1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Event id 7026 help please

Discussion in 'Windows 7' started by markshim, Apr 15, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. markshim

    markshim Thread Starter

    Joined:
    Jan 20, 2009
    Messages:
    94
    heres the second

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 21/01/2013 11:35:34
    System Uptime: 16/04/2013 14:50:53 (0 hours ago)
    .
    Motherboard: ASUSTeK COMPUTER INC. | | SABERTOOTH 990FX R2.0
    Processor: AMD FX(tm)-8350 Eight-Core Processor | Socket 942 | 4013/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 447 GiB total, 293.415 GiB free.
    D: is FIXED (NTFS) - 931 GiB total, 637.059 GiB free.
    E: is FIXED (NTFS) - 1397 GiB total, 640.076 GiB free.
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Ralink RT61 Turbo Wireless LAN Card
    Device ID: PCI\VEN_1814&DEV_0301&SUBSYS_25611814&REV_00\4&2B4059EA&0&28A4
    Manufacturer: Ralink Technology Corp.
    Name: Ralink RT61 Turbo Wireless LAN Card
    PNP Device ID: PCI\VEN_1814&DEV_0301&SUBSYS_25611814&REV_00\4&2B4059EA&0&28A4
    Service: rt61x64
    .
    ==== System Restore Points ===================
    .
    RP95: 09/04/2013 13:21:39 - Windows Live Essentials
    RP96: 09/04/2013 13:21:46 - WLSetup
    RP97: 09/04/2013 13:39:00 - Removed Skype™ 6.3
    RP98: 10/04/2013 08:13:33 - Windows Update
    RP99: 15/04/2013 08:43:08 - Installed Bluesoleil2.6.0.8 Release 070517
    RP100: 15/04/2013 08:47:06 - Removed Bluesoleil2.6.0.8 Release 070517
    RP101: 16/04/2013 13:01:39 - Installed Bluesoleil2.6.0.8 Release 070517
    RP102: 16/04/2013 13:02:40 - Installed Bluesoleil2.6.0.8 Release 070517
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader XI (11.0.02)
    Adobe Shockwave Player 11.6
    Aliens: Colonial Marines
    AMD Accelerated Video Transcoding
    AMD APP SDK Runtime
    AMD Catalyst Install Manager
    AMD Drag and Drop Transcoding
    AMD Fuel
    AMD Media Foundation Decoders
    AMD Steady Video Plug-In
    AMD VISION Engine Control Center
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Application Profiles
    applicationupdater
    Asmedia ASM104x USB 3.0 Host Controller Driver
    Asmedia ASM106x SATA Host Controller Driver
    Assassin's Creed(R) III v1.03
    Avira Antivirus Premium
    Batman: Arkham City™
    BioShock Infinite
    Bonjour
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner
    CPUID CPU-Z 1.63.0
    CPUID HWMonitor 1.21
    Crysis®3
    CrystalDiskInfo 5.4.2 Shizuku Edition
    CyberLink Blu-ray Disc Suite
    CyberLink LG Burning Tool
    CyberLink PowerDVD 9
    D3DX10
    Dead Space™ 3
    DEFIANCE
    Defraggler
    DmC Devil May Cry
    Far Cry 3
    FileHippo.com Update Checker
    Fraps
    GIMP 2.8.4
    Google Chrome
    Google Update Helper
    Guild Wars 2
    iTunes
    Java 7 Update 17
    Java 7 Update 17 (64-bit)
    Java Auto Updater
    Junk Mail filter update
    LG Tool Kit
    Malwarebytes Anti-Malware version 1.75.0.1300
    Mass Effect™ 3
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Mouse and Keyboard Center
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
    Microsoft Xbox 360 Accessories 1.2
    MSVCRT
    MSVCRT_amd64
    MSVCRT110
    MSVCRT110_amd64
    NVIDIA PhysX
    OpenOffice.org 3.4.1
    Origin
    Photo Common
    PlanetSide 2
    PunkBuster Services
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Star Wars: The Old Republic
    swMSM
    The Secret World
    The Witcher 2
    Tomb Raider
    Transformers: Fall of Cybertron
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Uplay
    VLC media player 2.0.6
    Vuze
    Warframe
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live MIME IFilter
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR 4.20 (64-bit)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    16/04/2013 14:51:12, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BTHidMgr
    .
    ==== End Of File ===========================
     
  2. markshim

    markshim Thread Starter

    Joined:
    Jan 20, 2009
    Messages:
    94
    did you get it ok?

    can we please delete these logs once you have seen them i think they hold information about my pc thats shouldn`t be made public.
     
  3. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    The error message showing above indicates there is a service installed for the bluetooth software, please click on Start and type services into the search box and hit the Enter key, look down through the list of services and see if you can find the service relating to the software.

    We can also do a search for the name of the software.

    Run SystemLook again and copy the contents of the code box into it and hit Search, post the log when done.

    Code:
    :filefind
    *Bluesoleil*
    :folderfind
    *Bluesoleil*
    :reg
    Bluesoleil
    
     
  4. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    There is nothing showing in those logs that could possibly compromise your security.
     
  5. markshim

    markshim Thread Starter

    Joined:
    Jan 20, 2009
    Messages:
    94
    here is what the systemlook found
    SystemLook 30.07.11 by jpshortstuff
    Log created at 15:17 on 16/04/2013 by Mark
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "*Bluesoleil*"
    C:\Windows\Temp\bluesoleilSetup.log --a---- 33711 bytes [12:01 16/04/2013] [12:02 16/04/2013] D5E3D0A194693CD4CACD57B14BF4CB59

    ========== folderfind ==========

    Searching for "*Bluesoleil*"
    C:\Program Files (x86)\IVT Corporation\BlueSoleil d------ [12:01 16/04/2013]

    ========== reg ==========

    [Bluesoleil]
    Hive unrecognized.

    -= EOF =-
     
  6. markshim

    markshim Thread Starter

    Joined:
    Jan 20, 2009
    Messages:
    94
    the only thing i can see in services is bluetooth support service which says disabled
     
  7. markshim

    markshim Thread Starter

    Joined:
    Jan 20, 2009
    Messages:
    94
    the file in c programmes is empty
     
  8. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Find this folder and delete it:

    C:\Program Files (x86)\IVT Corporation

    The Bluetooth support service is a Windows service and should not be removed.

    If removing the above folder still doesn't fix the issue we will need to run OTL as follows:


    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Under the Standard Registry box change it to All.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
     
  9. markshim

    markshim Thread Starter

    Joined:
    Jan 20, 2009
    Messages:
    94
    hi there,
    heres the first log

    OTL logfile created on: 17/04/2013 07:42:30 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mark\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16540)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    7.91 Gb Total Physical Memory | 6.55 Gb Available Physical Memory | 82.84% Memory free
    15.81 Gb Paging File | 14.26 Gb Available in Paging File | 90.15% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 447.13 Gb Total Space | 292.84 Gb Free Space | 65.49% Space Free | Partition Type: NTFS
    Drive D: | 931.41 Gb Total Space | 637.06 Gb Free Space | 68.40% Space Free | Partition Type: NTFS
    Drive E: | 1397.26 Gb Total Space | 640.08 Gb Free Space | 45.81% Space Free | Partition Type: NTFS

    Computer Name: MARK-PC | User Name: Mark | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Mark\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
    PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
    PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
    PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
    PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    PRC - C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe (Google Inc.)
    PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
    PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()


