknown Malware.... RGKRScan


  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.

Unknown Malware.... RGKRDelete


  • The report has been created on the desktop.


  • Next click on the ShortcutsFix

    Unknown Malware.... RGKRShortcutsFix
  • The report has been created on the desktop.

Please post:

All RKreport.txt text files located on your desktop.

descriptionUnknown Malware.... EmptyRe: Unknown Malware....

more_horiz
I didn't get an All RKreport.txt file when it was done, but here are the three individua reports it made after each one:


LOG 1:

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRKgmailcom
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Martlin [Admin rights]
Mode: Scan -- Date: 07/30/2012 20:45:44

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 8 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : Laifliep (C:\Users\Martlin\AppData\Roaming\Exywu\yzic.exe) -> FOUND
[BLACKLIST DLL] HKCU\[...]\Run : cmidg (rundll32.exe "C:\Users\Martlin\AppData\Roaming\cmidg.dll",SetCurrentIndex2) -> FOUND
[BLACKLIST DLL] HKCU\[...]\Run : conde ("C:\Windows\System32\rundll32.exe" "C:\Users\Martlin\AppData\Roaming\conde.dll",_GetSlice) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-1926778873-3121763269-34881918-1000[...]\Run : Laifliep (C:\Users\Martlin\AppData\Roaming\Exywu\yzic.exe) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-21-1926778873-3121763269-34881918-1000[...]\Run : cmidg (rundll32.exe "C:\Users\Martlin\AppData\Roaming\cmidg.dll",SetCurrentIndex2) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-21-1926778873-3121763269-34881918-1000[...]\Run : conde ("C:\Windows\System32\rundll32.exe" "C:\Users\Martlin\AppData\Roaming\conde.dll",_GetSlice) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : c:\users\martlin\appdata\local\{589b81f6-b018-d8ef-ca08-ba8dfdca5d69}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\users\martlin\appdata\local\{589b81f6-b018-d8ef-ca08-ba8dfdca5d69}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\users\martlin\appdata\local\{589b81f6-b018-d8ef-ca08-ba8dfdca5d69}\L --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
0.0.0.0 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD50 00BEVT-60A0RT0 SATA Disk Device +++++
--- User ---
[MBR] a765165ca861f1ea1ca4600829a1d823
[BSP] 51461fa8841feaa215c83ddfe96a8e09 : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 458664 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 939753472 | Size: 17972 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WD Ext HDD 1021 USB Device +++++
--- User ---
[MBR] dcc9a7ea9a3bc5d0fad142916a4e0af8
[BSP] 4f1bd685eac03a4d39e7daced34583b5 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1430796 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: SanDisk Cruzer Micro USB Device +++++
--- User ---
[MBR] 4a296257b22c19f9bfb72764b330eeb0
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 44 | Size: 7655 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



descriptionUnknown Malware.... EmptyRe: Unknown Malware....

more_horiz
LOG 2:

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRKgmailcom
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Martlin [Admin rights]
Mode: Remove -- Date: 07/30/2012 20:46:10

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 5 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : Laifliep (C:\Users\Martlin\AppData\Roaming\Exywu\yzic.exe) -> DELETED
[BLACKLIST DLL] HKCU\[...]\Run : cmidg (rundll32.exe "C:\Users\Martlin\AppData\Roaming\cmidg.dll",SetCurrentIndex2) -> DELETED
[BLACKLIST DLL] HKCU\[...]\Run : conde ("C:\Windows\System32\rundll32.exe" "C:\Users\Martlin\AppData\Roaming\conde.dll",_GetSlice) -> DELETED
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : c:\users\martlin\appdata\local\{589b81f6-b018-d8ef-ca08-ba8dfdca5d69}\@ --> REMOVED
[Del.Parent][FILE] 00000004.@ : c:\users\martlin\appdata\local\{589b81f6-b018-d8ef-ca08-ba8dfdca5d69}\U\00000004.@ --> REMOVED
[Del.Parent][FILE] 000000cb.@ : c:\users\martlin\appdata\local\{589b81f6-b018-d8ef-ca08-ba8dfdca5d69}\U\000000cb.@ --> REMOVED
[Del.Parent][FILE] 80000000.@ : c:\users\martlin\appdata\local\{589b81f6-b018-d8ef-ca08-ba8dfdca5d69}\U\80000000.@ --> REMOVED
[Del.Parent][FILE] 80000032.@ : c:\users\martlin\appdata\local\{589b81f6-b018-d8ef-ca08-ba8dfdca5d69}\U\80000032.@ --> REMOVED
[Del.Parent][FILE] 80000064.@ : c:\users\martlin\appdata\local\{589b81f6-b018-d8ef-ca08-ba8dfdca5d69}\U\80000064.@ --> REMOVED
[ZeroAccess][FOLDER] U : c:\users\martlin\appdata\local\{589b81f6-b018-d8ef-ca08-ba8dfdca5d69}\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : c:\users\martlin\appdata\local\{589b81f6-b018-d8ef-ca08-ba8dfdca5d69}\L\00000004.@ --> REMOVED
[ZeroAccess][FOLDER] L : c:\users\martlin\appdata\local\{589b81f6-b018-d8ef-ca08-ba8dfdca5d69}\L --> REMOVED

