InternetCorkboard/MonsterMarkeplace

Hey,
I know this has been posted before but it said the thread was locked so I made my own.
I'm got an extremely annoying spyware that crops up in the text of a website and appears as a blue double underlined bold text such as this "Ionization is the loss or gain of electrons "
I have researched it a bit and i have found the monstermarket place thing is quite serious, and can breach your privacy and security- something very valued for buying things etc- i now am paranoid to buy anything with my card or paypal in case its keylogging. Tried scanning it with IObit, AVG, STOPzilla, Malwarebytes but only a few things have come up on Malwarebytes which have made no difference when fixed. I had this problem with internet corkboard a while back with orange underlined but it went away (no idea how or when).
I have tried to download the DDS file but it comes up with "High security alert- you do not have permission to run dds.scr" and wont run. Have run DeFogger as well. Looking around I have seen alot of people using a program called "Hijackthis" so I hope it will be equally helpful.
This is my Hijack this log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:04:29 PM, on 25/02/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\PC Monitor\pcmontask.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
C:\Windows\System32\WTClient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell V505\dldwMsdMon.exe
C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Users\richard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\richard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\richard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\richard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\richard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\richard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASC.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Users\richard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\richard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\richard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: ALOT Toolbar Helper - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\BHO\alotBHO.dll
O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.5.0\PriceGongIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: PlayBryte BHO - {61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} - mscoree.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O3 - Toolbar: (no name) - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - (no file)
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [PC Monitor Operations] "C:\Program Files\PC Monitor\pcmontask.exe"
O4 - HKLM\..\Run: [dldwmon.exe] "C:\Program Files\Dell V505\dldwmon.exe"
O4 - HKLM\..\Run: [dldwamon] "C:\Program Files\Dell V505\dldwamon.exe"
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKCU\..\Run: [Google Update] "C:\Users\richard\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
O4 - HKCU\..\Run: [chromium] C:\Users\richard\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dldwCATSCustConnectService - Unknown owner - C:\Windows\system32\spool\DRIVERS\W32X86\3\\dldwserv.exe
O23 - Service: dldw_device - - C:\Windows\system32\dldwcoms.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Monitor - MMSOFT Design Ltd. - C:\Program Files\PC Monitor\PCMonitorSrv.exe
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\Windows\System32\Drivers\WTSRV.EXE

--
End of file - 9511 bytes

I hope it helps- PLEASE HELP ME OUT HERE SO I CAN BUY THINGS AGAIN!!
My GMER log is also attached if that helps as well (just saw the guidelines)
Thanks alot.

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report

• Please download OTL from one of the following mirrors:
  • This is THE Mirror
• Save it to your desktop.
• Double click on the icon on your desktop.
• Click the "Scan All Users" checkbox.
• In the custom scan box paste the following:
  

  msconfig
  safebootminimal
  activex
  drivers32
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  explorer.exe
  winlogon.exe
  wininit.exe
  hlp.dat
  /md5stop

• Push the button.
• Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

Extras notepad:


OTL Extras logfile created on: 29/02/2012 2:06:41 PM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\richard\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 39.94% Memory free
5.99 Gb Paging File | 3.85 Gb Available in Paging File | 64.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 30.34 Gb Free Space | 27.14% Space Free | Partition Type: NTFS