    ========== Services (SafeList) ==========

    SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
    SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
    SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
    SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
    SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
    SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
    SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (CLKMSVC10_9EC60124) -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe (CyberLink)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (WinI2C-DDC) -- C:\Windows\SysNative\drivers\ddcdrv.sys (Nicomsoft Ltd.)
    DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
    DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
    DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
    DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
    DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
    DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
    DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
    DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
    DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
    DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV:64bit: - (AODDriver4.2) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
    DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
    DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
    DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
    DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
    DRV:64bit: - (asahci64) -- C:\Windows\SysNative\drivers\asahci64.sys (Asmedia Technology)
    DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
    DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
    DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (rt61x64) -- C:\Windows\SysNative\drivers\netr6164.sys (Ralink Technology, Corp.)
    DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (Btcsrusb) -- C:\Windows\SysNative\drivers\btcusb.sys (IVT Corporation.)
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


    ========== Standard Registry (All) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D9 F7 45 8B DA F7 CD 01 [binary data]
    IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)



    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://www.google.co.uk/
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 7 U11 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
    CHR - plugin: Java Deployment Toolkit 7.0.110.21 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
    CHR - Extension: Google Docs = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: Google Drive = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Calendar = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
    CHR - Extension: Fade to White Aero Skin (by Skarv) = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\oekemfmehiakocmomemagciajlikigkl\1.0_0\
    CHR - Extension: Gmail = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{103BE27F-7CD6-4E18-954C-92B6470D5CA1}: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
    O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
    O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{1adc4756-63be-11e2-85a2-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{1adc4756-63be-11e2-85a2-806e6f6e6963}\Shell\AutoRun\command - "" = F:\.\Bin\ASSETUP.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/04/17 07:36:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
    [2013/04/16 08:23:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    [2013/04/15 09:22:43 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Darksiders2
    [2013/04/12 13:25:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
    [2013/04/12 13:25:37 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
    [2013/04/12 13:25:24 | 004,957,976 | ---- | C] (A-volute) -- C:\Windows\SysNative\RTKSMlfx.dll
    [2013/04/12 13:25:24 | 003,693,128 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
    [2013/04/12 13:25:24 | 002,797,128 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
    [2013/04/12 13:25:24 | 002,102,040 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll
    [2013/04/12 13:25:24 | 001,659,464 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
    [2013/04/12 13:25:24 | 001,361,336 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tosade.dll
    [2013/04/12 13:25:24 | 000,991,816 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
    [2013/04/12 13:25:24 | 000,914,992 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll
    [2013/04/12 13:25:24 | 000,887,640 | ---- | C] (A-Volute) -- C:\Windows\SysNative\RTKSMSettingsIPC.dll
    [2013/04/12 13:25:24 | 000,858,032 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tossaeapo64.dll
    [2013/04/12 13:25:24 | 000,836,544 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo264.dll
    [2013/04/12 13:25:24 | 000,823,072 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\slcnt64.dll
    [2013/04/12 13:25:24 | 000,633,632 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\sltech64.dll
    [2013/04/12 13:25:24 | 000,613,448 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtDataProc64.dll
    [2013/04/12 13:25:24 | 000,569,256 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tosasfapo64.dll
    [2013/04/12 13:25:24 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
    [2013/04/12 13:25:24 | 000,517,408 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\sl3apo64.dll
    [2013/04/12 13:25:24 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
    [2013/04/12 13:25:24 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
    [2013/04/12 13:25:24 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
    [2013/04/12 13:25:24 | 000,213,792 | ---- | C] (TODO: <Company name>) -- C:\Windows\SysNative\slprp64.dll
    [2013/04/12 13:25:24 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
    [2013/04/12 13:25:24 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
    [2013/04/12 13:25:24 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
    [2013/04/12 13:25:24 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
    [2013/04/12 13:25:24 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
    [2013/04/12 13:25:24 | 000,148,912 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\toseaeapo64.dll
    [2013/04/12 13:25:24 | 000,148,416 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo.dll
    [2013/04/12 13:25:24 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
    [2013/04/12 13:25:24 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
    [2013/04/12 13:25:24 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
    [2013/04/12 13:25:24 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
    [2013/04/12 13:25:24 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
    [2013/04/12 13:25:24 | 000,065,944 | ---- | C] (TOSHIBA CORPORATION.) -- C:\Windows\SysNative\tepeqapo64.dll
    [2013/04/12 13:25:24 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll
    [2013/04/12 13:25:23 | 021,170,176 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
    [2013/04/12 13:25:23 | 014,021,912 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek64.dll
    [2013/04/12 13:25:23 | 009,123,608 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioVnA64.dll
    [2013/04/12 13:25:23 | 007,164,176 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
    [2013/04/12 13:25:23 | 002,032,408 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ64.dll
    [2013/04/12 13:25:23 | 001,900,312 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll
    [2013/04/12 13:25:23 | 001,284,680 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
    [2013/04/12 13:25:23 | 000,910,104 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
    [2013/04/12 13:25:23 | 000,904,752 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\MISS_APO.dll
    [2013/04/12 13:25:23 | 000,719,640 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO5064.dll
    [2013/04/12 13:25:23 | 000,612,728 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO4064.dll
    [2013/04/12 13:25:23 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
    [2013/04/12 13:25:23 | 000,434,960 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
    [2013/04/12 13:25:23 | 000,395,208 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
    [2013/04/12 13:25:23 | 000,394,616 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
    [2013/04/12 13:25:23 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
    [2013/04/12 13:25:23 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
    [2013/04/12 13:25:23 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
    [2013/04/12 13:25:23 | 000,141,584 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
    [2013/04/12 13:25:23 | 000,135,240 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll
    [2013/04/12 13:25:23 | 000,124,176 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
    [2013/04/12 13:25:23 | 000,075,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
    [2013/04/12 13:25:22 | 002,734,624 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
    [2013/04/12 13:25:22 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
    [2013/04/12 13:25:22 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
    [2013/04/12 13:25:22 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
    [2013/04/12 13:25:22 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
    [2013/04/12 13:25:22 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
    [2013/04/12 13:25:22 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
    [2013/04/12 13:25:22 | 000,501,192 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll
    [2013/04/12 13:25:22 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
    [2013/04/12 13:25:22 | 000,487,368 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll
    [2013/04/12 13:25:22 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
    [2013/04/12 13:25:22 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
    [2013/04/12 13:25:22 | 000,415,688 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll
    [2013/04/12 13:25:22 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
    [2013/04/12 13:25:22 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
    [2013/04/12 13:25:22 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
    [2013/04/12 13:25:22 | 000,208,072 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
    [2013/04/12 13:25:22 | 000,110,592 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll
    [2013/04/12 13:25:22 | 000,108,640 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
    [2013/04/12 11:22:29 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
    [2013/04/10 08:13:50 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2013/04/10 08:13:50 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2013/04/10 08:13:49 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2013/04/10 08:13:49 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
    [2013/04/10 08:13:49 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
    [2013/04/10 08:13:49 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
    [2013/04/10 08:13:49 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    [2013/04/10 08:13:49 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
    [2013/04/10 08:13:49 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2013/04/10 08:13:49 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
    [2013/04/10 08:13:49 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
    [2013/04/10 08:13:49 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2013/04/10 08:13:48 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2013/04/10 08:13:47 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2013/04/10 08:13:47 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2013/04/10 07:58:14 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2013/04/10 07:58:13 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
    [2013/04/10 07:58:13 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
    [2013/04/10 07:58:13 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
    [2013/04/10 07:58:13 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
    [2013/04/10 07:58:13 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
    [2013/04/09 13:31:17 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Skype
    [2013/04/09 13:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
    [2013/04/08 12:32:04 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Windows Live Writer
    [2013/04/08 12:32:04 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Windows Live Writer
    [2013/04/08 12:31:27 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
    [2013/04/07 21:38:11 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
    [2013/04/07 21:38:11 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
    [2013/04/07 21:38:11 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
    [2013/04/07 21:38:10 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2013/04/07 21:38:10 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2013/04/07 21:38:10 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
    [2013/04/07 21:38:10 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
    [2013/04/07 21:38:10 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
    [2013/04/07 21:38:10 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
    [2013/04/07 21:38:10 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
    [2013/04/07 21:38:10 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
    [2013/04/07 21:38:10 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2013/04/07 21:38:10 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
    [2013/04/07 21:38:10 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
    [2013/04/07 21:38:10 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
    [2013/04/07 21:38:10 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
    [2013/04/07 21:38:10 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2013/04/07 21:38:10 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2013/04/07 21:38:10 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
    [2013/04/07 21:38:10 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
    [2013/04/07 21:38:10 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2013/04/07 21:38:10 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
    [2013/04/07 21:38:10 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
    [2013/04/07 21:38:10 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
    [2013/04/07 21:38:10 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
    [2013/04/07 21:38:10 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
    [2013/04/07 21:38:10 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
    [2013/04/07 21:38:10 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2013/04/07 21:38:10 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
    [2013/04/07 21:38:10 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
    [2013/04/07 21:38:10 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
    [2013/04/07 21:38:10 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
    [2013/04/07 21:38:10 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
    [2013/04/07 21:38:10 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
    [2013/04/07 21:38:10 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2013/04/07 21:38:10 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
    [2013/04/07 21:38:10 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
    [2013/04/07 21:38:10 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
    [2013/04/07 21:38:10 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2013/04/07 21:38:10 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
    [2013/04/07 21:38:10 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
    [2013/04/07 21:38:10 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
    [2013/04/07 21:38:10 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
    [2013/04/07 21:38:10 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
    [2013/04/07 21:38:10 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
    [2013/04/07 21:38:10 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
    [2013/04/07 21:38:10 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
    [2013/04/07 21:38:10 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
    [2013/04/07 21:38:10 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
    [2013/04/07 21:38:10 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
    [2013/04/07 21:38:10 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
    [2013/04/07 21:38:10 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
    [2013/04/07 21:38:10 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
    [2013/04/06 22:05:56 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Cyberlink
    [2013/04/06 22:05:55 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\CyberLink
    [2013/04/06 22:03:21 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\dvdcss
    [2013/04/04 12:08:42 | 000,155,528 | ---- | C] (Nicomsoft Ltd.) -- C:\Windows\SysNative\DDCHELPER.dll
    [2013/04/04 12:08:42 | 000,020,832 | ---- | C] (Nicomsoft Ltd.) -- C:\Windows\SysNative\drivers\ddcdrv.sys
    [2013/04/02 13:52:37 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\SWTORPerf
    [2013/04/02 13:00:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DEFIANCE
    [2013/04/02 12:48:38 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\DEFIANCE
    [2013/03/30 14:37:00 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Adobe
    [2013/03/30 14:09:27 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Activision
    [2013/03/30 14:09:27 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Activision
    [2013/03/30 14:06:22 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\WinRAR
    [2013/03/30 14:06:22 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    [2013/03/30 14:06:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    [2013/03/30 14:06:19 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
    [2013/03/29 09:25:56 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Malwarebytes
    [2013/03/29 09:25:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/03/29 09:25:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013/03/29 09:25:46 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2013/03/29 09:25:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2013/03/26 09:48:00 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Warframe
    [2013/03/25 11:56:50 | 000,000,000 | ---D | C] -- C:\Users\Mark\.thumbnails
    [2013/03/25 11:56:00 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\fontconfig
    [2013/03/25 11:55:59 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\gegl-0.2
    [2013/03/25 11:55:59 | 000,000,000 | ---D | C] -- C:\Users\Mark\.gimp-2.8
    [2013/03/25 11:55:34 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
    [2013/03/25 11:55:33 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Programs
    [2013/03/24 21:30:08 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Azureus
    [2013/03/24 21:30:07 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze
    [2013/03/21 13:58:03 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
    [2013/03/21 13:58:03 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
    [2013/03/21 13:58:03 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
    [2013/03/21 10:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
    [2013/03/21 10:02:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CrystalDiskInfo