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
0.0.0.0 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD50 00BEVT-60A0RT0 SATA Disk Device +++++
--- User ---
[MBR] a765165ca861f1ea1ca4600829a1d823
[BSP] 51461fa8841feaa215c83ddfe96a8e09 : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 458664 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 939753472 | Size: 17972 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WD Ext HDD 1021 USB Device +++++
--- User ---
[MBR] dcc9a7ea9a3bc5d0fad142916a4e0af8
[BSP] 4f1bd685eac03a4d39e7daced34583b5 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1430796 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: SanDisk Cruzer Micro USB Device +++++
--- User ---
[MBR] 4a296257b22c19f9bfb72764b330eeb0
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 44 | Size: 7655 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[3].txt >>
RKreport[2].txt ; RKreport[3].txt



descriptionUnknown Malware.... EmptyRe: Unknown Malware....

more_horiz
LOG 3:

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRKgmailcom
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Martlin [Admin rights]
Mode: Shortcuts HJfix -- Date: 07/30/2012 20:56:30

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 107 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 2574 / Fail 0
My documents: Success 4 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 3 / Fail 0
My music: Success 1386 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 4096 / Fail 22
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\HarddiskVolume5 -- 0x3 --> Restored
[H:] \Device\HarddiskVolume8 -- 0x2 --> Restored

¤¤¤ Infection : ZeroAccess ¤¤¤

Finished : << RKreport[4].txt >>
RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt





I hope these help.

Thanks for your help so far.

descriptionUnknown Malware.... EmptyRe: Unknown Malware....

more_horiz
Download Farbar Recovery Scan Tool and save it to a flash drive.

Please make sure to download the 64-bit version.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

      Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt


  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64 and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Place a check next to List Drivers MD5 as well as the default check marks that are already there
  • Press Scan button.
  • type exit and reboot the computer normally
  • FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.

descriptionUnknown Malware.... EmptyRe: Unknown Malware....

more_horiz
Here is the log:

Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 01-08-2012 18:03:36
Running from I:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2281256 2010-09-13] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6489704 2010-09-21] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-09-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [584760 2010-09-28] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [976832 2010-06-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2010-06-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [autodetect] C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe [91648 2008-08-06] ()
HKLM-x32\...\Run: [ZumoDrive] "C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2080 2011-05-09] ()
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-02] (Malwarebytes Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-23] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-12] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-17] (Sun Microsystems, Inc.)
HKU\Martlin\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-08-16] (Hewlett-Packard Company)
HKU\Martlin\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Martlin\...\Run: [ZumoDrive] C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2080 2011-05-09] ()
HKU\Martlin\...\Run: [Registry Cleaner Scheduler] "C:\Program Files (x86)\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup [1401224 2011-10-05] (CleanMyPC Software)
HKU\Martlin\...\Run: [ExtremeSync Background Scheduler] C:\Program Files (x86)\SuperFlexible\ExtremeSyncService.exe /TIMERASAPP /STARTUP [6831616 2009-06-07] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\Users\Martlin\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ======

3 Adobe LM Service; "C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" [68096 2011-05-09] ()
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-02] (Malwarebytes Corporation)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation)
2 nlsX86cc; C:\Windows\SysWow64\NlsSrv32.exe [61440 2009-06-06] (Nalpeiron Ltd.)
2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2804568 2010-06-01] (Symantec Corporation)