Computer Name: RICHARD-WIN7 | User Name: richard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4000209584-1616845257-140762378-1001\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{067B277E-F94B-4F04-B380-BA967C00377C}_is1" = MiniTool Partition Wizard Home Edition 6.0
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2B5A75F0-FD85-4094-AB00-94902398D192}" = Sony Media Manager 2.2
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{686695ED-BB3F-415D-B0DB-18CF535F7B50}" = Driver Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76423878-BF55-4C2F-AC25-2A82CE9AFB7A}" = Windows 7 Logon Background Changer
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BC22DA2E-AA55-4984-8026-CF55A66E0AC8}" = PC Monitor
"{c405aff6-f3ce-4669-865f-a0a89aa11e70}" = STOPzilla
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CC085605-79A6-3D50-6AE8-42D213ECBAFC}" = BBC iPlayer Desktop
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}" = Epson Connect Printer Setup
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{E728441A-7820-4B1C-87C9-DE7BE37B2953}" = Download Navigator
"{E7E84E23-C5C0-4B15-B13A-C63149E59C98}" = AVG 2012
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.02.002
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FFF841F3-9A15-4F61-BD16-C19F132E5A27}" = Epson Easy Photo Print 2
"7-Zip" = 7-Zip 9.20
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced SystemCare 4_is1" = Advanced SystemCare 4
"Allmyapps" = Allmyapps
"alotToolbar" = ALOT Toolbar
"ASIO4ALL" = ASIO4ALL
"AudioRetoucher_is1" = AudioRetoucher 3.15
"AVG" = AVG 2012
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Dell V505" = Dell V505
"DFX for Windows Media Player" = DFX for Windows Media Player
"EPSON Scanner" = EPSON Scan
"EPSON SX440 Series Bog" = Basic Operation Guide EPSON SX440 Series
"EPSON SX440 Series Netg" = Network Guide EPSON SX440 Series
"EPSON SX440 Series Useg" = User's Guide EPSON SX440 Series
"ExpressZip" = Express Zip File Compression Software
"Firebird SQL Server US" = Firebird SQL Server - MAGIX Edition
"FL Studio " = FL Studio 10.0.2
"FL Studio 10" = FL Studio 10
"Game Booster_is1" = Game Booster 3
"IL Download Manager" = IL Download Manager
"InterActual Player" = InterActual Player
"IObit Malware Fighter_is1" = IObit Malware Fighter
"MAGIX Screenshare US" = MAGIX Screenshare 4.3.6.1987 (US)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Pixillion" = Pixillion Image Converter
"PriceGong" = PriceGong 2.5.0
"Prism" = Prism Video File Converter
"SpeedFan" = SpeedFan (remove only)
"Steam App 22380" = Fallout: New Vegas
"Switch" = Switch Sound File Converter
"SynTPDeinstKey" = Dell Touchpad
"TabletDriver" = Trust Tablet Driver
"Update Service" = Sony Ericsson Update Service
"WinGimp-2.0_is1" = GIMP 2.6.11

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4000209584-1616845257-140762378-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = CopyTrans Suite Remove Only
"f031ef6ac137efc5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28/02/2012 6:30:24 PM | Computer Name = richard-win7 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 28/02/2012 6:30:24 PM | Computer Name = richard-win7 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1232

Error - 28/02/2012 6:30:24 PM | Computer Name = richard-win7 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1232

Error - 28/02/2012 6:30:25 PM | Computer Name = richard-win7 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 28/02/2012 6:30:25 PM | Computer Name = richard-win7 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2293

Error - 28/02/2012 6:30:25 PM | Computer Name = richard-win7 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2293

Error - 28/02/2012 6:30:26 PM | Computer Name = richard-win7 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 28/02/2012 6:30:26 PM | Computer Name = richard-win7 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3385

Error - 28/02/2012 6:30:26 PM | Computer Name = richard-win7 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3385

Error - 29/02/2012 4:05:43 AM | Computer Name = richard-win7 | Source = PerfNet | ID = 2005
Description =

[ System Events ]
Error - 19/01/2012 11:22:42 AM | Computer Name = richard-win7 | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 19/01/2012 11:22:51 AM | Computer Name = richard-win7 | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 19/01/2012 11:23:03 AM | Computer Name = richard-win7 | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 19/01/2012 11:25:15 AM | Computer Name = richard-win7 | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 19/01/2012 11:25:15 AM | Computer Name = richard-win7 | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 19/01/2012 11:25:35 AM | Computer Name = richard-win7 | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the dldwCATSCustConnectService
service to connect.

Error - 19/01/2012 11:25:35 AM | Computer Name = richard-win7 | Source = Service Control Manager | ID = 7000
Description = The dldwCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 19/01/2012 11:40:22 AM | Computer Name = richard-win7 | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 19/01/2012 2:13:39 PM | Computer Name = richard-win7 | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 19/01/2012 4:18:21 PM | Computer Name = richard-win7 | Source = atikmdag | ID = 43029
Description = Display is not active


< End of report >


OTL notepad:


OTL logfile created on: 29/02/2012 2:06:41 PM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\richard\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 39.94% Memory free
5.99 Gb Paging File | 3.85 Gb Available in Paging File | 64.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 30.34 Gb Free Space | 27.14% Space Free | Partition Type: NTFS