    ========== Files - Modified Within 30 Days ==========

    [2013/04/17 07:40:13 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/04/17 07:40:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/04/17 07:40:07 | 2072,899,583 | -HS- | M] () -- C:\hiberfil.sys
    [2013/04/17 07:39:36 | 000,014,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/04/17 07:39:36 | 000,014,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/04/17 07:37:18 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/04/17 07:37:18 | 000,664,320 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/04/17 07:37:18 | 000,125,056 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/04/17 07:36:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
    [2013/04/16 15:28:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/04/16 13:02:45 | 000,000,032 | ---- | M] () -- C:\Windows\0
    [2013/04/11 07:31:26 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2013/04/11 07:31:26 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2013/04/11 07:20:43 | 000,002,279 | ---- | M] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/04/11 07:19:34 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/04/10 08:18:41 | 000,294,752 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/04/09 09:46:45 | 000,155,528 | ---- | M] (Nicomsoft Ltd.) -- C:\Windows\SysNative\DDCHELPER.dll
    [2013/04/09 09:46:45 | 000,020,832 | ---- | M] (Nicomsoft Ltd.) -- C:\Windows\SysNative\drivers\ddcdrv.sys
    [2013/04/07 21:38:11 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
    [2013/04/07 21:38:11 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
    [2013/04/07 21:38:11 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
    [2013/04/07 21:38:10 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2013/04/07 21:38:10 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2013/04/07 21:38:10 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
    [2013/04/07 21:38:10 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
    [2013/04/07 21:38:10 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
    [2013/04/07 21:38:10 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
    [2013/04/07 21:38:10 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
    [2013/04/07 21:38:10 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
    [2013/04/07 21:38:10 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2013/04/07 21:38:10 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
    [2013/04/07 21:38:10 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
    [2013/04/07 21:38:10 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
    [2013/04/07 21:38:10 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
    [2013/04/07 21:38:10 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2013/04/07 21:38:10 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2013/04/07 21:38:10 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
    [2013/04/07 21:38:10 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
    [2013/04/07 21:38:10 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2013/04/07 21:38:10 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
    [2013/04/07 21:38:10 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
    [2013/04/07 21:38:10 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
    [2013/04/07 21:38:10 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
    [2013/04/07 21:38:10 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
    [2013/04/07 21:38:10 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
    [2013/04/07 21:38:10 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2013/04/07 21:38:10 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
    [2013/04/07 21:38:10 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
    [2013/04/07 21:38:10 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
    [2013/04/07 21:38:10 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
    [2013/04/07 21:38:10 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
    [2013/04/07 21:38:10 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
    [2013/04/07 21:38:10 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2013/04/07 21:38:10 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
    [2013/04/07 21:38:10 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
    [2013/04/07 21:38:10 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
    [2013/04/07 21:38:10 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2013/04/07 21:38:10 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
    [2013/04/07 21:38:10 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
    [2013/04/07 21:38:10 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
    [2013/04/07 21:38:10 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
    [2013/04/07 21:38:10 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
    [2013/04/07 21:38:10 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
    [2013/04/07 21:38:10 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
    [2013/04/07 21:38:10 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
    [2013/04/07 21:38:10 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
    [2013/04/07 21:38:10 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
    [2013/04/07 21:38:10 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
    [2013/04/07 21:38:10 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
    [2013/04/07 21:38:10 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
    [2013/04/07 21:38:10 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
    [2013/04/07 21:38:10 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
    [2013/04/07 21:38:10 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
    [2013/04/06 22:12:15 | 000,029,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
    [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2013/04/02 13:00:24 | 000,002,182 | ---- | M] () -- C:\Users\Public\Desktop\Launch DEFIANCE.lnk
    [2013/03/29 18:04:04 | 021,170,176 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
    [2013/03/29 17:52:10 | 000,914,992 | ---- | M] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll
    [2013/03/29 17:10:06 | 000,449,481 | ---- | M] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
    [2013/03/28 08:47:36 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
    [2013/03/28 08:47:36 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2013/03/27 16:57:08 | 000,135,240 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll
    [2013/03/27 08:58:37 | 000,001,437 | ---- | M] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2013/03/26 17:11:58 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2013/03/26 17:06:30 | 002,797,128 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
    [2013/03/26 17:04:40 | 002,734,624 | ---- | M] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
    [2013/03/26 15:40:04 | 003,693,128 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
    [2013/03/26 14:38:02 | 001,659,464 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
    [2013/03/26 13:47:26 | 000,000,200 | ---- | M] () -- C:\Users\Mark\Desktop\BioShock Infinite.url
    [2013/03/26 09:03:38 | 000,000,202 | ---- | M] () -- C:\Users\Mark\Desktop\Warframe.url
    [2013/03/25 20:39:26 | 000,005,932 | ---- | M] () -- C:\Users\Mark\AppData\Local\recently-used.xbel
    [2013/03/25 17:32:22 | 003,180,264 | ---- | M] () -- C:\Windows\SysNative\drivers\rtvienna.dat
    [2013/03/24 21:30:14 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
    [2013/03/24 21:30:14 | 000,001,794 | ---- | M] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
    [2013/03/24 21:30:01 | 000,000,000 | ---- | M] () -- C:\END
    [2013/03/23 03:43:22 | 000,208,072 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
    [2013/03/21 13:57:52 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
    [2013/03/21 13:57:52 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
    [2013/03/21 13:57:52 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
    [2013/03/20 13:17:28 | 009,123,608 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioVnA64.dll
    [2013/03/20 13:16:58 | 001,900,312 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll
    [2013/03/20 13:16:56 | 002,102,040 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll
    [2013/03/20 13:16:52 | 000,910,104 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
    [2013/03/19 07:04:06 | 005,550,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2013/03/19 06:46:56 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
    [2013/03/19 06:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
    [2013/03/19 06:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
    [2013/03/19 05:47:50 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
    [2013/03/19 04:06:33 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe

    ========== Files Created - No Company Name ==========

    [2013/04/12 13:25:24 | 003,180,264 | ---- | C] () -- C:\Windows\SysNative\drivers\rtvienna.dat
    [2013/04/12 13:25:23 | 000,449,481 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
    [2013/04/08 12:31:41 | 000,001,458 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
    [2013/04/07 21:41:37 | 000,001,413 | ---- | C] () -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    [2013/04/07 21:38:10 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
    [2013/04/07 21:38:10 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
    [2013/04/02 13:00:24 | 000,002,182 | ---- | C] () -- C:\Users\Public\Desktop\Launch DEFIANCE.lnk
    [2013/03/29 09:25:47 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/03/26 13:47:26 | 000,000,200 | ---- | C] () -- C:\Users\Mark\Desktop\BioShock Infinite.url
    [2013/03/26 09:03:38 | 000,000,202 | ---- | C] () -- C:\Users\Mark\Desktop\Warframe.url
    [2013/03/25 20:39:26 | 000,005,932 | ---- | C] () -- C:\Users\Mark\AppData\Local\recently-used.xbel
    [2013/03/25 11:55:51 | 000,000,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
    [2013/03/24 21:30:14 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
    [2013/03/24 21:30:14 | 000,001,794 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
    [2013/03/24 21:30:14 | 000,001,794 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
    [2013/03/09 15:02:38 | 000,123,284 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
    [2013/01/23 10:02:51 | 000,763,958 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2013/01/22 12:49:54 | 000,000,273 | ---- | C] () -- C:\Windows\lgfwup.ini
    [2013/01/22 09:03:50 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2013/01/22 09:03:50 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2013/01/21 14:39:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2013/01/21 12:38:04 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
    [2013/01/21 12:37:59 | 000,032,714 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
    [2012/12/19 20:52:22 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2012/12/19 20:52:22 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
    [2012/11/27 02:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
    [2012/06/19 13:02:17 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe
    [2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2011/09/12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

    ========== ZeroAccess Check ==========

    [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2013/03/30 14:09:27 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Activision
    [2013/04/16 12:42:50 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Azureus
    [2013/02/08 09:30:02 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\OpenOffice.org
    [2013/01/29 20:15:42 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Origin
    [2013/04/08 12:32:04 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Windows Live Writer

    ========== Purity Check ==========



    < End of report >
     
  10. markshim

    markshim Thread Starter

    Joined:
    Jan 20, 2009
    Messages:
    94
    and here is the second

    OTL Extras logfile created on: 17/04/2013 07:42:30 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mark\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16540)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    7.91 Gb Total Physical Memory | 6.55 Gb Available Physical Memory | 82.84% Memory free
    15.81 Gb Paging File | 14.26 Gb Available in Paging File | 90.15% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 447.13 Gb Total Space | 292.84 Gb Free Space | 65.49% Space Free | Partition Type: NTFS
    Drive D: | 931.41 Gb Total Space | 637.06 Gb Free Space | 68.40% Space Free | Partition Type: NTFS
    Drive E: | 1397.26 Gb Total Space | 640.08 Gb Free Space | 45.81% Space Free | Partition Type: NTFS