========================== Drivers (Whitelisted) =============

3 anvsnddrv; C:\Windows\System32\Drivers\anvsnddrv.sys [33872 2011-11-27] (AnvSoft Inc.)
1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110701.001\BHDrvx64.sys [1143416 2011-05-19] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [481912 2011-05-09] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [136824 2011-05-09] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110707.031\IDSvia64.sys [488056 2011-07-06] (Symantec Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-02] (Malwarebytes Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110707.032\ENG64.SYS [117880 2011-05-18] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110707.032\EX64.SYS [2011768 2011-05-18] (Symantec Corporation)
3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-05-11] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
4 Clfus6c; [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-31 23:22 - 2012-07-31 23:22 - 00000000 ____D C:\Users\Martlin\AppData\Local\{96B030FE-B936-4C9B-A45D-66C94E9B761D}
2012-07-31 13:58 - 2012-07-31 13:58 - 01438391 ____A (Farbar) C:\Users\Martlin\Desktop\FRST64.exe
2012-07-31 13:29 - 2012-07-31 13:29 - 00000000 ____D C:\Users\Martlin\AppData\Local\{DC99997A-8B95-44F0-A650-9AA89E92164E}
2012-07-31 01:38 - 2012-07-31 01:38 - 00000000 ____D C:\Users\Martlin\AppData\Local\{0A10722A-C5C7-4994-92CD-E5B1AE2D0B6C}
2012-07-30 23:21 - 2012-07-30 23:21 - 00000000 ____D C:\Users\Martlin\AppData\Local\{40BE66E2-019C-46A3-9BC4-4437ACE63828}
2012-07-30 13:32 - 2012-07-30 13:32 - 00000000 ____D C:\Users\Martlin\AppData\Local\{3351B467-388C-4B05-AA08-13C5CCCB54D6}
2012-07-30 02:56 - 2012-07-30 02:56 - 00001251 ____A C:\Users\Martlin\Desktop\RKreport[4].txt
2012-07-30 02:46 - 2012-07-30 02:46 - 00004011 ____A C:\Users\Martlin\Desktop\RKreport[3].txt
2012-07-30 02:45 - 2012-07-30 02:45 - 00003712 ____A C:\Users\Martlin\Desktop\RKreport[2].txt
2012-07-30 02:39 - 2012-07-30 02:46 - 00000000 ____D C:\Users\Martlin\Desktop\RK_Quarantine
2012-07-30 02:37 - 2012-07-30 02:33 - 01552384 ____A C:\Users\Martlin\Desktop\RogueKiller.exe
2012-07-29 23:48 - 2012-07-29 23:48 - 00000000 ____D C:\Users\Martlin\AppData\Local\{E1EC5F3C-49D1-44E6-9C41-8C3D805EB5F1}
2012-07-29 23:37 - 2012-07-29 23:37 - 00000000 ____D C:\Users\Martlin\AppData\Local\{9319F840-AAF1-4FE6-B620-7D49E9D1598C}
2012-07-29 23:21 - 2012-07-29 23:21 - 00000000 ____D C:\Users\Martlin\AppData\Local\{8B01E12E-6341-45AC-8245-AC5FBE9D0B80}
2012-07-29 03:34 - 2012-07-29 03:34 - 00000000 ____D C:\Users\Martlin\AppData\Local\{F16AE24B-CB3C-4542-9484-A840F8C21AF1}
2012-07-28 15:34 - 2012-07-29 23:46 - 00000000 ____D C:\Users\Martlin\AppData\Local\{8C83E50B-D90C-11E1-8270-B8AC6F996F26}