Computer Name: RICHARD-WIN7 | User Name: richard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/29 14:04:40 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Richard\Downloads\OTL.exe
PRC - [2012/02/20 19:03:12 | 000,359,744 | ---- | M] (MMSOFT Design Ltd.) -- C:\Program Files\PC Monitor\PCMonitorSrv.exe
PRC - [2012/02/20 19:03:04 | 000,121,152 | ---- | M] (MMSOFT Design Ltd.) -- C:\Program Files\PC Monitor\pcmontask.exe
PRC - [2012/01/31 19:58:10 | 000,183,336 | R--- | M] (iS3, Inc.) -- C:\Program Files\STOPzilla!\STOPzilla.exe
PRC - [2012/01/31 19:58:06 | 000,068,648 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/01/12 18:36:06 | 004,453,208 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
PRC - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2012/01/03 13:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/09 15:56:40 | 000,417,112 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
PRC - [2011/08/09 15:38:38 | 000,328,536 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 12:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/10/12 13:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
PRC - [2009/09/23 14:34:04 | 000,073,728 | ---- | M] (Tablet Driver) -- C:\Windows\System32\drivers\WTSrv.exe
PRC - [2009/08/19 18:24:22 | 000,032,768 | ---- | M] (Tablet Driver) -- C:\Windows\System32\WTClient.exe
PRC - [2009/08/18 01:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/18 01:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2008/06/05 04:49:14 | 000,025,840 | ---- | M] () -- C:\Program Files\Dell V505\dldwmsdmon.exe
PRC - [2008/05/16 14:58:18 | 000,595,184 | ---- | M] ( ) -- C:\Windows\System32\dldwcoms.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/28 18:32:26 | 002,091,632 | ---- | M] () -- C:\Users\Richard\AppData\LocalLow\Unity\WebPlayer\mono\3.x.x\mono-1-vc.dll
MOD - [2012/02/28 18:32:06 | 006,810,224 | ---- | M] () -- C:\Users\Richard\AppData\LocalLow\Unity\WebPlayer\player\3.x.x\webplayer_win.dll
MOD - [2012/02/22 16:16:03 | 001,072,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\38f1dee7d3bebfb9bf83898f598ea4c2\System.IdentityModel.ni.dll
MOD - [2012/02/22 16:16:00 | 018,058,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a526845de91a382b6ea05b02eddc6f3e\System.ServiceModel.ni.dll
MOD - [2012/02/22 16:13:05 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\678637ab7a50a87b13c287992ef7fbd8\System.Transactions.ni.dll
MOD - [2012/02/22 16:13:04 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e4f2a7b1e685e937ccefac6ff0a36b27\System.Runtime.DurableInstancing.ni.dll
MOD - [2012/02/22 16:13:03 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\4e6da16e44ef441e463e006185b1b5d8\SMDiagnostics.ni.dll
MOD - [2012/02/22 16:13:02 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\ca261c617636f2ff269d6233b19f97b8\System.Runtime.Serialization.ni.dll
MOD - [2012/02/22 16:12:03 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b9942cb07813f553f6d6374dd4541362\System.Xaml.ni.dll
MOD - [2012/02/21 22:09:27 | 013,138,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\33eae86e0a5d9bcc4d0e4e469e2ac36a\System.Windows.Forms.ni.dll
MOD - [2012/02/21 22:07:21 | 001,653,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2c958d61dd28474ec780db9d18d266ae\System.Drawing.ni.dll
MOD - [2012/02/21 22:04:58 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b7409080f31b0a702281b68c37bac326\System.Core.ni.dll
MOD - [2012/02/21 22:04:56 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\68345d6b57fe33c9a94fe6a72ab5e85e\System.Xml.ni.dll
MOD - [2012/02/21 22:04:26 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\6757251401cd9c17d5e608db6e5f964a\System.Configuration.ni.dll
MOD - [2012/02/21 22:04:13 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\57e066d0b97757dbd26d59302c3d701a\System.ni.dll
MOD - [2012/02/21 22:03:43 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e5b31f3bb6508df0dc7c20ddc72f3191\mscorlib.ni.dll
MOD - [2012/02/21 13:36:11 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/02/21 13:36:01 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/02/21 13:35:30 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/21 13:35:13 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/21 13:35:11 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/02/15 05:03:36 | 000,429,040 | ---- | M] () -- C:\Users\Richard\AppData\Local\Google\Chrome\Application\17.0.963.56\ppgooglenaclpluginchrome.dll
MOD - [2012/02/15 05:03:34 | 003,772,912 | ---- | M] () -- C:\Users\Richard\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
MOD - [2012/02/15 05:02:10 | 000,122,880 | ---- | M] () -- C:\Users\Richard\AppData\Local\Google\Chrome\Application\17.0.963.56\avutil-51.dll
MOD - [2012/02/15 05:02:08 | 000,220,672 | ---- | M] () -- C:\Users\Richard\AppData\Local\Google\Chrome\Application\17.0.963.56\avformat-53.dll
MOD - [2012/02/15 05:02:07 | 001,747,456 | ---- | M] () -- C:\Users\Richard\AppData\Local\Google\Chrome\Application\17.0.963.56\avcodec-53.dll
MOD - [2011/10/15 17:31:52 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/01/21 00:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 19:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/09/24 17:16:14 | 000,200,704 | ---- | M] () -- C:\Windows\System32\WinTab32.dll
MOD - [2008/06/05 04:49:14 | 000,025,840 | ---- | M] () -- C:\Program Files\Dell V505\dldwmsdmon.exe
MOD - [2008/05/19 05:58:10 | 000,036,864 | ---- | M] () -- C:\Program Files\Dell V505\app4r.monitor.core.dll
MOD - [2008/05/19 05:58:10 | 000,028,672 | ---- | M] () -- C:\Program Files\Dell V505\app4r.monitor.common.dll
MOD - [2008/05/19 05:57:11 | 000,065,536 | ---- | M] () -- C:\Program Files\Dell V505\app4r.devmons.mcmdevmon.dll
MOD - [2008/03/25 08:53:10 | 000,012,288 | ---- | M] () -- C:\Program Files\Dell V505\app4r.devmons.mcmdevmon.autoplayutil.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/02/20 19:03:12 | 000,359,744 | ---- | M] (MMSOFT Design Ltd.) [Auto | Running] -- C:\Program Files\PC Monitor\PCMonitorSrv.exe -- (PC Monitor)
SRV - [2012/01/31 19:58:06 | 000,068,648 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2012/01/03 13:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/09 15:38:38 | 000,328,536 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/07/15 14:50:35 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/06/29 14:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2010/01/21 16:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/09/23 14:34:04 | 000,073,728 | ---- | M] (Tablet Driver) [Auto | Running] -- C:\Windows\System32\Drivers\WTSRV.EXE -- (WinTabService)
SRV - [2009/08/18 01:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/16 16:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2008/05/16 14:58:22 | 000,099,568 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\dldwserv.exe -- (dldwCATSCustConnectService)
SRV - [2008/05/16 14:58:18 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dldwcoms.exe -- (dldw_device)
SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2005/11/17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2002/12/17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002/12/17 17:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)