    Computer Name: MARK-PC | User Name: Mark | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0676A100-59A2-4767-A50D-0420D74BED72}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{0769FBEB-2084-4013-9AFB-59DA45824162}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{080A77D3-4E31-42E0-A955-1279B5AB818B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{11399A7F-5E1C-4B00-B564-ED0BD1BDD1DB}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam games\steamapps\common\warframe\warframe.exe |
    "{2069F8A4-0159-49DA-BDB5-F23CA552AF8C}" = rport=137 | protocol=17 | dir=out | app=system |
    "{3797F6D3-526C-43C3-B335-69400A693F09}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{4A596D78-3E43-4D75-BE93-3F47B2939F33}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{4C610FDC-67F6-4002-8A15-79EFA4981195}" = lport=137 | protocol=17 | dir=in | app=system |
    "{5F9C09B2-8659-40CF-B370-95E320146606}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{6EC3AACF-C4AB-41C0-8BDB-2FFF4ACFEE30}" = rport=139 | protocol=6 | dir=out | app=system |
    "{72C27D61-5AB4-4D58-BFD5-996D601381D0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{7D236B7E-AC6C-480A-8C5C-ACEE04452D98}" = rport=138 | protocol=17 | dir=out | app=system |
    "{7EF08DE0-480D-4BCC-A19F-0820F2B7274F}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam games\steamapps\common\warframe\tools\launcher.exe |
    "{9046B912-C167-4893-8B4F-0E652EAF431B}" = lport=138 | protocol=17 | dir=in | app=system |
    "{9E402A14-D170-4BE0-8D60-F5C9B70F21B1}" = lport=445 | protocol=6 | dir=in | app=system |
    "{A23096CF-9234-4803-B91E-2AC96A10E863}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam games\steamapps\common\warframe\warframe.x64.exe |
    "{B0FEC503-9829-4834-927E-94F5962D59C6}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{B570C96B-D8B9-4F3B-BAFC-517036D1DE5C}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{BA3A2BEE-8AE3-4693-98E9-929F0F704B46}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{C7064390-0DC1-4FF2-AF2A-184B43022AB6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{CFB18EE9-41D7-4146-99CF-E998A8489758}" = lport=139 | protocol=6 | dir=in | app=system |
    "{D002D532-1775-4F46-ADB3-07D6E927D771}" = rport=445 | protocol=6 | dir=out | app=system |
    "{E5180CAB-33E6-493D-ABA1-3169FDE8B2F0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{E739649A-3F3E-4F01-BCF6-AA35FB64C939}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{EAB88F34-38C3-4F12-A5F4-CF6419B7490A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{EFBA36C0-58BD-411D-8A96-CAE576BF9818}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0348F4F5-A0EE-4765-86AC-4830D2FFC5D1}" = protocol=6 | dir=in | app=d:\games\origin games\mass effect 3\binaries\win32\masseffect3.exe |
    "{06B4FE9C-B985-4AFD-8136-DDDB98833779}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{076C80CC-9AA8-4ED7-9F3B-0975F10BE796}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\sleepingdogs\hkship.exe |
    "{08184982-D748-4693-ACFE-A59C297D2DFC}" = protocol=17 | dir=in | app=d:\games\assassin`s creed 3\assassinscreed3.exe |
    "{08C0B7EB-513A-4DC6-8B72-21D323704EBA}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\tomb raider\tombraider.exe |
    "{0DD64570-8C1C-4FD8-9685-D9E8F5CF8E58}" = protocol=6 | dir=in | app=d:\games\origin games\crysis 3\bin32\crysis3.exe |
    "{14893B49-2965-4A50-B61B-F2B38B9F01B3}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe |
    "{174F78CC-C5B9-4CFE-A8FF-0171AE1EB0F3}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat |
    "{19DB3523-E4B4-4C88-AE30-1B193743832C}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\aliens colonial marines\binaries\win32\acm.exe |
    "{1AC3721D-775C-44B3-AE4F-C53695503A4A}" = protocol=17 | dir=in | app=d:\games\origin games\dead space 3\deadspace3.exe |
    "{1CA288A0-B729-4ACF-87AE-7401717409DD}" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\the secret world\clientpatcher.exe |
    "{2094B211-509B-4D6D-AE52-450CD6B4F74B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{249D8ED8-22CD-4E22-A937-5C7301302EC9}" = protocol=6 | dir=in | app=d:\games\batman arkham city\binaries\win32\batmanac.exe |
    "{26277DE4-4FFB-4C92-BFE8-04BE1906C448}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
    "{28C828F9-F1B7-4AEB-9583-68941AE901B1}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
    "{2B1E1769-658A-4DD5-98B0-7E1503819D95}" = protocol=6 | dir=in | app=d:\games\assassin`s creed 3\ac3sp.exe |
    "{2B21C2F9-8268-4571-A06D-9DC2C40C55CC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{2B40770D-4CED-4D56-84F2-C15C4BE05A4A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{2E1F6112-8691-486E-B5CE-C09AF840562C}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe |
    "{315814E5-32DA-4FE6-9710-4FF22C9CED76}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\forge\binaries\win32\forgegame.exe |
    "{338CD86E-07CA-48AE-9907-9B5BC9C485BE}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
    "{3476E3DD-74BB-4390-AA19-568923241AC1}" = protocol=6 | dir=in | app=d:\games\assassin`s creed 3\assassinscreed3.exe |
    "{390D6F14-03A9-4CC6-9FD7-EF1153238340}" = protocol=17 | dir=out | app=c:\program files (x86)\steam games\steamapps\common\warframe\warframe.exe |
    "{3A293B0F-63D7-4079-87A7-E6FD8645F0E5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
    "{3B88F8C0-3273-4E47-B176-367FC36AAF0E}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\forge\binaries\win32\forgegame.exe |
    "{3D3CC0D8-2CF3-40BC-9CFD-3C290BDACD3A}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\transformers fall of cybertron\binaries\tfoc.exe |
    "{3F65313B-691E-465D-A7B1-C62510EB4C3E}" = protocol=17 | dir=out | app=c:\program files (x86)\steam games\steamapps\common\warframe\warframe.x64.exe |
    "{42144E08-5CB8-4822-A86D-A0C8E986E36B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{4229B66A-0596-45FA-A2C1-4A3C613B0A2C}" = protocol=17 | dir=in | app=d:\games\origin games\mass effect 3\binaries\win32\masseffect3.exe |
    "{47F3233F-F637-4ED3-9E22-AB6A8EA8CFFC}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
    "{48CC6A65-892E-49CE-A810-09624E01F7A8}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
    "{4B9C6081-4A7C-4970-A9A1-6183563B646D}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\transformers fall of cybertron\binaries\tfoc.exe |
    "{4F8983C2-70A6-4BFF-92E8-B928AAB7058C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{4FF7DAB6-4E97-49D6-8AD9-42536E38EDFE}" = protocol=17 | dir=in | app=d:\games\farcry 3\bin\fc3updater.exe |
    "{5BB77250-1DCB-41C2-8535-DDA8B01B4732}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\tomb raider\tombraider.exe |
    "{62AA28F3-4857-47B8-93D8-108BF10D4131}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{63856D3B-5429-43F3-A382-7C2321FB2457}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{638A37A6-6B09-4E31-9F15-45FED41D3DDD}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe |
    "{6704C77E-A9AC-4228-9437-DAACAA309A72}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{6A86E91E-5DAC-4F54-BF8A-927809CDF3C2}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\sleepingdogs\hkship.exe |
    "{6C0E34E3-9C67-47CB-AB33-D6492A4DDE1E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{6D6E7DEB-B308-4BA6-8EA0-D27739C5753A}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
    "{6F24E20B-ADFF-4DEE-82DF-2549DB900394}" = protocol=6 | dir=in | app=d:\games\origin games\dead space 3\deadspace3.exe |
    "{70FDDBFA-0A0F-4144-9C9A-535511EDA9E7}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{73CE496B-C2C8-4C5D-90E6-EFC2DF2012BB}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{75F0E374-7382-4636-9867-ADBF811A4E33}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe |
    "{76792262-7930-4078-9BBF-BDDA494CCD32}" = protocol=17 | dir=in | app=d:\games\farcry 3\bin\fc3editor.exe |
    "{779C7371-E42D-4484-A2AA-E2A9956BB3F8}" = protocol=17 | dir=in | app=d:\games\assassin`s creed 3\ac3sp.exe |
    "{7B8736ED-77F7-4CC0-8CB5-65F4A6E02B9C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{82DE779B-5587-4909-BFCC-156DA291C470}" = protocol=17 | dir=in | app=d:\games\origin games\crysis 3\bin32\crysis3.exe |
    "{8423D1C5-6907-4B43-BA73-FA168692CB04}" = protocol=6 | dir=in | app=d:\games\farcry 3\bin\farcry3_d3d11.exe |
    "{843A6A79-9FAA-4AD7-BEEF-6278AF0E228B}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
    "{8D3A0FE9-21D5-4877-8B70-98E001C0A4F8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
    "{8E2ACF7F-5922-474C-A80C-7892688D9711}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\skyrim\skyrimlauncher.exe |
    "{90685393-1D4C-4407-A513-5CBE3C9735C1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{915BF1B8-E3A7-4DDD-9049-13D4EB69CAB6}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
    "{930EEA8C-B378-410A-895E-0BB52C70DC09}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
    "{936CF313-C15A-4398-8FE7-858DCECEA2D3}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
    "{9958101A-93CC-40AD-862B-416CC9F509E1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{9A4DD81D-B3C1-492B-812A-D2FA1A0E9A36}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe |
    "{9B2CFE0B-3972-4DA5-B26A-B9B40716ADD8}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\hitman absolution\hma.exe |
    "{9F4A7939-30C2-42F4-849B-BA38B4F82FE6}" = protocol=6 | dir=in | app=d:\games\farcry 3\bin\fc3editor.exe |
    "{9FCDAD00-5C55-474F-9858-9D083326D864}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
    "{A1319F8D-ECE3-48F6-A146-A96330EB1DC3}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
    "{A1575959-81AB-432F-9C53-630E404C85C7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{A19EBD9D-96E6-4FB0-AD5A-0CC1079F53EF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{A26E69D6-0F44-46F9-B514-C0D61CD27914}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
    "{A43A4652-0EEA-444F-9212-DC0776E8C081}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{A5E3E32E-71CB-4592-AEC8-253FF8194723}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