2012-07-28 15:32 - 2012-07-28 15:32 - 00435712 ____A (Stardock Systems, Inc) C:\Users\Martlin\AppData\Roaming\conde.dll
2012-07-28 15:32 - 2012-07-28 15:32 - 00000000 ____D C:\Users\Martlin\AppData\Local\{1D6AF53D-13B7-4BDB-BA9C-CC4B875371BB}
2012-07-28 15:30 - 2012-07-28 15:32 - 00000000 ____D C:\Users\Martlin\AppData\Local\{3BBD742F-1F21-4365-8CC5-3F5200294796}
2012-07-28 01:38 - 2012-07-29 23:46 - 00000000 ____D C:\Users\Martlin\AppData\Roaming\Exywu
2012-07-28 01:38 - 2012-07-28 20:12 - 00000000 ____D C:\Users\Martlin\AppData\Roaming\Yqemo
2012-07-28 01:38 - 2012-07-28 01:38 - 00000000 ____D C:\Users\Martlin\AppData\Roaming\Orca
2012-07-28 01:38 - 2012-07-28 01:37 - 00131072 ___AS (Crytek) C:\Users\Martlin\AppData\Roaming\cmidg.dll
2012-07-27 15:27 - 2012-07-27 15:27 - 00000000 ____D C:\Users\Martlin\AppData\Local\{6BFD0C58-6B53-43CB-86F2-08952C9B8751}
2012-07-27 15:26 - 2012-07-27 15:27 - 00000000 ____D C:\Users\Martlin\AppData\Local\{F7B4B099-10F8-4279-9222-569FEE5CEADD}
2012-07-26 13:36 - 2012-07-26 13:36 - 00000000 ____D C:\Users\Martlin\AppData\Local\{EAA45DC2-D833-4AF1-8124-D13181EF0B3A}
2012-07-26 13:35 - 2012-07-26 13:36 - 00000000 ____D C:\Users\Martlin\AppData\Local\{10FDEE92-F88D-4443-9751-F8F2984B48F3}
2012-07-25 13:38 - 2012-07-25 13:38 - 00000000 ____D C:\Users\Martlin\AppData\Local\{E2AD9392-B05B-4AED-8136-E3B403FA6E77}
2012-07-25 13:38 - 2012-07-25 13:38 - 00000000 ____D C:\Users\Martlin\AppData\Local\{34AFE524-B263-47B2-9641-5A18BCAEF8B1}
2012-07-25 01:37 - 2012-07-25 01:37 - 00000000 ____D C:\Users\Martlin\AppData\Local\{FCA4A0FB-45A2-4CBE-88B7-5AE87885F6D5}
2012-07-25 01:37 - 2012-07-25 01:37 - 00000000 ____D C:\Users\Martlin\AppData\Local\{B97EFE3F-55B5-4B6F-A764-5ED51C85A309}
2012-07-24 13:36 - 2012-07-24 13:36 - 00000000 ____D C:\Users\Martlin\AppData\Local\{68263965-2E67-480D-9002-85C1B297C412}
2012-07-24 13:36 - 2012-07-24 13:36 - 00000000 ____D C:\Users\Martlin\AppData\Local\{0E96F863-50D1-4BE8-8C6E-6FCE143026A2}
2012-07-24 01:35 - 2012-07-24 01:35 - 00000000 ____D C:\Users\Martlin\AppData\Local\{2D329D76-B1B3-496E-9BD2-C577B444B643}
2012-07-24 01:35 - 2012-07-24 01:35 - 00000000 ____D C:\Users\Martlin\AppData\Local\{03B06150-D611-4E83-BDE0-886E3C6BFC00}
2012-07-24 00:31 - 2012-07-24 00:31 - 00001454 ___AH C:\Users\Martlin\Desktop\The All Seeing O - Shortcut.lnk
2012-07-24 00:31 - 2012-07-24 00:31 - 00001382 ___AH C:\Users\Martlin\Desktop\new nuds - Shortcut.lnk
2012-07-23 13:33 - 2012-07-23 13:34 - 00000000 ____D C:\Users\Martlin\AppData\Local\{1BCBB1C0-93B5-4B98-BC2B-859BB9C584BA}
2012-07-23 13:33 - 2012-07-23 13:33 - 00000000 ____D C:\Users\Martlin\AppData\Local\{44691B81-33FB-4A0C-B615-D317BD88A638}