========== Driver Services (SafeList) ==========

DRV - [2012/01/05 18:07:20 | 000,020,336 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2012/01/04 13:06:32 | 000,072,080 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:28 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/26 11:21:00 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2011/09/26 11:21:00 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2011/09/20 14:28:18 | 000,019,792 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2011/09/20 14:28:14 | 000,030,600 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\RegFilter.sys -- (RegFilter)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/10 09:21:12 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011/08/10 09:21:12 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:14 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:12 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/11 01:14:12 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/05/06 13:30:00 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV - [2011/05/06 13:29:50 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV - [2011/03/18 16:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [2010/11/20 12:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 12:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 12:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 10:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 10:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 09:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 09:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 09:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/08/18 02:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/13 23:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 22:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink ™
DRV - [2009/07/13 22:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/06/25 06:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 06:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 06:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/06/22 09:58:46 | 000,019,624 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UCTblHid.sys -- (UCTblHid)
DRV - [2009/06/22 09:58:36 | 000,023,208 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TClass2k.sys -- (TClass2k)
DRV - [2009/06/22 09:58:22 | 000,014,504 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTSimHid.sys -- (PTSimHid)
DRV - [2009/06/22 09:58:06 | 000,023,208 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PTSimBus.sys -- (PTSimBus)
DRV - [1996/04/03 19:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========