    "{A9294E7A-AC51-4FA5-BA25-D2CFA02DFD08}" = protocol=6 | dir=out | app=system |
    "{A9456A10-15A3-47DB-AC1B-4BB1870169AC}" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\the secret world\clientpatcher.exe |
    "{AAC5F258-8890-4F7D-86D8-A918394E55B7}" = protocol=17 | dir=in | app=d:\games\batman arkham city\binaries\win32\batmanac.exe |
    "{AB60D1B9-00B0-4AC1-B203-51841BD2D39E}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat |
    "{B10DE750-BA38-4F3E-8C77-EE4F38C4C7C1}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
    "{B27637E4-C44C-43CF-9029-FBD08FAC74FF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{B4344F08-5979-40A6-A66A-5E15920FFDBB}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\skyrim\skyrimlauncher.exe |
    "{B580F218-3F1A-4C84-AE42-6DEBA603DD56}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{B7DC3B36-ABED-4F90-A15B-C1CD68D3FFA5}" = protocol=6 | dir=in | app=d:\games\farcry 3\bin\farcry3.exe |
    "{B813A108-A054-42E6-BEC9-F1BB0BD7E71F}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\hitman absolution\hma.exe |
    "{C0F065AD-ADEC-42AC-8A7E-9970A9831BB5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{C1E4BA09-867D-4A9A-BD02-D5CBEB2B2919}" = protocol=17 | dir=in | app=c:\program files (x86)\steam games\steamapps\common\warframe\warframe.exe |
    "{C2B8423D-1BE0-4A85-BE3F-271F50DB67D4}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{C520E883-0122-4C03-B2C9-2BD22400E1BA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{C574DA44-87E7-449E-9A4C-01C6F4D9EBC2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{C68BD4F1-5865-435C-9634-A121ED5E086D}" = protocol=6 | dir=in | app=d:\games\farcry 3\bin\fc3updater.exe |
    "{CC18E2CE-3A6A-4F01-A6D8-024BE5D7A54E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{D01B05CF-BDA7-4A5F-80F9-752D9BB9935A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{D173470D-A976-4EB8-A8C1-A4F669424053}" = protocol=17 | dir=in | app=d:\games\farcry 3\bin\farcry3.exe |
    "{D6A86273-3221-4E47-9D99-BFDA3D0C283C}" = protocol=17 | dir=in | app=d:\games\farcry 3\bin\farcry3_d3d11.exe |
    "{DDCCBE1E-CFC2-49DE-8817-37498ACA14AB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
    "{E17897DE-A762-44DF-BBC8-95A55436FD25}" = protocol=6 | dir=in | app=d:\games\assassin`s creed 3\ac3mp.exe |
    "{E80317D3-96B4-4AD4-9484-E960FC0C525A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam games\steamapps\common\warframe\warframe.x64.exe |
    "{EB30AE59-647C-4EB8-B6E7-2796F3BAD0EC}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\aliens colonial marines\binaries\win32\acm.exe |
    "{EC6760E5-54AB-489D-941C-2CEBA0AE88D1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{EF259832-0C1F-4E7A-989B-C57D1BE01027}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe |
    "{F22D16B3-9E4E-4B1A-96BE-81F300DB8D7B}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
    "{F333F6BF-A7AB-49E8-BD3D-9A8AAD18AFA3}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
    "{F5DF95FA-918D-41CE-A738-8CB61DFED30F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{F8CBC437-02D9-4058-A912-821D994DD880}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{FD7DB2A1-2D7C-4C26-BEF8-3634F3D22BB1}" = protocol=17 | dir=in | app=d:\games\assassin`s creed 3\ac3mp.exe |
    "TCP Query User{3287921C-864E-42C4-83DC-36862211B67D}D:\games\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=d:\games\diablo iii\diablo iii.exe |
    "TCP Query User{FCB42B94-B134-4CF1-9EDC-DF8074FD6F90}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
    "UDP Query User{2D5C9072-B822-4345-BA2B-1AD522FE9A30}D:\games\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=d:\games\diablo iii\diablo iii.exe |
    "UDP Query User{FAD53A4B-0505-46E0-9F7E-95BC780F184B}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
    "{0B3944DA-6702-3E35-A0E7-ED8923990777}" = AMD Media Foundation Decoders
    "{0DF85F1E-CDB6-8559-ED64-39A2CADD6CD6}" = AMD Accelerated Video Transcoding
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{24229F0C-8DA9-16FC-4C26-30434495C309}" = ccc-utility64
    "{26A24AE4-039D-4CA4-87B4-2F86417017FF}" = Java 7 Update 17 (64-bit)
    "{27FFD9F6-7A4C-3DA3-6043-46F396C1F190}" = AMD Fuel
    "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{50605356-0770-EC17-4043-3018D1D5CA25}" = AMD Drag and Drop Transcoding
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft Mouse and Keyboard Center
    "{833F5E6D-6E01-11D1-978E-6DFBCEF72570}" = AMD Steady Video Plug-In
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{B185BFAE-3799-C2DD-887F-7089378E54F4}" = AMD Catalyst Install Manager
    "{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
    "{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
    "{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
    "8461-7759-5462-8226" = Vuze
    "CCleaner" = CCleaner
    "CPUID CPU-Z_is1" = CPUID CPU-Z 1.63.0
    "CPUID HWMonitor_is1" = CPUID HWMonitor 1.21
    "Defraggler" = Defraggler
    "GIMP-2_is1" = GIMP 2.8.4
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
    "WinRAR archiver" = WinRAR 4.20 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
    "{069386F2-16F3-CCA7-C044-A7893B86806C}" = Catalyst Control Center Graphics Previews Common
    "{0D7C39F2-2DC2-A6B6-CDE6-0D3E7BE2404E}" = CCC Help Russian
    "{12263319-9EDA-2A2E-11B4-34F08B921462}" = CCC Help Portuguese
    "{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
    "{1BE6921C-7A44-BE7A-59A3-736BB1247344}" = CCC Help Spanish
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
    "{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
    "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
    "{2CBAA417-378B-AEF3-4CC3-7C354B4A4829}" = CCC Help Norwegian
    "{2F101140-A43E-A526-0297-31C710FDBB44}" = CCC Help Danish
    "{3135E6FE-6238-DA26-3981-C4F90CE0B3C7}" = CCC Help Polish
    "{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
    "{3D36F763-3A90-64AB-2E19-FDC1CA086FB0}" = AMD VISION Engine Control Center
    "{3DCF3BFD-2DC1-C074-CB71-A285FF8B2E73}" = CCC Help Dutch
    "{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool
    "{4198AE83-A3C6-4C41-85C8-EC63E990696E}" = Crysis®3
    "{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
    "{52D9D448-D186-7743-3631-7B4AC77E9263}" = CCC Help German
    "{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect&#8482; 3
    "{570174D7-87BF-4B48-878F-29C57E387D38}" = DEFIANCE
    "{57520FA0-A73E-4165-BCA2-D71000038301}" = Batman: Arkham City&#8482;
    "{57520FA0-AC56-469B-9983-FF1000008300}" = Batman: Arkham City&#8482;
    "{5FB7F9E3-3BB7-9847-9AB6-D1D48F226521}" = CCC Help Chinese Standard
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit
    "{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
    "{66B584FB-C50C-235E-A1DE-E7B18B1CF85C}" = CCC Help Czech
    "{68C41F0E-A63F-F109-7764-027DF46CAA06}" = CCC Help Korean
    "{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
    "{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
    "{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
    "{8B257B9D-C51C-80F5-1757-AB16A34A3BBB}" = Catalyst Control Center Localization All
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
    "{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
    "{92C35013-BC4A-F17B-FC10-24475B080D84}" = CCC Help French
    "{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed(R) III v1.03
    "{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
    "{9FB0965D-A678-4DA0-FBA4-66009A4FE297}" = Catalyst Control Center InstallProxy
    "{9FD04D98-D045-7238-CE17-C4827D0C3108}" = CCC Help Chinese Traditional
    "{A231A6F2-2C80-6203-ED35-2CFB96B25A38}" = Application Profiles
    "{A2E584E3-C62B-7BE3-B73E-6AF977049F15}" = CCC Help Japanese
    "{A6713266-9D19-6C62-7D40-68193E4BC68F}" = CCC Help Thai
    "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
    "{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
    "{BB375893-701A-BD0D-B598-77253800851E}" = CCC Help Hungarian
    "{BB78ACFC-C4FE-E3D2-6FC6-64510293B33D}" = CCC Help Italian
    "{BC8BFE07-5957-63CA-5BEB-5BF13D1742C6}" = CCC Help Greek
    "{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
    "{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
    "{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
    "{CA1E3917-BE53-DEB1-0F4A-237BE9C44675}" = CCC Help Swedish
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
    "{D4329609-4102-4F8C-B83F-7FE024EEA314}" = Dead Space&#8482; 3
    "{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
    "{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
    "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
    "{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
    "{EB5A441E-B26E-9B91-CB98-931A00C7C752}" = CCC Help Finnish
    "{EB5E4F0C-CAAD-3113-09A8-CB469F09B110}" = CCC Help English
    "{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0DEF695-5A47-A3E7-BF3F-1436A505AACD}" = CCC Help Turkish
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Avira AntiVir Desktop" = Avira Antivirus Premium
    "CrystalDiskInfo_is1" = CrystalDiskInfo 5.4.2 Shizuku Edition
    "FileHippo.com" = FileHippo.com Update Checker
    "Fraps" = Fraps
    "GFWL_{57520FA0-AC56-469B-9983-FF1000008300}" = Batman: Arkham City&#8482;
    "Google Chrome" = Google Chrome
    "Guild Wars 2" = Guild Wars 2
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool
    "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Origin" = Origin
    "PunkBusterSvc" = PunkBuster Services
    "Steam App 203160" = Tomb Raider
    "Steam App 213120" = Transformers: Fall of Cybertron
    "Steam App 218230" = PlanetSide 2
    "Steam App 220440" = DmC Devil May Cry
    "Steam App 230410" = Warframe
    "Steam App 49540" = Aliens: Colonial Marines
    "Steam App 8870" = BioShock Infinite
    "The Secret World_is1" = The Secret World
    "Uplay" = Uplay
    "VLC media player" = VLC media player 2.0.6
    "WinLiveSuite" = Windows Live Essentials

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "SOE-C:/Users/Mark/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 06/04/2013 02:23:48 | Computer Name = Mark-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: PlanetSide2.exe, version: 0.0.0.0, time
    stamp: 0x515cf844 Faulting module name: PlanetSide2.exe, version: 0.0.0.0, time
    stamp: 0x515cf844 Exception code: 0xc0000005 Fault offset: 0x007ee030 Faulting process
    id: 0x11cc Faulting application start time: 0x01ce328db8075ac0 Faulting application
    path: C:\Program Files (x86)\Steam Games\SteamApps\common\PlanetSide 2\PlanetSide2.exe
    Faulting
    module path: C:\Program Files (x86)\Steam Games\SteamApps\common\PlanetSide 2\PlanetSide2.exe
    Report
    Id: 89e8f22f-9e82-11e2-a0bb-3085a98e9c0b

    Error - 09/04/2013 07:29:10 | Computer Name = Mark-PC | Source = Chrome | ID = 1
    Description =

    Error - 09/04/2013 16:02:32 | Computer Name = Mark-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: Patcher.exe, version: 2.0.0.0, time stamp:
    0x516311ec Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp:
    0x4df2be1e Exception code: 0xc0000005 Fault offset: 0x00001f68 Faulting process id:
    0x13e8 Faulting application start time: 0x01ce354d5575d5bd Faulting application path:
    C:\Users\Mark\AppData\Local\DEFIANCE\Patcher.exe Faulting module path: C:\Windows\system32\MSVCR100.dll
    Report
    Id: 69d513a5-a150-11e2-9938-3085a98e9c0b

    Error - 11/04/2013 07:20:09 | Computer Name = Mark-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: PlanetSide2.exe, version: 0.0.0.0, time
    stamp: 0x5164dd62 Faulting module name: PlanetSide2.exe, version: 0.0.0.0, time
    stamp: 0x5164dd62 Exception code: 0xc0000005 Fault offset: 0x007ee030 Faulting process
    id: 0x87c Faulting application start time: 0x01ce36a438a5393a Faulting application
    path: C:\Program Files (x86)\Steam Games\SteamApps\common\PlanetSide 2\PlanetSide2.exe
    Faulting
    module path: C:\Program Files (x86)\Steam Games\SteamApps\common\PlanetSide 2\PlanetSide2.exe
    Report
    Id: c4c92367-a299-11e2-8c32-3085a98e9c0b

    Error - 12/04/2013 07:01:57 | Computer Name = Mark-PC | Source = .NET Runtime | ID = 1023
    Description =

    Error - 12/04/2013 07:01:58 | Computer Name = Mark-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: CCC.exe, version: 3.5.0.0, time stamp:
    0x4f8350e0 Faulting module name: clr.dll, version: 4.0.30319.296, time stamp: 0x50483916
    Exception
    code: 0xc0000005 Fault offset: 0x00000000001acf00 Faulting process id: 0xbec Faulting
    application start time: 0x01ce376757056f60 Faulting application path: C:\Program
    Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe Faulting module path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
    Report
    Id: 646262bb-a360-11e2-bd18-3085a98e9c0b

    Error - 12/04/2013 07:43:54 | Computer Name = Mark-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: PlanetSide2.exe, version: 0.0.0.0, time
    stamp: 0x51671537 Faulting module name: PlanetSide2.exe, version: 0.0.0.0, time
    stamp: 0x51671537 Exception code: 0xc0000005 Fault offset: 0x007ee030 Faulting process
    id: 0xcd0 Faulting application start time: 0x01ce377186e9c66a Faulting application
    path: C:\Program Files (x86)\Steam Games\SteamApps\common\PlanetSide 2\PlanetSide2.exe
    Faulting
    module path: C:\Program Files (x86)\Steam Games\SteamApps\common\PlanetSide 2\PlanetSide2.exe
    Report
    Id: 4004b029-a366-11e2-bd18-3085a98e9c0b

    Error - 14/04/2013 14:41:59 | Computer Name = Mark-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: PlanetSide2.exe, version: 0.0.0.0, time
    stamp: 0x5168a1d8 Faulting module name: PlanetSide2.exe, version: 0.0.0.0, time
    stamp: 0x5168a1d8 Exception code: 0xc0000005 Fault offset: 0x024fa960 Faulting process
    id: 0x11c8 Faulting application start time: 0x01ce393cd47d33a4 Faulting application
    path: C:\Program Files (x86)\Steam Games\SteamApps\common\PlanetSide 2\PlanetSide2.exe
    Faulting
    module path: C:\Program Files (x86)\Steam Games\SteamApps\common\PlanetSide 2\PlanetSide2.exe
    Report
    Id: fcacc65f-a532-11e2-bb18-3085a98e9c0b

    Error - 15/04/2013 04:10:00 | Computer Name = Mark-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: Patcher.exe, version: 2.0.0.0, time stamp:
    0x516311ec Faulting module name: Patcher.exe, version: 2.0.0.0, time stamp: 0x516311ec
    Exception
    code: 0xc0000005 Fault offset: 0x0000a3bd Faulting process id: 0x1184 Faulting application
    start time: 0x01ce39b095920387 Faulting application path: C:\Users\Mark\AppData\Local\DEFIANCE\Patcher.exe
    Faulting
    module path: C:\Users\Mark\AppData\Local\DEFIANCE\Patcher.exe Report Id: de1f9865-a5a3-11e2-8e15-3085a98e9c0b

    Error - 16/04/2013 02:52:11 | Computer Name = Mark-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: Patcher.exe, version: 2.0.0.0, time stamp:
    0x516c3806 Faulting module name: Patcher.exe, version: 2.0.0.0, time stamp: 0x516c3806
    Exception
    code: 0xc0000005 Fault offset: 0x0000a17d Faulting process id: 0x560 Faulting application
    start time: 0x01ce3a6eb2c10f7d Faulting application path: C:\Users\Mark\AppData\Local\DEFIANCE\Patcher.exe
    Faulting
    module path: C:\Users\Mark\AppData\Local\DEFIANCE\Patcher.exe Report Id: 299a87c5-a662-11e2-93c8-3085a98e9c0b

    [ System Events ]
    Error - 15/04/2013 02:30:36 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    BTHidMgr

    Error - 15/04/2013 03:48:38 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    BTHidMgr

    Error - 16/04/2013 02:31:35 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    BTHidMgr

    Error - 16/04/2013 07:10:17 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    BTHidMgr

    Error - 16/04/2013 07:44:08 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    BTHidMgr

    Error - 16/04/2013 07:59:41 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    BTHidMgr

    Error - 16/04/2013 08:03:56 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    BTHidMgr

    Error - 16/04/2013 09:51:12 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    BTHidMgr

    Error - 17/04/2013 02:33:18 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    BTHidMgr

    Error - 17/04/2013 02:40:17 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    BTHidMgr


    < End of report >
     
  11. markshim

    markshim Thread Starter

    Joined:
    Jan 20, 2009
    Messages:
    94
    hope i did the scans ok ?
     
  12. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Yup you did well.

    There is a service installed for that Bluetooth software, run this fix below to remove it, it should clear up the problem.

    OTL - System Scan/Fix
    Important!---> Close all applications and windows so that you have nothing open and are at your Desktop.

    • Double click on the OTL icon to execute it. DO NOT open any other process or browser so OTL can run uninterrupted.
    • Under the Standard Registry box change it to All.
    • Check/tick the boxes beside LOP Check and Purity Check.


    Code:
    :commands
    [createrestorepoint]
    [EMPTYTEMP]
    
    :OTL
    
    
    :FILES
    C:\Windows\SysNative\drivers\btcusb.sys
    :Services
    Btcsrusb
     
    
    
    • Copy & Paste everything in the Code box above into the Custom Scan/Fixes box.
    • Click the Run Fix button. If prompted... click OK.
    • When the scan completes the system will reboot, log back in to your normal account.
    • Notepad will open with the scan results. Please Copy & Paste the entire report into your next reply.
    • The report is also saved in this location: C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
     
  13. markshim

    markshim Thread Starter

    Joined:
    Jan 20, 2009
    Messages:
    94
    hi,
    ok here is the log after the fix

    All processes killed
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Mark
    ->Temp folder emptied: 190652 bytes
    ->Temporary Internet Files folder emptied: 6220039 bytes
    ->Java cache emptied: 1206668 bytes
    ->Google Chrome cache emptied: 32379987 bytes
    ->Flash cache emptied: 506 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50461 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 38.00 mb

    ========== OTL ==========
    ========== FILES ==========
    C:\Windows\SysNative\drivers\btcusb.sys moved successfully.
    ========== SERVICES/DRIVERS ==========
    Service Btcsrusb stopped successfully!
    Service Btcsrusb deleted successfully!

    OTL by OldTimer - Version 3.2.69.0 log created on 04172013_084038

    Files\Folders moved on Reboot...
    C:\Users\Mark\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...


    i just check event viewer and im still getting the error
     
  14. markshim

    markshim Thread Starter

    Joined:
    Jan 20, 2009
    Messages:
    94
    am i going to have to reinstall windows 7 or can i just leave the error or is there something else i can try ?
     
  15. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    A re-install would be the last resort. The above deletion took out the service entry, but there must a registry entry still in the system, we shall see if this can find it.

    STEP 1
    NOTE: If you have already used Combofix please delete the icon from your desktop.

    • Please download DeFogger and save it to your desktop.
    • Once downloaded, double-click on the DeFogger icon to start the tool.
    • The application window will appear.
    • You should now click on the Disable button to disable your CD Emulation drivers.
    • When it prompts you whether or not you want to continue, please click on the Yes button to continue.
    • When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
    • If CD Emulation programs are present and have been disabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.



    STEP 2
    Please download ComboFix [​IMG] from one of the locations below and save it to your Desktop. <-Important!!!


    Be sure to print out and follow these instructions: A guide and tutorial on using ComboFix

    Vista/Windows 7 users can skip the Recovery Console instructions and use the Windows DVD to boot into the Vista Recovery Environment or Windows 7 System Recovery Options if something goes awry. If you do not have a Windows 7 DVD then please create a Windows 7 Repair Disc. XP users need to install the Recovery Console first.

    • Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Click this link to see a list of such programs and how to disable them.
    • If ComboFix detects an older version of itself, you will be asked to update the program.
    • ComboFix will begin by showing a Disclaimer. Read it and click I Agree if you want to continue.
    • Follow the prompts and click on Yes to continue scanning for malware.
    • If using Windows 7 or Vista and you receive a UAC prompt asking if you want to continue running the program, you should press the Continue button.
    • When finished, please copy and paste the contents of C:\ComboFix.txt (which will open after reboot) in your next reply.
    • Be sure to re-enable your anti-virus and other security programs.

    -- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.
    -- ComboFix will temporarily disable your desktop, and if interrupted may leave it disabled. If this occurs, please reboot to restore it.
    -- ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security.


    If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "How to Guide" you printed out earlier. Those instructions only apply to XP, for Vista and Windows 7 go here: Internet connection repair

    NOTE: if you see a message like this when you attempt to open anything after the reboot "Illegal Operation attempted on a registry key that has been marked for deletion" please reboot the system again and the warning should not return.

     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1096167