2012-07-23 01:32 - 2012-07-23 01:32 - 00000000 ____D C:\Users\Martlin\AppData\Local\{47744C18-65FF-4F1C-8797-3313EB6D14E0}
2012-07-23 01:32 - 2012-07-23 01:32 - 00000000 ____D C:\Users\Martlin\AppData\Local\{3F38A075-3C60-4481-B896-EFD91B95D58B}
2012-07-22 13:31 - 2012-07-22 13:31 - 00000000 ____D C:\Users\Martlin\AppData\Local\{7AA0AF47-C3B3-4272-9C0C-F04E38F9C88F}
2012-07-22 13:30 - 2012-07-22 13:31 - 00000000 ____D C:\Users\Martlin\AppData\Local\{5EC80708-11DA-437C-9F85-39729C1C30E7}
2012-07-21 22:28 - 2012-07-28 01:35 - 00000141 ____A C:\Users\Martlin\Desktop\60d prices.txt
2012-07-21 21:02 - 2012-07-21 21:05 - 00000000 ____D C:\Users\Martlin\Desktop\sd card
2012-07-21 18:57 - 2012-07-21 18:57 - 00000000 ____D C:\Users\Martlin\AppData\Local\{5CB614A6-5816-44B0-B110-31C89C0B6CE2}
2012-07-21 18:53 - 2012-07-21 18:57 - 00000000 ____D C:\Users\Martlin\AppData\Local\{B1BE1058-262C-4FA9-9783-2596A68B6143}
2012-07-20 23:13 - 2012-07-20 23:14 - 00000000 ____D C:\Users\Martlin\AppData\Local\{863393A3-3C5B-4F51-8E57-34433889A10F}
2012-07-20 23:13 - 2012-07-20 23:13 - 00000000 ____D C:\Users\Martlin\AppData\Local\{2B8708C0-8A60-445A-A845-B9A7EAB05F59}
2012-07-20 15:48 - 2012-07-20 15:48 - 00000000 ____D C:\Users\Martlin\AppData\Local\{11ACE0F3-C8D3-46A4-9451-0AB9A1017234}
2012-07-20 01:21 - 2012-07-20 01:21 - 00000000 ____D C:\Users\Martlin\AppData\Local\{2E14B339-60FD-4FFC-83B0-33B8B3A5D7E9}
2012-07-19 13:20 - 2012-07-19 13:20 - 00000000 ____D C:\Users\Martlin\AppData\Local\{E5CA2573-404B-40BF-92EA-BB87CBEF9662}
2012-07-19 13:20 - 2012-07-19 13:20 - 00000000 ____D C:\Users\Martlin\AppData\Local\{20F58424-43DB-43E2-9975-3C6436BBC294}
2012-07-19 01:19 - 2012-07-19 01:19 - 00000000 ____D C:\Users\Martlin\AppData\Local\{FE8723FD-7341-41DA-9A93-F48286066CDB}
2012-07-19 01:19 - 2012-07-19 01:19 - 00000000 ____D C:\Users\Martlin\AppData\Local\{ACCBFF81-3684-4EA0-8679-CC30D3270C74}
2012-07-18 13:18 - 2012-07-18 13:19 - 00000000 ____D C:\Users\Martlin\AppData\Local\{AA87F0BB-8FC1-4697-B671-03379095F5B2}
2012-07-18 13:18 - 2012-07-18 13:18 - 00000000 ____D C:\Users\Martlin\AppData\Local\{4B689586-DD0D-4AEC-9FCE-2FF7F4DA9790}
2012-07-18 01:18 - 2012-07-18 01:18 - 00000000 ____D C:\Users\Martlin\AppData\Local\{3517CA46-182C-4BA3-934B-49B82AAF6B1D}
2012-07-18 01:17 - 2012-07-18 01:18 - 00000000 ____D C:\Users\Martlin\AppData\Local\{AF6E1669-F539-444A-9CF0-2BAF9B537DE9}
2012-07-17 13:16 - 2012-07-17 13:16 - 00000000 ____D C:\Users\Martlin\AppData\Local\{949B755F-3D30-43C9-910C-3E70339E663D}
2012-07-17 13:16 - 2012-07-17 13:16 - 00000000 ____D C:\Users\Martlin\AppData\Local\{8A8023A5-6E43-4B66-9BD9-180B5D8A2269}
2012-07-16 23:39 - 2012-07-17 13:14 - 00000340 ____A C:\Windows\Tasks\HPCeeScheduleForMartlin.job
2012-07-16 13:41 - 2012-07-16 13:42 - 00000000 ____D C:\Users\Martlin\AppData\Local\{156FD38E-90E7-43BB-82D2-710857BB54F2}