IE - HKU\S-1-5-21-4000209584-1616845257-140762378-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-4000209584-1616845257-140762378-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-4000209584-1616845257-140762378-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-4000209584-1616845257-140762378-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4000209584-1616845257-140762378-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-4000209584-1616845257-140762378-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C1 EE 0B 05 C3 40 CC 01 [binary data]
IE - HKU\S-1-5-21-4000209584-1616845257-140762378-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4000209584-1616845257-140762378-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\richard\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\richard\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\richard\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/01 13:40:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.5.0\FF [2011/08/13 21:41:54 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\richard\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\richard\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\richard\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\richard\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\richard\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\richard\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Dead Frontier = C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\dglbaehakkaojfihjkgkpknbjldhhmmn\1.1_0\
CHR - Extension: I Like Privacy. = C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\eaamfbchnmobpdgmbefhbfbkncclnbga\1.0.4_0\
CHR - Extension: Watch TV Online - Clickplayer = C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\flmfboagenlcnkidkjodenlgihdbkipj\6.1_0\
CHR - Extension: AdBlock = C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.19_0\
CHR - Extension: Do Not Track = C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpgaaifcfojgbncceneicipolopapchl\1.6_0\
CHR - Extension: Keep My Opt-Outs = C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.14_0\
CHR - Extension: TiltShiftMaker = C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjofhgnhekhkccpcnnloagmdpafifeo\1.3.2_0\
CHR - Extension: Crackle = C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic\7.1.2_0\
CHR - Extension: AVG Safe Search = C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Cookie Manager = C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbnfbcpkiaganjpcanopcgeoehkleeck\1.0_0\
CHR - Extension: InvisibleHand = C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko\3.6.5_0\
CHR - Extension: Privacy Bird for Chrome = C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lholjjgjmbkmkmbpghgjedpbjajkmddn\1.0_0\
CHR - Extension: BeGone = C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndfpieflbjbdpgklkeolbmbdkfdiicfk\1.2_0\
CHR - Extension: Red Bull TV = C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbalkogcfbpplioohgihkidalmomblfc\1.14_0\
CHR - Extension: Abstract-Blue = C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnacehkknmafkjgkikclamogikoiaaa\1.0_0\

O1 HOSTS File: ([2012/02/23 22:14:46 | 000,000,890 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (ALOT Toolbar Helper) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\BHO\alotBHO.dll (Vertro)
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.5.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (Vertro)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dldwamon] C:\Program Files\Dell V505\dldwamon.exe ()
O4 - HKLM..\Run: [dldwmon.exe] C:\Program Files\Dell V505\dldwmon.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [PC Monitor Operations] C:\Program Files\PC Monitor\pcmontask.exe (MMSOFT Design Ltd.)
O4 - HKLM..\Run: [WTClient] C:\Windows\System32\WTClient.exe (Tablet Driver)
O4 - HKU\S-1-5-21-4000209584-1616845257-140762378-1001..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-4000209584-1616845257-140762378-1001\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-4000209584-1616845257-140762378-1001\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-4000209584-1616845257-140762378-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.151.2 192.168.151.3 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47264DF3-F831-4C7E-A011-5CDC4CEE075B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9D26D7E-A577-442C-A5E6-5C2404BEE4FD}: DhcpNameServer = 192.168.151.2 192.168.151.3 8.8.8.8
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{71a3febe-30a4-11e1-ab39-002219f3c5fc}\Shell - "" = AutoRun
O33 - MountPoints2\{71a3febe-30a4-11e1-ab39-002219f3c5fc}\Shell\AutoRun\command - "" = E:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-4000209584-1616845257-140762378-1001\...exe [@ = exefile] -- Reg Error: Key error. File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: IMFservice - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/02/28 18:35:51 | 000,000,000 | ---D | C] -- C:\Users\richard\AppData\Roaming\Unity
[2012/02/28 18:31:51 | 000,000,000 | ---D | C] -- C:\Users\richard\AppData\Local\Unity
[2012/02/25 19:03:24 | 000,000,000 | ---D | C] -- C:\Users\richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/02/25 19:03:23 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/02/24 14:02:22 | 000,000,000 | ---D | C] -- C:\Users\richard\AppData\Roaming\Malwarebytes
[2012/02/24 14:02:12 | 000,000,000 | ---D | C] -- C:\Program Files\MALWAREBYTES ANTI-MALWARE
[2012/02/24 14:02:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/24 14:02:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/24 14:01:59 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/02/24 14:01:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/21 21:53:19 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2012/02/21 21:38:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla
[2012/02/21 21:38:42 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2012/02/21 21:38:41 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2012/02/21 21:38:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2012/02/21 21:33:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2012/02/21 21:21:03 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
[2012/02/20 08:18:55 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/20 08:18:53 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/20 08:18:53 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/20 08:18:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/20 08:18:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/20 08:18:48 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/19 17:34:18 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/02/19 14:13:00 | 000,000,000 | ---D | C] -- C:\Users\richard\AppData\Local\Microsoft Games
[2012/02/14 11:48:00 | 000,000,000 | ---D | C] -- C:\Users\richard\AppData\Roaming\Epson
[2012/02/14 01:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2012/02/13 16:44:33 | 000,000,000 | ---D | C] -- C:\Users\richard\AppData\Local\ABBYY
[2012/02/13 16:44:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 9.0 Sprint
[2012/02/13 16:42:48 | 000,000,000 | ---D | C] -- C:\Program Files\ABBYY FineReader 9.0 Sprint
[2012/02/13 16:42:48 | 000,000,000 | ---D | C] -- C:\ProgramData\ABBYY
[2012/02/13 16:42:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ABBYY
[2012/02/13 16:40:47 | 000,000,000 | ---D | C] -- C:\ProgramData\UDL
[2012/02/13 16:38:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2012/02/13 16:37:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2012/02/13 16:37:08 | 000,000,000 | ---D | C] -- C:\Users\richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EPSON Software
[2012/02/13 16:37:08 | 000,000,000 | ---D | C] -- C:\Program Files\EPSON Software
[2012/02/13 16:31:00 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2012/02/13 16:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2012/02/13 16:28:44 | 000,341,504 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\System32\esw2ud.dll
[2012/02/13 16:28:44 | 000,132,560 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\System32\esdevapp.exe
[2012/02/13 16:28:44 | 000,012,800 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\System32\escdev.dll
[2012/02/13 16:28:25 | 000,000,000 | ---D | C] -- C:\Program Files\epson
[2012/02/10 19:53:08 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/02/10 19:08:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/02/10 19:07:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/02/07 21:05:57 | 000,000,000 | ---D | C] -- C:\Users\richard\Documents\Magix
[2012/02/06 16:34:41 | 000,000,000 | ---D | C] -- C:\Users\richard\AppData\Local\Diagnostics
[2012/01/31 19:58:00 | 000,547,880 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZComp5.dll
[2012/01/31 19:58:00 | 000,482,344 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZBase5.dll
[2012/01/31 19:58:00 | 000,134,184 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3HTUI5.dll
[2012/01/31 19:58:00 | 000,024,616 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZIO5.dll
[2012/01/31 19:57:58 | 000,457,768 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3DBA5.dll
[2012/01/31 19:57:58 | 000,392,232 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3UI5.dll
[2012/01/31 19:57:58 | 000,105,512 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Inet5.dll
[2012/01/31 19:57:58 | 000,101,416 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Svc5.dll
[2012/01/31 19:57:58 | 000,068,648 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Hks5.dll
[2012/01/31 19:57:58 | 000,030,248 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3XDat5.dll
[2012/01/31 19:57:56 | 000,810,024 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Base5.dll
[2012/01/31 19:57:56 | 000,232,488 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Win325.dll
[2012/01/30 16:51:02 | 000,000,000 | ---D | C] -- C:\logs
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/29 13:48:05 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4000209584-1616845257-140762378-1001Core.job
[2012/02/29 13:43:44 | 090,357,955 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/02/29 13:38:07 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4000209584-1616845257-140762378-1001UA.job
[2012/02/29 13:37:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/29 08:16:47 | 000,015,328 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/29 08:16:47 | 000,015,328 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/29 08:05:01 | 2411,876,352 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/28 18:34:01 | 000,582,597 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/02/26 18:33:20 | 000,000,000 | ---- | M] () -- C:\Users\richard\defogger_reenable
[2012/02/25 19:03:24 | 000,002,973 | ---- | M] () -- C:\Users\richard\Desktop\HiJackThis.lnk
[2012/02/24 14:02:03 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/23 23:00:01 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\Regwork.job
[2012/02/21 21:59:05 | 000,673,198 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/21 21:59:05 | 000,129,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/21 21:53:20 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2012/02/21 21:33:00 | 000,001,135 | ---- | M] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2012/02/21 13:33:12 | 003,765,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/19 22:34:54 | 000,000,000 | ---- | M] () -- C:\Windows\EEventManager.INI
[2012/02/19 17:38:22 | 000,002,415 | ---- | M] () -- C:\Users\richard\Desktop\Google Chrome.lnk
[2012/02/14 23:01:31 | 000,188,764 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2012/02/14 01:25:17 | 000,000,969 | ---- | M] () -- C:\Users\richard\Desktop\SpeedFan.lnk
[2012/02/14 01:25:16 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2012/02/13 16:39:56 | 000,000,308 | ---- | M] () -- C:\Windows\setup.iss
[2012/02/10 19:55:29 | 000,005,428 | ---- | M] () -- C:\Users\richard\Documents\cc_20120210_195516.reg
[2012/02/10 19:53:11 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/02/10 19:08:20 | 000,001,757 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/10 18:36:35 | 000,621,656 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2012/02/06 21:53:53 | 000,629,521 | ---- | M] () -- C:\Users\richard\Desktop\Report (3).pdf
[2012/02/01 13:40:57 | 000,000,939 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/01/31 19:58:00 | 000,547,880 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZComp5.dll
[2012/01/31 19:58:00 | 000,482,344 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZBase5.dll
[2012/01/31 19:58:00 | 000,134,184 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3HTUI5.dll
[2012/01/31 19:58:00 | 000,024,616 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZIO5.dll
[2012/01/31 19:57:58 | 000,457,768 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3DBA5.dll
[2012/01/31 19:57:58 | 000,392,232 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3UI5.dll
[2012/01/31 19:57:58 | 000,105,512 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Inet5.dll
[2012/01/31 19:57:58 | 000,101,416 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Svc5.dll
[2012/01/31 19:57:58 | 000,068,648 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Hks5.dll
[2012/01/31 19:57:58 | 000,030,248 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3XDat5.dll
[2012/01/31 19:57:56 | 000,810,024 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Base5.dll
[2012/01/31 19:57:56 | 000,232,488 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Win325.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/26 18:33:20 | 000,000,000 | ---- | C] () -- C:\Users\richard\defogger_reenable
[2012/02/25 19:03:24 | 000,002,973 | ---- | C] () -- C:\Users\richard\Desktop\HiJackThis.lnk
[2012/02/24 14:02:03 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/21 21:33:00 | 000,001,135 | ---- | C] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2012/02/19 22:34:54 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2012/02/14 01:25:17 | 000,000,969 | ---- | C] () -- C:\Users\richard\Desktop\SpeedFan.lnk
[2012/02/14 01:25:15 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo
[2012/02/13 16:39:55 | 000,000,308 | ---- | C] () -- C:\Windows\setup.iss
[2012/02/10 19:55:18 | 000,005,428 | ---- | C] () -- C:\Users\richard\Documents\cc_20120210_195516.reg
[2012/02/10 19:53:11 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/02/10 19:08:20 | 000,001,757 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/06 21:53:50 | 000,629,521 | ---- | C] () -- C:\Users\richard\Desktop\Report (3).pdf
[2012/01/29 21:06:36 | 000,004,608 | ---- | C] () -- C:\Users\richard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/30 20:14:44 | 000,200,704 | ---- | C] () -- C:\Windows\System32\WinTab32.dll
[2011/12/30 20:14:44 | 000,056,320 | ---- | C] () -- C:\Windows\System32\UCMfg.exe
[2011/12/30 20:14:44 | 000,010,240 | ---- | C] () -- C:\Windows\System32\ucinst32.dll
[2011/12/30 20:14:43 | 000,335,872 | ---- | C] () -- C:\Windows\SetupX32.EXE
[2011/12/30 20:14:43 | 000,212,992 | ---- | C] () -- C:\Windows\System32\HCCall.exe
[2011/12/30 20:14:43 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lhtool.exe
[2011/12/19 17:20:05 | 000,360,448 | ---- | C] () -- C:\Windows\System32\dldwcoin.dll
[2011/12/19 17:05:19 | 000,352,256 | ---- | C] () -- C:\Windows\System32\DLDWwupd.dll
[2011/12/19 17:05:19 | 000,017,648 | ---- | C] () -- C:\Windows\System32\DLDWwupd.exe
[2011/12/19 17:03:58 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\DLDWhcp.dll
[2011/12/19 17:03:58 | 000,389,120 | ---- | C] () -- C:\Windows\System32\DLDWinst.dll
[2011/12/19 17:03:57 | 000,520,192 | ---- | C] () -- C:\Windows\System32\dldwutil.dll
[2011/12/19 17:03:57 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\dldwinpa.dll
[2011/12/19 17:03:57 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\dldwiesc.dll
[2011/12/19 17:03:56 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\dldwserv.dll
[2011/12/19 17:03:56 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\dldwusb1.dll
[2011/12/19 17:03:55 | 000,651,264 | ---- | C] ( ) -- C:\Windows\System32\dldwpmui.dll
[2011/12/19 17:03:55 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\dldwlmpm.dll
[2011/12/19 17:03:55 | 000,147,456 | ---- | C] () -- C:\Windows\System32\dldwjswr.dll
[2011/12/19 17:03:54 | 000,679,936 | ---- | C] ( ) -- C:\Windows\System32\dldwhbn3.dll
[2011/12/19 17:03:54 | 000,328,944 | ---- | C] ( ) -- C:\Windows\System32\dldwih.exe
[2011/12/19 17:03:54 | 000,180,224 | ---- | C] () -- C:\Windows\System32\dldwinsb.dll
[2011/12/19 17:03:54 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldwins.dll
[2011/12/19 17:03:54 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dldwinsr.dll
[2011/12/19 17:03:52 | 000,208,896 | ---- | C] () -- C:\Windows\System32\dldwgrd.dll
[2011/12/19 17:03:52 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dldwcub.dll
[2011/12/19 17:03:51 | 000,765,952 | ---- | C] ( ) -- C:\Windows\System32\dldwcomc.dll
[2011/12/19 17:03:51 | 000,595,184 | ---- | C] ( ) -- C:\Windows\System32\dldwcoms.exe
[2011/12/19 17:03:51 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\dldwcomm.dll
[2011/12/19 17:03:51 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dldwcu.dll
[2011/12/19 17:03:51 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dldwcur.dll
[2011/12/19 17:03:50 | 000,369,904 | ---- | C] ( ) -- C:\Windows\System32\dldwcfg.exe
[2011/12/19 17:03:50 | 000,077,906 | ---- | C] () -- C:\Windows\System32\DLDWcfg.dll
[2011/12/02 15:15:07 | 000,188,764 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/11/02 16:13:19 | 000,000,000 | ---- | C] () -- C:\Windows\iplayer.INI
[2011/09/18 15:25:35 | 000,747,592 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2011/09/18 15:25:34 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2011/09/18 15:25:34 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2011/07/29 20:06:59 | 000,000,475 | ---- | C] () -- C:\Windows\BeatBox.INI
[2011/07/27 20:24:15 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI
[2011/07/27 20:23:15 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2011/07/27 20:22:14 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2011/07/27 20:19:37 | 000,005,937 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2011/07/26 13:08:06 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/07/26 13:06:19 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/07/12 19:17:30 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2011/07/12 18:24:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2010/11/20 12:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/26 05:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

< MD5 for: WININIT.EXE >
[2009/07/14 01:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 01:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 12:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 12:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

< End of report >

Hi,

does this happen with all browsers or just with specific ones? Does it happen on all sites? When did you first notice and did you isntall something before it started appearing?

regards myrti

Hey,
I'm sorry but I cant really shed much light on whether browsers help or not. For some reason I'ts not cropping up anywhere today so I cant really tell.
I doubt its gone however its just some websites dont have it- most major ones dont which makes me wonder is it a script that only some websites allow to run for a bit of money on the side (kind of like adverts) ? Because as I said I have never seen it on, say, Facebook or Wikipedia.
Well I have had the internet corkboard (thats how it shows up) bug since about a year ago or so but that seemed to go at some point (I have had a new hard-drive since then so that may have fixed it though I thought it went before then)and I have had this monstermarketplace thing for I would say about... a month or so? Maybe 2 or 3 weeks at least. Hard to say as I kind of took it for granted that that turns up on some websites it was only when I went on a website and was presented with more blue underlined links than actual text that I thought this is getting a bit ridiculous!
I dont remember installing anything new... perhaps a google add on or two but thats about it. Have had some possibly dodgy stuff put in on a memory stick (programs I dont really know the origins of etc) that could have caused it and they were given to me around a month ago so that could be a possibility though i am assured they are safe- have also removed from hard drive completely now so I doubt it was that if I am honest.

Hi,

if it is only on some websites it's probably the site using it for advertisement revenue and no infection on your PC.

For a guide on how to block said ads see here: http://www.whatthetech.com/2010/09/15/how-to-disable-vibrant-ads/

regards myrti

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.