2012-07-16 13:40 - 2012-07-16 13:41 - 00000000 ____D C:\Users\Martlin\AppData\Local\{01547206-4A0E-4C60-B6C3-3213A53F02A7}
2012-07-16 02:25 - 2012-07-16 02:25 - 00000000 ____D C:\Program Files (x86)\Acronis Disk Director Suite
2012-07-16 00:41 - 2012-07-16 00:41 - 00000000 ____D C:\Windows\pss
2012-07-15 23:40 - 2012-07-15 23:40 - 00000000 ____D C:\Users\Martlin\AppData\Roaming\CleanMyPC Software
2012-07-15 23:40 - 2012-07-15 23:40 - 00000000 ____D C:\Program Files (x86)\CleanMyPC
2012-07-15 13:24 - 2012-07-15 13:24 - 00000000 ____D C:\Users\Martlin\AppData\Local\{4D2FE887-FAE8-4F40-B85E-FAAD2129C1EA}
2012-07-15 13:24 - 2012-07-15 13:24 - 00000000 ____D C:\Users\Martlin\AppData\Local\{432709AF-3EDF-4CE1-ACCC-84DA7A91E5EA}
2012-07-14 17:43 - 2012-07-14 17:43 - 00000000 ____D C:\Users\Martlin\AppData\Local\{A6D822D2-567F-4706-9EE4-7E81FEF17602}
2012-07-14 17:42 - 2012-07-14 17:43 - 00000000 ____D C:\Users\Martlin\AppData\Local\{5BE768DF-8413-4309-8833-63C08C14EBAE}
2012-07-14 02:43 - 2012-07-14 02:43 - 00000000 ____D C:\Users\Martlin\AppData\Local\{C3A0B4BF-BC73-4DB3-A898-B1054790982B}
2012-07-14 02:43 - 2012-07-14 02:43 - 00000000 ____D C:\Users\Martlin\AppData\Local\{B4D8ED4F-60D7-4563-A780-D3F9245F3719}
2012-07-13 14:42 - 2012-07-13 14:42 - 00000000 ____D C:\Users\Martlin\AppData\Local\{2E0B9CBE-B88B-40A0-85D7-332909B90946}
2012-07-13 14:41 - 2012-07-13 14:42 - 00000000 ____D C:\Users\Martlin\AppData\Local\{FEFE98F8-8971-48BF-A913-3EBCBF0A5852}
2012-07-12 13:27 - 2012-07-12 13:27 - 00000000 ____D C:\Users\Martlin\AppData\Local\{94C31185-08BC-4A64-8569-FDB2FEC025A7}
2012-07-12 13:26 - 2012-07-12 13:27 - 00000000 ____D C:\Users\Martlin\AppData\Local\{8275A07F-BC3E-4170-A355-7812FEED6884}
2012-07-11 23:38 - 2012-07-11 23:38 - 00000000 ____D C:\Users\Martlin\AppData\Local\{9AF96C78-DCED-4ABB-B00D-F27F9C7BDFEB}
2012-07-11 23:38 - 2012-07-11 23:38 - 00000000 ____D C:\Users\Martlin\AppData\Local\{5B623B61-8780-424F-A712-1EDE4985BF65}
2012-07-11 04:14 - 2012-07-11 04:14 - 00000000 ____D C:\Users\Martlin\AppData\Local\{24E92400-E85B-4A49-B0AD-4F8F348456BA}
2012-07-11 04:13 - 2012-07-11 04:14 - 00000000 ____D C:\Users\Martlin\AppData\Local\{02D68A14-ED34-44F4-AA4F-9A18A5AFDD1A}
2012-07-10 13:08 - 2012-07-10 13:08 - 00000000 ____D C:\Users\Martlin\AppData\Local\{F85715CA-1944-45F6-8E09-89D7E3E4A682}
2012-07-10 13:08 - 2012-07-10 13:08 - 00000000 ____D C:\Users\Martlin\AppData\Local\{279D7BF3-741E-4F9F-91AC-19BB8D5E3E16}
2012-07-10 02:38 - 2012-07-10 02:38 - 00000000 ____D C:\Users\Martlin\AppData\Roaming\NCH Software
2012-07-10 02:38 - 2012-07-10 02:38 - 00000000 ____D C:\Users\All Users\NCH Software
2012-07-10 02:38 - 2012-07-10 02:38 - 00000000 ____D C:\Program Files (x86)\NCH Software
2012-07-09 13:14 - 2012-07-09 13:15 - 00000000 ____D C:\Users\Martlin\AppData\Local\{6868937F-5B14-4872-853E-5082344B5C4B}
2012-07-09 13:14 - 2012-07-09 13:14 - 00000000 ____D C:\Users\Martlin\AppData\Local\{6BE19A82-B003-4CB1-A87B-EFDD6CA46D97}
2012-07-08 13:24 - 2012-07-08 13:24 - 00000000 ____D C:\Users\Martlin\AppData\Local\{6E299C0D-DEB0-495E-A70B-A2021C16F9DC}
2012-07-08 13:24 - 2012-07-08 13:24 - 00000000 ____D C:\Users\Martlin\AppData\Local\{41CB0006-86BA-49DD-B6F1-681A016AA4A1}
2012-07-07 17:20 - 2012-07-07 17:20 - 00000000 ____D C:\Users\Martlin\AppData\Local\{A9632B61-9AAA-43EC-8047-E37465A88FC1}
2012-07-07 17:20 - 2012-07-07 17:20 - 00000000 ____D C:\Users\Martlin\AppData\Local\{98111811-05D7-4E08-B90B-8017AA48C8D3}
2012-07-07 03:29 - 2012-07-07 03:30 - 00000000 ____D C:\Users\Martlin\AppData\Local\{515B425A-EE3D-4A60-9DCA-836D1CA8F09F}
2012-07-07 03:29 - 2012-07-07 03:29 - 00000000 ____D C:\Users\Martlin\AppData\Local\{377E7F57-1BD2-4922-B487-87616D22E22B}
2012-07-06 15:28 - 2012-07-06 15:28 - 00000000 ____D C:\Users\Martlin\AppData\Local\{22E5C143-33EE-4D80-8502-64714764645C}
2012-07-06 15:27 - 2012-07-06 15:28 - 00000000 ____D C:\Users\Martlin\AppData\Local\{189C6A00-FCE1-4FCC-82F0-8BCC8B43CCC7}
2012-07-06 01:26 - 2012-07-06 01:26 - 00000000 ____D C:\Users\Martlin\AppData\Local\{B373EAB1-8C33-4B26-8DE8-9C246F87B2BC}
2012-07-06 01:26 - 2012-07-06 01:26 - 00000000 ____D C:\Users\Martlin\AppData\Local\{6A5B5229-07A2-408C-B773-506DDA40BF0F}
2012-07-05 13:24 - 2012-07-05 13:24 - 00000000 ____D C:\Users\Martlin\AppData\Local\{83B322CB-E78D-4F17-AB8F-3D0E8DC5736C}
2012-07-05 13:23 - 2012-07-05 13:24 - 00000000 ____D C:\Users\Martlin\AppData\Local\{1372B32D-E666-4CB3-9504-5913E7C9540C}
2012-07-04 13:42 - 2012-07-04 13:42 - 00000000 ____D C:\Users\Martlin\AppData\Local\{C55B3A43-47CF-4D92-B50B-56A59D54A339}
2012-07-04 13:42 - 2012-07-04 13:42 - 00000000 ____D C:\Users\Martlin\AppData\Local\{8D1DCBFB-9C76-4656-9086-3A412DEC6857}
2012-07-03 13:22 - 2012-07-03 13:23 - 00000000 ____D C:\Users\Martlin\AppData\Local\{43BB1718-2B67-4853-B15A-947D413AD70C}
2012-07-03 13:22 - 2012-07-03 13:22 - 00000000 ____D C:\Users\Martlin\AppData\Local\{CEFE1D07-8801-49C5-9C07-F91E45FD2D2D}
2012-07-02 13:42 - 2012-07-02 13:42 - 00000000 ____D C:\Users\Martlin\AppData\Local\{DDCFE8B9-684E-4484-8F0E-3CD75966D938}
2012-07-02 13:42 - 2012-07-02 13:42 - 00000000 ____D C:\Users\Martlin\AppData\Local\{639FD061-63F4-48F8-8809-EE5EA007AABD}
2012-07-02 01:42 - 2012-07-02 01:42 - 00000000 ____D C:\Users\Martlin\AppData\Local\{1966B80B-3ECD-4A55-AAF7-427135E5CD7A}
2012-07-02 01:41 - 2012-07-02 01:41 - 00000000 ____D C:\Users\Martlin\AppData\Local\{F70149F9-2E1E-4BE7-883B-014DFF74F73F}


============ 3 Months Modified Files ========================

2012-07-31 23:55 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-31 23:55 - 2009-07-13 20:51 - 00180116 ____A C:\Windows\setupact.log
2012-07-31 23:34 - 2011-04-11 00:42 - 01672966 ____A C:\Windows\WindowsUpdate.log
2012-07-31 23:30 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-31 23:30 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-31 23:26 - 2009-07-13 21:13 - 00732510 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-31 23:21 - 2012-01-21 23:57 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-31 14:54 - 2012-04-10 14:43 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-31 14:51 - 2012-01-21 23:58 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-31 13:58 - 2012-07-31 13:58 - 01438391 ____A (Farbar) C:\Users\Martlin\Desktop\FRST64.exe
2012-07-31 00:08 - 2011-05-09 23:39 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-07-30 02:56 - 2012-07-30 02:56 - 00001251 ____A C:\Users\Martlin\Desktop\RKreport[4].txt
2012-07-30 02:46 - 2012-07-30 02:46 - 00004011 ____A C:\Users\Martlin\Desktop\RKreport[3].txt
2012-07-30 02:45 - 2012-07-30 02:45 - 00003712 ____A C:\Users\Martlin\Desktop\RKreport[2].txt
2012-07-30 02:33 - 2012-07-30 02:37 - 01552384 ____A C:\Users\Martlin\Desktop\RogueKiller.exe
2012-07-29 00:25 - 2011-08-29 02:53 - 00001456 ____A C:\Users\Martlin\AppData\Local\Adobe Save for Web 12.0 Prefs
2012-07-28 15:32 - 2012-07-28 15:32 - 00435712 ____A (Stardock Systems, Inc) C:\Users\Martlin\AppData\Roaming\conde.dll
2012-07-28 15:29 - 2011-05-09 09:37 - 00065610 ____A C:\Windows\PFRO.log
2012-07-28 01:37 - 2012-07-28 01:38 - 00131072 ___AS (Crytek) C:\Users\Martlin\AppData\Roaming\cmidg.dll
2012-07-28 01:35 - 2012-07-21 22:28 - 00000141 ____A C:\Users\Martlin\Desktop\60d prices.txt
2012-07-27 01:55 - 2012-04-10 14:43 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-27 01:55 - 2011-06-14 13:39 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-24 00:31 - 2012-07-24 00:31 - 00001454 ___AH C:\Users\Martlin\Desktop\The All Seeing O - Shortcut.lnk
2012-07-24 00:31 - 2012-07-24 00:31 - 00001382 ___AH C:\Users\Martlin\Desktop\new nuds - Shortcut.lnk
2012-07-17 13:14 - 2012-07-16 23:39 - 00000340 ____A C:\Windows\Tasks\HPCeeScheduleForMartlin.job
2012-07-12 03:26 - 2009-07-13 20:45 - 05026536 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-12 01:39 - 2011-05-09 02:45 - 00128472 ____A C:\Users\Martlin\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-02 19:46 - 2011-05-09 02:52 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-20 23:53 - 2010-10-20 13:26 - 00000963 ____A C:\Windows\DirectX.log
2012-05-29 13:13 - 2009-07-13 21:08 - 00032596 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-05-23 03:01 - 2012-04-13 16:38 - 00000132 ____A C:\Users\Martlin\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-05-14 23:33 - 2011-08-22 23:32 - 00001854 ____A C:\Users\Martlin\AppData\Roaming\GhostObjGAFix.xml

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 34%
Total physical RAM: 1786.9 MB
Available physical RAM: 1176.54 MB
Total Pagefile: 1786.9 MB
Available Pagefile: 1174.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:447.91 GB) (Free:103.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:17.55 GB) (Free:2.54 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
5 Drive h: (Biggun) (Fixed) (Total:1397.26 GB) (Free:203.35 GB) NTFS
6 Drive i: () (Removable) (Total:7.47 GB) (Free:1.9 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 1397 GB 0 B
Disk 2 Online 7663 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 447 GB 200 MB
Partition 3 Primary 17 GB 448 GB
Partition 4 Primary 103 MB 465 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 447 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 17 GB Healthy

==================================================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1397 GB 1024 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H Biggun NTFS Partition 1397 GB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7655 MB 22 KB

==================================================================================

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 I FAT32 Removable 7655 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-29 14:48

======================= End Of Log ==========================



Thanks again for all your help so far Smile...

descriptionUnknown Malware.... EmptyRe: Unknown Malware....

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum