Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Malware Infection

  • 29-05-2012 10:54am
    #1
    Registered Users, Registered Users 2 Posts: 2,922 ✭✭✭


    Hi guys,

    Think I have some sort of virus that is confusing my antivirus. I'm in work at the moment so don't have all details to hand. Will clarify any points tonight.

    I switched on the pc last night and eset nod32 gave an error something along the lines that it's installation had been compromised due to malware (something like that anyway). it says to uninstall and then reinstall eset.

    So I did this along with installing AVG and spybot. I also ran a non-install malware fixer called combofix. I think combofix picked up and quarantied some stuff.

    Running the proper antivirus stuff now shows the pc is clean however I'm not fully convinced it is.

    When I start the pc and logon i get two error messages saying that two different .dll files failed to startup. (Will confirm exact errors but I believe they are expected to be found folder AppDir)

    When i check the combofix quarantine folder those two files are there. So my guess is they have been identified as infected but are still being invoked on startup. So i think something is still possibly hidden requesting those files to startup.

    There is another file that combofix quarantined as well jna(followed by heap of numbers).dll (i think) e.g jna675412567893.dll

    Everytime I logon a new jna(follwed by heap of new numbers).dll is created Think in AppDir also.

    So, what should my next steps be? I subsequently was able to install Nod32 again and that error isn't showing but my suspicions are still roused.

    Any advice greatly appreciated.

    Edit: also installed and ran malware bytes. It shows as clear too.


Comments

  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    can you post the combofix log, it should be at C:\combofix.txt


  • Registered Users, Registered Users 2 Posts: 2,922 ✭✭✭TechnoFreek


    ASJ112 wrote: »
    can you post the combofix log, it should be at C:\combofix.txt

    Yup, will post it this evening when I get home. Combofix (i think) created a second folder with a log in it. Folder is called Qoobox.


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    you can post that too

    also fully uninstall one of those two anti-viruses, AVG/Avast, not good for your PC to have both on there even if one is messed up.


  • Registered Users, Registered Users 2 Posts: 2,922 ✭✭✭TechnoFreek


    http://pastebin.com/Sr5M5cZW

    and quarantined files
    http://pastebin.com/f63PWqdu

    the two error messages that popup on logon

    http://i631.photobucket.com/albums/uu39/TechnoFreek1/errors.jpg

    thanks in advance


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    can you post these logs here rather than attach them, easier for me


    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Quick Scan button. Do not change any settings. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files here


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 2,922 ✭✭✭TechnoFreek


    OTL Extras logfile created on: 29/05/2012 20:05:03 - Run 1
    OTL by OldTimer - Version 3.2.44.0 Folder = D:\
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    4.00 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 45.88% Memory free
    7.99 Gb Paging File | 5.48 Gb Available in Paging File | 68.56% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.76 Gb Total Space | 139.15 Gb Free Space | 29.88% Space Free | Partition Type: NTFS
    Drive D: | 465.76 Gb Total Space | 72.76 Gb Free Space | 15.62% Space Free | Partition Type: NTFS
    Drive F: | 1863.01 Gb Total Space | 199.76 Gb Free Space | 10.72% Space Free | Partition Type: NTFS

    Computer Name: DAMIEN-PC | User Name: Damien | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl[@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html[@ = ChromeHTML] -- Reg Error: Key error. File not found
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{5B562A83-E2BF-4AE3-9CCB-36D65736E78E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{D4C76578-A82E-45A5-966D-D07628872032}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{04F80196-A97D-4102-81F6-D31565A9D0D1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{29F78CC8-AFDB-45C0-92B7-A219B4C3105E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{8C4D9DB2-2E5D-4A47-8C6C-B55BC4E0B2BD}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A79F507D-C168-4EC5-B662-59F0FCAEFF7B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F8C0426D-4A90-4624-A39A-B0EF5337A6B3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{F9B8D148-7B1F-41D8-952B-2B6D9DEA247C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "TCP Query User{E59BCB18-F5C5-4FE1-8A8E-8FE6D19FF43B}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
    "UDP Query User{AF8178C5-2BAA-41E9-AB6C-9B9A61DB0223}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java(TM) 6 Update 29 (64-bit)
    "{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
    "{2CDD9D22-AD67-4588-93AD-147C979F6E7C}" = AVG 2012
    "{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
    "{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{857B32C1-7C87-40B5-B2A5-D06F49B80002}" = AVG 2012
    "{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
    "{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
    "{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
    "{C43C57C2-092C-4BB2-9371-C7342EF0CBA5}" = AVG 2012
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240CD}" = WinZip 16.0
    "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
    "{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
    "AVG" = AVG 2012
    "ComicRack" = ComicRack v0.9.151
    "EPSON SX410 Series" = EPSON SX410 Series Printer Uninstall
    "KLiteCodecPack64_is1" = K-Lite Codec Pack 6.3.0 (64-bit)
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
    "Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "WinRAR archiver" = WinRAR 4.01 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
    "{04BCB992-A9E6-427D-BC66-E92BB76BE97A}" = WD Discovery Software
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
    "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
    "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
    "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
    "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
    "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 24
    "{26A24AE4-039D-4CA4-87B4-2F83217002FF}" = Java(TM) 7 Update 2
    "{28773E11-6E44-46DC-90BD-273A3FA2CAC1}" = Adobe Setup
    "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
    "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = USB2.0 UVC Camera
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
    "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
    "{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
    "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
    "{49CC1A6A-3A1A-4EE7-913F-8106B51B59D1}" = Paragon Partition Manager 8.5 Professional
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A423411-E28A-4A13-BDB0-8E8BC42FFA29}" = HTC Sync
    "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
    "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
    "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
    "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
    "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{879E1A85-4B17-48CF-8D73-6CC09F46497E}_is1" = Connon Fodder 3 version 1.0
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90190409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Publisher 2003
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0E7A72E-FEFF-47BA-B893-1697CCAE5FE2}" = calibre
    "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
    "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
    "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
    "{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D47087E7-AA15-4D1D-8C0A-60F7E446D597}" = PSP ISO Compressor
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
    "{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe_ccb135070a90ff24d6e7cc4bc5a59cb" = Adobe Fireworks CS4
    "Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
    "Ashampoo Burning Studio 11_is1" = Ashampoo Burning Studio 11 v.11.0.4
    "AviSynth" = AviSynth 2.5
    "clrmamepro" = clrmamepro
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "CrossLoop_is1" = CrossLoop 2.70
    "dBpoweramp DSP Effects" = dBpoweramp DSP Effects
    "dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec
    "dBpoweramp m4a Codec" = dBpoweramp m4a Codec
    "dBpoweramp Midi Decoder" = dBpoweramp Midi Decoder
    "dBpoweramp Monkeys Audio Codec" = dBpoweramp Monkeys Audio Codec
    "dBpoweramp Musepack Codec" = dBpoweramp Musepack Codec
    "dBpoweramp Music Converter" = dBpoweramp Music Converter
    "dBpoweramp Music Converter_is1" = dBpoweramp Music Converter Power Pack 14
    "dBpoweramp Ogg Vorbis Codec" = dBpoweramp Ogg Vorbis Codec
    "dBPowerAMP Real Audio (Helix) Encoder" = dBPowerAMP Real Audio (Helix) Encoder
    "dBpoweramp Shorten Codec" = dBpoweramp Shorten Codec
    "dBpoweramp WavPack Codec" = dBpoweramp WavPack Codec
    "dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec
    "DivX Setup" = DivX Setup
    "DVD Decrypter" = DVD Decrypter (Remove Only)
    "Epson Stylus SX210_SX410_TX210_TX410 User’s Guide" = Epson Stylus SX210_SX410_TX210_TX410 Manual
    "Exact Audio Copy" = Exact Audio Copy 0.99pb5
    "EZ Vinyl/Tape Converter by MixMeister_is1" = EZ Vinyl/Tape Converter 4.1 by MixMeister
    "Finale NotePad 2010" = Finale NotePad 2010
    "FLAC" = FLAC 1.2.1b (remove only)
    "ImgBurn" = ImgBurn
    "Internet Download Manager" = Internet Download Manager
    "JDownloader" = JDownloader
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "MiPony" = MiPony 1.6.1
    "MKVtoolnix" = MKVToolNix 5.5.0
    "Mozilla Firefox (4.0b4)" = Mozilla Firefox (4.0b4)
    "Mozilla Firefox 12.0 (x86 en-GB)" = Mozilla Firefox 12.0 (x86 en-GB)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Open Codecs" = Xiph.Org Open Codecs 0.85.17777
    "PC Auto Shutdown_is1" = PC Auto Shutdown 3.8
    "PS3 Media Server" = PS3 Media Server
    "Soulseek2" = SoulSeek 157 NS 13e
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 1.1.9
    "WD Link" = WD Link
    "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
    "WinLiveSuite" = Windows Live Essentials
    "WinPcapInst" = WinPcap 4.1.2
    "WM Capture" = WM Capture
    "Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Draw 4 App" = Draw 4 App
    "FileZilla Client" = FileZilla Client 3.5.3

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 09/04/2011 10:21:06 | Computer Name = Damien-PC | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 09/04/2011 10:36:23 | Computer Name = Damien-PC | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 09/04/2011 17:21:36 | Computer Name = Damien-PC | Source = Application Hang | ID = 1002
    Description = The program wmplayer.exe version 12.0.7601.17514 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 1560 Start
    Time: 01cbf6fb9b17fa70 Termination Time: 10 Application Path: C:\Program Files (x86)\Windows
    Media Player\wmplayer.exe Report Id: 577db51d-62ef-11e0-b7f8-00e06106c558

    Error - 09/04/2011 17:21:54 | Computer Name = Damien-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: wmpnetwk.exe, version: 12.0.7601.17514,
    time stamp: 0x4ce7ae7f Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514,
    time stamp: 0x4ce7c78c Exception code: 0x0000046b Fault offset: 0x000000000000a49d
    Faulting
    process id: 0x9bc Faulting application start time: 0x01cbf6c38e3b1ac3 Faulting application
    path: C:\Program Files\Windows Media Player\wmpnetwk.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
    Report
    Id: 63d893dc-62ef-11e0-b7f8-00e06106c558

    Error - 10/04/2011 04:25:55 | Computer Name = Damien-PC | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 10/04/2011 09:04:31 | Computer Name = Damien-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Adobe
    Fireworks CS4\Configuration\Win\Shared\AdobeAIR\SDK\runtime\Adobe AIR\Versions\1.0\Adobe
    AIR.dll".Error in manifest or policy file "C:\Program Files (x86)\Adobe\Adobe Fireworks
    CS4\Configuration\Win\Shared\AdobeAIR\SDK\runtime\Adobe AIR\Versions\1.0\Adobe
    AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
    of attribute "version" in element "assemblyIdentity" is invalid.

    Error - 10/04/2011 09:04:57 | Computer Name = Damien-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files (x86)\Nokia\Nokia
    PC Suite 7\TIS_Windows7PIM.dll". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 10/04/2011 10:08:24 | Computer Name = Damien-PC | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 10/04/2011 11:14:57 | Computer Name = Damien-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17514,
    time stamp: 0x4ce7a144 Faulting module name: msieftp.dll, version: 6.1.7601.17514,
    time stamp: 0x4ce7c806 Exception code: 0xc0000005 Fault offset: 0x0000000000018b90
    Faulting
    process id: 0x91c Faulting application start time: 0x01cbf758edf35142 Faulting application
    path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\system32\msieftp.dll
    Report
    Id: 4b341f80-6385-11e0-b561-00e06106c558

    Error - 10/04/2011 16:06:03 | Computer Name = Damien-PC | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    [ Media Center Events ]
    Error - 07/01/2010 11:54:16 | Computer Name = Damien-PC | Source = MCUpdate | ID = 0
    Description = 15:54:16 - Error connecting to the internet. 15:54:16 - Unable
    to contact server..

    Error - 07/01/2010 11:55:09 | Computer Name = Damien-PC | Source = MCUpdate | ID = 0
    Description = 15:55:00 - Error connecting to the internet. 15:55:00 - Unable
    to contact server..

    Error - 07/01/2010 12:59:33 | Computer Name = Damien-PC | Source = MCUpdate | ID = 0
    Description = 16:59:33 - Failed to retrieve Directory (Error: Unable to connect
    to the remote server)

    Error - 07/01/2010 13:00:17 | Computer Name = Damien-PC | Source = MCUpdate | ID = 0
    Description = 17:00:16 - Error connecting to the internet. 17:00:16 - Unable
    to contact server..

    Error - 08/01/2010 17:26:34 | Computer Name = Damien-PC | Source = MCUpdate | ID = 0
    Description = 21:26:34 - Error connecting to the internet. 21:26:34 - Unable
    to contact server..

    Error - 08/01/2010 17:27:23 | Computer Name = Damien-PC | Source = MCUpdate | ID = 0
    Description = 21:27:18 - Error connecting to the internet. 21:27:18 - Unable
    to contact server..

    Error - 11/01/2010 15:23:58 | Computer Name = Damien-PC | Source = MCUpdate | ID = 0
    Description = 19:23:57 - Error connecting to the internet. 19:23:58 - Unable
    to contact server..

    Error - 11/01/2010 15:24:31 | Computer Name = Damien-PC | Source = MCUpdate | ID = 0
    Description = 19:24:27 - Error connecting to the internet. 19:24:27 - Unable
    to contact server..

    Error - 17/01/2010 17:43:52 | Computer Name = Damien-PC | Source = MCUpdate | ID = 0
    Description = 21:43:52 - Error connecting to the internet. 21:43:52 - Unable
    to contact server..

    Error - 17/01/2010 17:44:02 | Computer Name = Damien-PC | Source = MCUpdate | ID = 0
    Description = 21:43:57 - Error connecting to the internet. 21:43:57 - Unable
    to contact server..

    [ System Events ]
    Error - 28/05/2012 17:35:28 | Computer Name = Damien-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 28/05/2012 17:35:29 | Computer Name = Damien-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 28/05/2012 17:36:13 | Computer Name = Damien-PC | Source = DCOM | ID = 10005
    Description =

    Error - 28/05/2012 17:38:57 | Computer Name = Damien-PC | Source = DCOM | ID = 10005
    Description =

    Error - 28/05/2012 17:42:55 | Computer Name = Damien-PC | Source = Service Control Manager | ID = 7024
    Description = The Apache2.2 service terminated with service-specific error %%1.

    Error - 28/05/2012 17:42:56 | Computer Name = Damien-PC | Source = Service Control Manager | ID = 7023
    Description = The Windows Defender service terminated with the following error:
    %%126

    Error - 28/05/2012 17:56:40 | Computer Name = Damien-PC | Source = Service Control Manager | ID = 7024
    Description = The Apache2.2 service terminated with service-specific error %%1.

    Error - 28/05/2012 17:56:41 | Computer Name = Damien-PC | Source = Service Control Manager | ID = 7023
    Description = The Windows Defender service terminated with the following error:
    %%126

    Error - 29/05/2012 14:08:35 | Computer Name = Damien-PC | Source = Service Control Manager | ID = 7024
    Description = The Apache2.2 service terminated with service-specific error %%1.

    Error - 29/05/2012 14:08:36 | Computer Name = Damien-PC | Source = Service Control Manager | ID = 7023
    Description = The Windows Defender service terminated with the following error:
    %%126


    < End of report >


  • Registered Users, Registered Users 2 Posts: 2,922 ✭✭✭TechnoFreek


    OTL logfile created on: 29/05/2012 20:05:03 - Run 1
    OTL by OldTimer - Version 3.2.44.0 Folder = D:\
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    4.00 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 45.88% Memory free
    7.99 Gb Paging File | 5.48 Gb Available in Paging File | 68.56% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.76 Gb Total Space | 139.15 Gb Free Space | 29.88% Space Free | Partition Type: NTFS
    Drive D: | 465.76 Gb Total Space | 72.76 Gb Free Space | 15.62% Space Free | Partition Type: NTFS
    Drive F: | 1863.01 Gb Total Space | 199.76 Gb Free Space | 10.72% Space Free | Partition Type: NTFS

    Computer Name: DAMIEN-PC | User Name: Damien | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/05/29 19:57:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
    PRC - [2012/05/28 19:32:42 | 000,935,480 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
    PRC - [2012/05/28 19:32:41 | 001,104,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
    PRC - [2012/05/03 20:08:25 | 003,487,128 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
    PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
    PRC - [2012/04/27 21:36:26 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    PRC - [2012/04/01 17:04:00 | 000,634,880 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    PRC - [2012/03/23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    PRC - [2012/02/04 18:08:06 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Java\jre7\bin\javaw.exe
    PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    PRC - [2011/05/21 07:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    PRC - [2010/04/01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    PRC - [2009/12/20 01:00:00 | 006,095,504 | ---- | M] (MySQL AB) -- C:\XAMPP\xampp\mysql\bin\mysqld.exe
    PRC - [2009/12/16 19:01:26 | 000,086,016 | ---- | M] () -- C:\Users\Damien\AppData\Local\CrossLoop\CrossLoopService.exe
    PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2007/12/17 01:09:02 | 000,461,928 | ---- | M] (GoldSolution Software, Inc.) -- C:\Program Files (x86)\PC Auto Shutdown\ShutdownService.exe
    PRC - [2007/07/11 16:31:14 | 000,569,344 | ---- | M] (Sonix) -- C:\Windows\vsnp2uvc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/05/28 19:32:42 | 000,132,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll
    MOD - [2012/05/28 19:32:41 | 001,104,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
    MOD - [2012/05/10 13:32:47 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\7bc1e5196772dfcdc597401cc08098c8\System.Data.ni.dll
    MOD - [2012/05/10 13:31:58 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
    MOD - [2012/05/10 13:31:55 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
    MOD - [2012/05/10 13:31:54 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012/05/10 13:31:44 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2012/05/04 23:45:43 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    MOD - [2012/04/27 21:36:25 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2012/04/01 17:04:00 | 001,515,520 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll
    MOD - [2012/04/01 17:04:00 | 000,634,880 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    MOD - [2012/04/01 17:04:00 | 000,559,244 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll
    MOD - [2012/04/01 17:04:00 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
    MOD - [2012/04/01 17:04:00 | 000,385,024 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetect.dll
    MOD - [2012/04/01 17:04:00 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
    MOD - [2012/04/01 17:04:00 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
    MOD - [2012/04/01 17:04:00 | 000,103,936 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll
    MOD - [2012/04/01 17:04:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
    MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
    MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    MOD - [2010/11/05 02:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2010/11/20 14:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
    SRV:64bit: - [2010/02/20 17:36:23 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
    SRV:64bit: - [2009/07/14 02:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
    SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2007/05/25 10:38:54 | 000,567,216 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdccoms.exe -- (lxdc_device)
    SRV - [2012/05/28 19:32:42 | 000,935,480 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0)
    SRV - [2012/05/04 23:45:43 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2012/04/27 21:36:27 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/03/23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
    SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
    SRV - [2011/05/21 07:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
    SRV - [2011/05/17 08:27:48 | 000,366,872 | ---- | M] (Tanuki Software, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe -- (PS3 Media Server)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/20 17:36:14 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009/12/20 01:00:00 | 006,095,504 | ---- | M] (MySQL AB) [Auto | Running] -- C:\XAMPP\xampp\mysql\bin\mysqld.exe -- (MySQL)
    SRV - [2009/12/20 01:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- C:\XAMPP\xampp\apache\bin\httpd.exe -- (Apache2.2)
    SRV - [2009/12/16 19:01:26 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Users\Damien\AppData\Local\CrossLoop\CrossLoopService.exe -- (CrossLoopService)
    SRV - [2009/12/06 22:12:48 | 001,590,216 | ---- | M] (UltraVNC) [On_Demand | Stopped] -- C:\Users\Damien\AppData\Local\CrossLoop\winvnc.exe -- (uvnc_service)
    SRV - [2009/07/14 02:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
    SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/06/10 21:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
    SRV - [2007/12/17 23:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
    SRV - [2007/12/17 01:09:02 | 000,461,928 | ---- | M] (GoldSolution Software, Inc.) [Auto | Running] -- C:\Program Files (x86)\PC Auto Shutdown\ShutdownService.exe -- (PCAutoShutdown_Service)
    SRV - [2007/01/11 23:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/04/23 12:26:26 | 000,154,272 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
    DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
    DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
    DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
    DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
    DRV:64bit: - [2011/08/17 10:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
    DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/05/18 09:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
    DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/04/13 15:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
    DRV:64bit: - [2011/02/18 07:20:34 | 000,056,160 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\busenum.sys -- (busenum)
    DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 14:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 14:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2010/11/20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
    DRV:64bit: - [2010/11/20 10:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
    DRV:64bit: - [2010/09/13 16:28:00 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
    DRV:64bit: - [2010/07/17 00:39:59 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
    DRV:64bit: - [2010/06/25 17:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
    DRV:64bit: - [2009/11/04 17:59:36 | 000,133,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
    DRV:64bit: - [2009/11/04 17:59:36 | 000,117,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV:64bit: - [2009/11/04 17:59:36 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbfake.sys -- (hwusbfake)
    DRV:64bit: - [2009/10/30 15:56:17 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2009/10/26 16:54:22 | 000,032,768 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
    DRV:64bit: - [2009/09/04 18:08:16 | 000,019,912 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
    DRV:64bit: - [2009/09/04 18:08:12 | 000,013,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
    DRV:64bit: - [2009/07/25 00:21:14 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vncmirror.sys -- (vncmirror)
    DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 02:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
    DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/14 00:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
    DRV:64bit: - [2009/06/10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2008/06/27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
    DRV:64bit: - [2007/03/22 20:56:52 | 000,036,248 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Ultra.sys -- (Ultra)
    DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2465030

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-IE
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A8 36 3A 07 E3 02 CD 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{81AF55AF-8BBE-45C0-8FE1-419B4CD5DD74}: "URL" = http://www.google.ie/search?hl=en&source=hp&q={searchTerms}&meta=&aq=f&oq=&aqi=g10
    IE - HKCU\..\SearchScopes\{84D6C944-C745-4D47-82F2-F25EBC3D2B07}: "URL" = http://www.google.ie/search?hl=en&source=hp&q={searchTerms}&meta=&aq=f&oq=&aqi=g10
    IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={756A08A0-1B97-48C5-BCB1-6E6760A2770A}&mid=9a7cd636cb61495e95cb5c580b75d976-9a17500a96d428a5cdb8b2643968b9a928fc107f&lang=en&ds=AVG&pr=fr&d=2012-05-28 19:32:43&v=11.1.0.7&sap=dsp&q={searchTerms}
    IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2465030
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:7.2.6
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid={faf64172-b3b1-498f-80f5-a691a705a045}&amp;mid=9a7cd636cb61495e95cb5c580b75d976-9a17500a96d428a5cdb8b2643968b9a928fc107f&amp;ds=AVG&amp;v=11.1.0.7&amp;lang=en&amp;pr=fr&amp;d=2012-05-28 19:32:43&amp;sap=ku&amp;q=&quot;
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll File not found

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/26 12:29:39 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/05/29 19:20:46 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/28 19:30:39 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012/05/28 19:32:52 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/27 21:36:39 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/10 19:31:41 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b4\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 4\components [2011/12/26 12:04:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 4\plugins [2012/04/10 19:31:41 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Damien\AppData\Roaming\IDM\idmmzcc5 [2012/05/05 11:23:05 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{C298387A-A7DF-11E1-8270-B8AC6F996F26}: C:\Users\Damien\AppData\Local\{C298387A-A7DF-11E1-8270-B8AC6F996F26}\ [2012/05/27 10:39:32 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Damien\AppData\Roaming\IDM\idmmzcc5 [2012/05/05 11:23:05 | 000,000,000 | ---D | M]

    [2009/10/30 15:55:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Damien\AppData\Roaming\Mozilla\Extensions
    [2012/05/26 10:59:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Damien\AppData\Roaming\Mozilla\Firefox\Profiles\5e3vplax.default\extensions
    [2012/04/24 20:47:24 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Damien\AppData\Roaming\Mozilla\Firefox\Profiles\5e3vplax.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
    [2012/05/18 18:29:12 | 000,000,000 | ---D | M] (IDM CC) -- C:\Users\Damien\AppData\Roaming\Mozilla\Firefox\Profiles\5e3vplax.default\extensions\mozilla_cc@internetdownloadmanager.com
    [2011/12/02 15:44:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/12/02 15:44:54 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/05/28 19:30:39 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK
    [2012/05/29 19:20:46 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4
    [2011/12/26 12:29:39 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
    [2012/05/28 19:32:52 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.7
    [2012/05/27 10:39:32 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\DAMIEN\APPDATA\LOCAL\{C298387A-A7DF-11E1-8270-B8AC6F996F26}
    [2012/05/26 10:59:15 | 000,336,363 | ---- | M] () (No name found) -- C:\USERS\DAMIEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5E3VPLAX.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
    [2012/05/15 20:11:18 | 000,006,578 | ---- | M] () (No name found) -- C:\USERS\DAMIEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5E3VPLAX.DEFAULT\EXTENSIONS\SUPPORT@RPNET.BIZ.XPI
    [2012/04/27 21:36:27 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/04/27 21:36:23 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2012/05/28 19:32:41 | 000,003,747 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
    [2011/11/11 11:35:24 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/04/27 21:36:23 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2012/04/27 21:36:23 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2012/04/27 21:36:27 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
    [2012/04/27 21:36:23 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

    ========== Chrome ==========


    O1 HOSTS File: ([2012/05/28 21:03:23 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
    O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
    O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
    O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [brmsyl] rundll32.exe "C:\Users\Damien\AppData\Local\Temp\brmsyl.dll",IsConvertImagesDialogShowed File not found
    O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [unapls] rundll32.exe "C:\Users\Damien\AppData\Local\Temp\unapls.dll",QuaternionLn File not found
    O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
    O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)
    O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
    O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - Startup: C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMS - Shortcut.lnk = C:\Program Files (x86)\PS3 Media Server\PMS.exe (A. Brochard)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
    O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
    O8:64bit: - Extra context menu item: Download with Mipony - C:\Program Files (x86)\MiPony\Browser\IEContext.htm ()
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
    O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
    O8 - Extra context menu item: Download with Mipony - C:\Program Files (x86)\MiPony\Browser\IEContext.htm ()
    O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
    O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0DC95331-7737-4BA6-BAC0-15FF8AAAB442}: NameServer = 89.19.64.164,89.19.64.36
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F04856B-0360-4F71-A3F4-05DA07FF5720}: DhcpNameServer = 89.19.64.36 89.19.64.164
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFE72A30-02B0-4D49-880C-2F85CFCCFE15}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()
    O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk /k:F *)
    O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/05/29 19:20:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [2012/05/29 19:20:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2012/05/28 22:04:27 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Roaming\Malwarebytes
    [2012/05/28 22:04:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/05/28 22:04:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/05/28 22:04:12 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/05/28 22:04:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/05/28 21:58:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/05/28 21:00:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/05/28 20:46:42 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/05/28 20:13:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/05/28 20:13:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/05/28 20:13:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/05/28 20:13:47 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/05/28 20:13:43 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/05/28 20:10:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
    [2012/05/28 20:10:53 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    [2012/05/28 19:33:25 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Roaming\AVG2012
    [2012/05/28 19:33:07 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\AVG Secure Search
    [2012/05/28 19:32:42 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
    [2012/05/28 19:32:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
    [2012/05/28 19:32:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
    [2012/05/28 19:31:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
    [2012/05/28 19:30:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
    [2012/05/28 19:30:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
    [2012/05/28 19:03:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    [2012/05/28 18:20:03 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{67E056DB-8A3C-4BBB-A84B-12549B87B6F1}
    [2012/05/28 18:19:50 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{4D09D584-2D84-4AF7-B155-FC9CF1969168}
    [2012/05/27 22:15:01 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{998A92F3-69DA-43D4-99E4-5B0E0A6AFB47}
    [2012/05/27 22:01:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xilisoft
    [2012/05/27 10:39:32 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{C298387A-A7DF-11E1-8270-B8AC6F996F26}
    [2012/05/27 10:14:35 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{0FC63426-FA2B-46C8-9685-76BB906DE1CB}
    [2012/05/27 10:14:24 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{D6009BEE-F57D-4104-9DFB-3215F20A2573}
    [2012/05/26 13:18:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack x64
    [2012/05/26 13:17:57 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack x64
    [2012/05/26 10:55:12 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{975E98A2-5D9F-440D-99E3-95A27B2F6096}
    [2012/05/26 10:54:56 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{6C5EFEEB-6B4F-4818-88D4-D6A07DE454AC}
    [2012/05/25 18:34:41 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{811D4AF7-1663-4824-9B11-721DCA9F19BA}
    [2012/05/25 18:34:18 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{3F729332-8E95-45E8-B974-A2A4CAAF6F1E}
    [2012/05/24 18:24:19 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{4C62F3C3-B138-4919-BE88-E4EF9143ED8C}
    [2012/05/24 18:23:52 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{B342B8F8-63D5-41E9-B9A5-01EAFDFD959E}
    [2012/05/23 21:22:43 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{513B9B9C-3692-4A5F-9600-5BD351A5C97B}
    [2012/05/23 21:22:29 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{6269B6DE-2524-4E33-A229-4D2344F4241C}
    [2012/05/22 18:17:52 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{58BEA038-E882-42B5-89C7-A0C524B3C2E8}
    [2012/05/22 18:17:28 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{41FFB006-BCD2-450F-99B8-E58CC9D62178}
    [2012/05/21 18:39:57 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{3AE58492-BEC7-48B5-96F4-501D05A63D38}
    [2012/05/21 18:39:44 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{787DC351-2947-4F40-AE23-7E3300BA9B65}
    [2012/05/20 09:29:19 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{200A0D11-6751-4F7D-893B-6CB126F50A04}
    [2012/05/20 09:28:46 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{6C464ED2-4608-4B93-B593-DACE0875ACCB}
    [2012/05/19 20:20:01 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{5297DB6A-5D49-45B8-8EFC-73440BE14073}
    [2012/05/19 08:19:10 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{00940FFF-8753-4793-8167-575B36F8EE2F}
    [2012/05/19 08:18:53 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{AEFBA3C3-8301-4C76-9844-1CD180D19F95}
    [2012/05/18 18:26:00 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{7CDAED30-2676-4105-9BFF-3533D9872FC1}
    [2012/05/18 18:25:39 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{AEC0683C-EA16-4E37-B288-E0A4C125896A}
    [2012/05/17 19:01:27 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{9A2664D8-6B52-4F0D-9F6A-C4532626916F}
    [2012/05/17 19:01:00 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{82272DAE-BA29-452B-AF40-43E875F006C8}
    [2012/05/16 21:09:44 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{7340F78A-677A-4F12-AECC-7BD01511F13E}
    [2012/05/16 21:09:33 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{B855673D-D377-456C-8B2B-42C05CAA439C}
    [2012/05/15 18:19:55 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{C11DC50F-E3CA-4DE7-AE53-17D6A4C3C894}
    [2012/05/15 18:19:39 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{A58B84CA-8967-41C3-8C87-FE6620D8F916}
    [2012/05/14 18:17:19 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{F32E6C03-83ED-4C42-991C-53D2AA00FA1B}
    [2012/05/14 18:16:58 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{D1A9C3F3-F147-4005-91EF-FF0C49225B9E}
    [2012/05/13 21:45:10 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{70352530-26A2-440E-AAC9-2B348D4B7867}
    [2012/05/13 21:44:59 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{8DE582E8-8EBB-47D0-9BF3-D40CDE6789B4}
    [2012/05/13 09:54:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    [2012/05/13 09:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
    [2012/05/13 09:53:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
    [2012/05/13 09:44:21 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{49863EFB-BDA4-429B-831B-DAF57C6350B3}
    [2012/05/13 09:44:02 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{8F6EC3BB-CFE5-43F1-B233-A56341788DD7}
    [2012/05/12 09:19:58 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{5E59D183-BB05-43B8-A69F-39EB7194DB3A}
    [2012/05/12 09:19:40 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{DEEDACC2-A309-460A-95C5-14ACBA971083}
    [2012/05/11 20:58:06 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{D8F7AB84-76D4-462F-8767-799810667B5B}
    [2012/05/11 20:57:44 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{D2A1F9D2-77E6-40C0-AD4F-013B57A4EB2D}
    [2012/05/10 13:27:22 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{C31358DE-AB59-489B-812F-B1D68E097F4A}
    [2012/05/10 13:27:03 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{6127FA56-054D-45F1-875B-AB9DF062D326}
    [2012/05/09 18:16:31 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{1D6D78B9-105D-4C02-92D6-6C19CDA22AF4}
    [2012/05/09 18:16:11 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{E68596DD-72B8-479A-9EF1-9A3D11220FB0}
    [2012/05/08 15:20:05 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{144FCDA6-4487-4002-9317-E298C3BAA5A9}
    [2012/05/08 15:19:46 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{31A860D9-3C70-4386-BC55-9B7C474B8027}
    [2012/05/07 11:36:24 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{F959FD00-38A3-4A85-884C-0E792052CA55}
    [2012/05/07 11:36:03 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{EC1F278C-905C-42B4-BEA5-B0B452F34145}
    [2012/05/06 23:35:37 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{7B28DD0C-E3D5-4182-8D0A-7EA6078E441B}
    [2012/05/06 23:35:24 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{CB9D770F-8932-4481-8ED1-92527901878D}
    [2012/05/06 11:34:53 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{02513A86-0DE9-4A37-822D-28F5B8908277}
    [2012/05/06 11:34:36 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{08F79F9F-FA8F-41FB-8298-A59AB4CC25A3}
    [2012/05/05 23:21:53 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{3C9F1C4F-3C30-4158-BF76-C452B43571CB}
    [2012/05/05 11:21:20 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{01F4A0C5-6900-4D6F-AA86-EF5A389F209B}
    [2012/05/05 11:21:06 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{A966CCCD-72B5-4798-ADF1-A92A075F1450}
    [2012/05/04 18:38:51 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{C11C1397-BDCA-44C7-AB2C-F8071E9E3695}
    [2012/05/04 18:38:30 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{8F464FEA-5339-41C5-81E3-CAC0F93474BE}
    [2012/05/03 21:44:08 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{C2E93DE3-36E6-410E-BC18-9840E3BCC1A5}
    [2012/05/03 21:43:50 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{48AE0376-5C42-4BD9-9524-11F32339F9F7}
    [2012/05/03 20:07:38 | 000,154,272 | ---- | C] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys
    [2012/05/02 18:58:08 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{D9921E95-326C-459C-A0C7-C17A7E49E762}
    [2012/05/02 18:57:53 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{891520E3-D004-477B-AB96-6E40D3918DEE}
    [2012/05/01 18:38:47 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{1987919F-7C2D-40A5-A2D2-F44EF1A7FA12}
    [2012/05/01 18:38:20 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{2F5F99BE-8D42-442A-9F55-037E1B28BBD0}
    [2012/04/30 18:17:43 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{8CF6422E-B3AB-451F-BAD6-B2D9298315FE}
    [2012/04/30 18:17:27 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{C45137E1-D37C-44B1-9A4B-784EFA087CB8}
    [2010/07/17 00:39:59 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Damien\AppData\Roaming\pcouffin.sys

    ========== Files - Modified Within 30 Days ==========

    [2012/05/29 19:41:05 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/05/29 19:37:01 | 000,045,063 | ---- | M] () -- C:\Users\Damien\Desktop\errors.jpg
    [2012/05/29 19:23:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/05/29 19:12:20 | 099,443,830 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
    [2012/05/29 19:09:53 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/05/29 19:08:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/05/29 19:08:32 | 3219,787,776 | -HS- | M] () -- C:\hiberfil.sys
    [2012/05/28 22:55:17 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/05/28 22:55:17 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/05/28 22:33:29 | 000,002,324 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/05/28 22:03:37 | 000,783,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/05/28 22:03:37 | 000,667,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/05/28 22:03:37 | 000,126,178 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/05/28 21:03:23 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/05/28 21:02:17 | 000,000,362 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2012/05/28 20:10:53 | 000,002,981 | ---- | M] () -- C:\Users\Damien\Desktop\HiJackThis.lnk
    [2012/05/28 19:31:13 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
    [2012/05/28 19:31:13 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
    [2012/05/19 08:28:32 | 000,000,971 | ---- | M] () -- C:\Users\Damien\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
    [2012/05/15 19:00:00 | 000,092,160 | ---- | M] () -- C:\Windows\SysNative\ff_vfw.dll
    [2012/05/10 13:25:34 | 003,045,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

    ========== Files Created - No Company Name ==========

    [2012/05/29 19:26:06 | 000,045,063 | ---- | C] () -- C:\Users\Damien\Desktop\errors.jpg
    [2012/05/29 19:12:20 | 099,443,830 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
    [2012/05/28 22:33:29 | 000,002,324 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2012/05/28 20:13:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/05/28 20:13:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/05/28 20:13:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/05/28 20:13:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/05/28 20:13:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/05/28 20:10:53 | 000,002,981 | ---- | C] () -- C:\Users\Damien\Desktop\HiJackThis.lnk
    [2012/05/28 19:31:13 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
    [2012/05/28 19:31:13 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
    [2012/05/26 13:17:59 | 000,203,264 | ---- | C] () -- C:\Windows\SysNative\unrar.dll
    [2012/05/26 13:17:58 | 000,092,160 | ---- | C] () -- C:\Windows\SysNative\ff_vfw.dll
    [2011/09/13 15:49:28 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\ptlx55.dat.{5728B11F-B697-47AA-9C1B-8ECB545B5193}
    [2011/03/08 23:09:02 | 000,088,576 | ---- | C] () -- C:\Windows\SysWow64\OptimFROG.dll
    [2011/01/06 12:11:41 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
    [2010/11/07 13:38:45 | 000,247,824 | ---- | C] () -- C:\Windows\SysWow64\prgiso.dll
    [2010/11/07 13:38:44 | 004,245,008 | ---- | C] () -- C:\Windows\SysWow64\qtp-mt334.dll
    [2010/11/07 13:38:44 | 000,013,840 | ---- | C] () -- C:\Windows\SysWow64\wnaspi32.dll
    [2010/07/25 17:28:23 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
    [2010/07/25 17:28:23 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
    [2010/07/25 17:28:23 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
    [2010/07/25 17:28:23 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
    [2010/07/25 17:28:23 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
    [2010/07/25 17:28:23 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
    [2010/07/25 17:28:23 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
    [2010/07/25 17:28:23 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
    [2010/07/25 17:28:23 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
    [2010/07/25 17:28:23 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
    [2010/07/25 17:28:23 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
    [2010/07/25 17:28:23 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
    [2010/07/25 17:28:23 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
    [2010/07/25 17:28:23 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
    [2010/07/25 17:28:23 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
    [2010/07/25 17:28:23 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
    [2010/07/25 17:28:23 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
    [2010/07/25 17:28:23 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
    [2010/07/25 17:28:23 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
    [2010/07/24 18:28:01 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
    [2010/07/17 14:50:09 | 000,788,168 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/07/17 00:39:59 | 000,007,859 | ---- | C] () -- C:\Users\Damien\AppData\Roaming\pcouffin.cat
    [2010/07/17 00:39:59 | 000,001,167 | ---- | C] () -- C:\Users\Damien\AppData\Roaming\pcouffin.inf

    ========== LOP Check ==========

    [2009/11/13 19:22:27 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Apowersoft
    [2012/01/28 21:38:53 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Ashampoo
    [2010/10/13 20:59:35 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\AVG10
    [2012/05/28 19:33:25 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\AVG2012
    [2012/01/03 23:11:23 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\calibre
    [2010/04/02 11:35:30 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\cYo
    [2009/10/30 14:53:58 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\DAEMON Tools Lite
    [2009/10/30 14:42:26 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\DAEMON Tools Pro
    [2011/03/08 23:09:10 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\dBpoweramp
    [2012/05/28 22:33:34 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\DMCache
    [2011/04/30 09:36:06 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\EPSON
    [2010/11/03 23:04:15 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\ESET
    [2012/04/08 20:08:07 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\FileZilla
    [2010/02/20 14:31:36 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Helios
    [2012/04/06 14:43:15 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\HTC
    [2012/04/06 14:27:36 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
    [2012/05/05 11:22:57 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\IDM
    [2010/11/21 16:32:05 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\ImgBurn
    [2010/08/31 19:56:59 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\ImTOO
    [2009/12/08 12:27:27 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Lexmark Productivity Studio
    [2012/05/27 19:08:18 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Mipony
    [2011/03/06 14:15:12 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\mkvtoolnix
    [2011/12/23 19:45:21 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Nokia
    [2010/10/23 16:52:49 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Ovusoft
    [2010/08/21 14:48:27 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Pavtube
    [2011/12/23 19:33:34 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\PC Suite
    [2011/05/15 17:57:58 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\PMS
    [2011/11/06 00:39:41 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\rockbox.org
    [2009/12/03 20:02:25 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Softland
    [2010/11/30 22:28:46 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Teleca
    [2009/11/13 19:09:25 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Thinstall
    [2010/02/02 23:57:49 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\ThumbGen
    [2010/09/17 19:22:07 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\TightVNC
    [2010/04/06 13:12:41 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\TuneUpMedia
    [2012/05/27 23:10:45 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\uTorrent
    [2010/01/12 20:02:03 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Vodafone
    [2010/07/17 10:24:38 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Vso
    [2010/03/12 20:14:38 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\WinAVI
    [2010/03/12 20:19:26 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Xilisoft Corporation
    [2012/04/12 18:15:08 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4

    < End of report >


  • Registered Users, Registered Users 2 Posts: 2,922 ✭✭✭TechnoFreek


    thanks in advance asj


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    you need to disable spybot before doing this or the fix wont work


    open OTL, paste this into the custom scan/fixes box



    :OTL
    O4:64bit: - HKLM..\Run: [brmsyl] rundll32.exe "C:\Users\Damien\AppData\Local\Temp\brmsyl.dll",IsConvertImagesDialogShowed File not found
    O4:64bit: - HKLM..\Run: [unapls] rundll32.exe "C:\Users\Damien\AppData\Local\Temp\unapls.dll",QuaternionLn File not found
    [2012/05/28 18:20:03 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{67E056DB-8A3C-4BBB-A84B-12549B87B6F1}
    [2012/05/28 18:19:50 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{4D09D584-2D84-4AF7-B155-FC9CF1969168}
    [2012/05/27 22:15:01 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{998A92F3-69DA-43D4-99E4-5B0E0A6AFB47}
    [2012/05/27 10:39:32 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{C298387A-A7DF-11E1-8270-B8AC6F996F26}
    [2012/05/27 10:14:35 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{0FC63426-FA2B-46C8-9685-76BB906DE1CB}
    [2012/05/27 10:14:24 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{D6009BEE-F57D-4104-9DFB-3215F20A2573}
    [2012/05/26 10:55:12 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{975E98A2-5D9F-440D-99E3-95A27B2F6096}
    [2012/05/26 10:54:56 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{6C5EFEEB-6B4F-4818-88D4-D6A07DE454AC}
    [2012/05/25 18:34:41 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{811D4AF7-1663-4824-9B11-721DCA9F19BA}
    [2012/05/25 18:34:18 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{3F729332-8E95-45E8-B974-A2A4CAAF6F1E}
    [2012/05/24 18:24:19 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{4C62F3C3-B138-4919-BE88-E4EF9143ED8C}
    [2012/05/24 18:23:52 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{B342B8F8-63D5-41E9-B9A5-01EAFDFD959E}
    [2012/05/23 21:22:43 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{513B9B9C-3692-4A5F-9600-5BD351A5C97B}
    [2012/05/23 21:22:29 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{6269B6DE-2524-4E33-A229-4D2344F4241C}
    [2012/05/22 18:17:52 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{58BEA038-E882-42B5-89C7-A0C524B3C2E8}
    [2012/05/22 18:17:28 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{41FFB006-BCD2-450F-99B8-E58CC9D62178}
    [2012/05/21 18:39:57 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{3AE58492-BEC7-48B5-96F4-501D05A63D38}
    [2012/05/21 18:39:44 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{787DC351-2947-4F40-AE23-7E3300BA9B65}
    [2012/05/20 09:29:19 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{200A0D11-6751-4F7D-893B-6CB126F50A04}
    [2012/05/20 09:28:46 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{6C464ED2-4608-4B93-B593-DACE0875ACCB}
    [2012/05/19 20:20:01 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{5297DB6A-5D49-45B8-8EFC-73440BE14073}
    [2012/05/19 08:19:10 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{00940FFF-8753-4793-8167-575B36F8EE2F}
    [2012/05/19 08:18:53 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{AEFBA3C3-8301-4C76-9844-1CD180D19F95}
    [2012/05/18 18:26:00 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{7CDAED30-2676-4105-9BFF-3533D9872FC1}
    [2012/05/18 18:25:39 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{AEC0683C-EA16-4E37-B288-E0A4C125896A}
    [2012/05/17 19:01:27 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{9A2664D8-6B52-4F0D-9F6A-C4532626916F}
    [2012/05/17 19:01:00 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{82272DAE-BA29-452B-AF40-43E875F006C8}
    [2012/05/16 21:09:44 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{7340F78A-677A-4F12-AECC-7BD01511F13E}
    [2012/05/16 21:09:33 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{B855673D-D377-456C-8B2B-42C05CAA439C}
    [2012/05/15 18:19:55 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{C11DC50F-E3CA-4DE7-AE53-17D6A4C3C894}
    [2012/05/15 18:19:39 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{A58B84CA-8967-41C3-8C87-FE6620D8F916}
    [2012/05/14 18:17:19 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{F32E6C03-83ED-4C42-991C-53D2AA00FA1B}
    [2012/05/14 18:16:58 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{D1A9C3F3-F147-4005-91EF-FF0C49225B9E}
    [2012/05/13 21:45:10 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{70352530-26A2-440E-AAC9-2B348D4B7867}
    [2012/05/13 21:44:59 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{8DE582E8-8EBB-47D0-9BF3-D40CDE6789B4}
    [2012/05/13 09:44:21 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{49863EFB-BDA4-429B-831B-DAF57C6350B3}
    [2012/05/13 09:44:02 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{8F6EC3BB-CFE5-43F1-B233-A56341788DD7}
    [2012/05/12 09:19:58 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{5E59D183-BB05-43B8-A69F-39EB7194DB3A}
    [2012/05/12 09:19:40 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{DEEDACC2-A309-460A-95C5-14ACBA971083}
    [2012/05/11 20:58:06 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{D8F7AB84-76D4-462F-8767-799810667B5B}
    [2012/05/11 20:57:44 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{D2A1F9D2-77E6-40C0-AD4F-013B57A4EB2D}
    [2012/05/10 13:27:22 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{C31358DE-AB59-489B-812F-B1D68E097F4A}
    [2012/05/10 13:27:03 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{6127FA56-054D-45F1-875B-AB9DF062D326}
    [2012/05/09 18:16:31 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{1D6D78B9-105D-4C02-92D6-6C19CDA22AF4}
    [2012/05/09 18:16:11 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{E68596DD-72B8-479A-9EF1-9A3D11220FB0}
    [2012/05/08 15:20:05 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{144FCDA6-4487-4002-9317-E298C3BAA5A9}
    [2012/05/08 15:19:46 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{31A860D9-3C70-4386-BC55-9B7C474B8027}
    [2012/05/07 11:36:24 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{F959FD00-38A3-4A85-884C-0E792052CA55}
    [2012/05/07 11:36:03 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{EC1F278C-905C-42B4-BEA5-B0B452F34145}
    [2012/05/06 23:35:37 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{7B28DD0C-E3D5-4182-8D0A-7EA6078E441B}
    [2012/05/06 23:35:24 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{CB9D770F-8932-4481-8ED1-92527901878D}
    [2012/05/06 11:34:53 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{02513A86-0DE9-4A37-822D-28F5B8908277}
    [2012/05/06 11:34:36 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{08F79F9F-FA8F-41FB-8298-A59AB4CC25A3}
    [2012/05/05 23:21:53 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{3C9F1C4F-3C30-4158-BF76-C452B43571CB}
    [2012/05/05 11:21:20 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{01F4A0C5-6900-4D6F-AA86-EF5A389F209B}
    [2012/05/05 11:21:06 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{A966CCCD-72B5-4798-ADF1-A92A075F1450}
    [2012/05/04 18:38:51 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{C11C1397-BDCA-44C7-AB2C-F8071E9E3695}
    [2012/05/04 18:38:30 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{8F464FEA-5339-41C5-81E3-CAC0F93474BE}
    [2012/05/03 21:44:08 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{C2E93DE3-36E6-410E-BC18-9840E3BCC1A5}
    [2012/05/03 21:43:50 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{48AE0376-5C42-4BD9-9524-11F32339F9F7}
    [2012/05/02 18:58:08 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{D9921E95-326C-459C-A0C7-C17A7E49E762}
    [2012/05/02 18:57:53 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{891520E3-D004-477B-AB96-6E40D3918DEE}
    [2012/05/01 18:38:47 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{1987919F-7C2D-40A5-A2D2-F44EF1A7FA12}
    [2012/05/01 18:38:20 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{2F5F99BE-8D42-442A-9F55-037E1B28BBD0}
    [2012/04/30 18:17:43 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{8CF6422E-B3AB-451F-BAD6-B2D9298315FE}
    [2012/04/30 18:17:27 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{C45137E1-D37C-44B1-9A4B-784EFA087CB8}

    :Commands
    [PURITY]
    [EMPTYTEMP]
    [EMPTYFLASH]
    [RESETHOSTS]
    [EMPTYJAVA]
    [Clearallrestorepoints]
    [Reboot]
    :Files
    ipconfig /flushdns /c



    Click Run Fix, post the log it gives you


  • Registered Users, Registered Users 2 Posts: 2,922 ✭✭✭TechnoFreek


    Ran fix. Machine has to reboot. Will post log shortly.

    So what is the issue do you think?


  • Advertisement
  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    typical malware infection, nothing too bad. you just had left over registry entries from it that are causing that error. spybot stopped combofix from removing them


  • Registered Users, Registered Users 2 Posts: 2,922 ✭✭✭TechnoFreek


    Thanks man. What does this particular malware do and how did it likely get past eset in the first place


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    no idea, would have to analyze the file that caused the problem to answer that Q. As for how it got past eset, could be from installing a codec, using a crack/keygen, javascript vulnerability, so many ways to get infected.


  • Registered Users, Registered Users 2 Posts: 2,922 ✭✭✭TechnoFreek


    All processes killed
    ========== OTL ==========
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\brmsyl deleted successfully.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\unapls deleted successfully.
    C:\Users\Damien\AppData\Local\{67E056DB-8A3C-4BBB-A84B-12549B87B6F1} folder moved successfully.
    C:\Users\Damien\AppData\Local\{4D09D584-2D84-4AF7-B155-FC9CF1969168} folder moved successfully.
    C:\Users\Damien\AppData\Local\{998A92F3-69DA-43D4-99E4-5B0E0A6AFB47} folder moved successfully.
    C:\Users\Damien\AppData\Local\{C298387A-A7DF-11E1-8270-B8AC6F996F26}\chrome\content folder moved successfully.
    C:\Users\Damien\AppData\Local\{C298387A-A7DF-11E1-8270-B8AC6F996F26}\chrome folder moved successfully.
    C:\Users\Damien\AppData\Local\{C298387A-A7DF-11E1-8270-B8AC6F996F26} folder moved successfully.
    C:\Users\Damien\AppData\Local\{0FC63426-FA2B-46C8-9685-76BB906DE1CB} folder moved successfully.
    C:\Users\Damien\AppData\Local\{D6009BEE-F57D-4104-9DFB-3215F20A2573} folder moved successfully.
    C:\Users\Damien\AppData\Local\{975E98A2-5D9F-440D-99E3-95A27B2F6096} folder moved successfully.
    C:\Users\Damien\AppData\Local\{6C5EFEEB-6B4F-4818-88D4-D6A07DE454AC} folder moved successfully.
    C:\Users\Damien\AppData\Local\{811D4AF7-1663-4824-9B11-721DCA9F19BA} folder moved successfully.
    C:\Users\Damien\AppData\Local\{3F729332-8E95-45E8-B974-A2A4CAAF6F1E} folder moved successfully.
    C:\Users\Damien\AppData\Local\{4C62F3C3-B138-4919-BE88-E4EF9143ED8C} folder moved successfully.
    C:\Users\Damien\AppData\Local\{B342B8F8-63D5-41E9-B9A5-01EAFDFD959E} folder moved successfully.
    C:\Users\Damien\AppData\Local\{513B9B9C-3692-4A5F-9600-5BD351A5C97B} folder moved successfully.
    C:\Users\Damien\AppData\Local\{6269B6DE-2524-4E33-A229-4D2344F4241C} folder moved successfully.
    C:\Users\Damien\AppData\Local\{58BEA038-E882-42B5-89C7-A0C524B3C2E8} folder moved successfully.
    C:\Users\Damien\AppData\Local\{41FFB006-BCD2-450F-99B8-E58CC9D62178} folder moved successfully.
    C:\Users\Damien\AppData\Local\{3AE58492-BEC7-48B5-96F4-501D05A63D38} folder moved successfully.
    C:\Users\Damien\AppData\Local\{787DC351-2947-4F40-AE23-7E3300BA9B65} folder moved successfully.
    C:\Users\Damien\AppData\Local\{200A0D11-6751-4F7D-893B-6CB126F50A04} folder moved successfully.
    C:\Users\Damien\AppData\Local\{6C464ED2-4608-4B93-B593-DACE0875ACCB} folder moved successfully.
    C:\Users\Damien\AppData\Local\{5297DB6A-5D49-45B8-8EFC-73440BE14073} folder moved successfully.
    C:\Users\Damien\AppData\Local\{00940FFF-8753-4793-8167-575B36F8EE2F} folder moved successfully.
    C:\Users\Damien\AppData\Local\{AEFBA3C3-8301-4C76-9844-1CD180D19F95} folder moved successfully.
    C:\Users\Damien\AppData\Local\{7CDAED30-2676-4105-9BFF-3533D9872FC1} folder moved successfully.
    C:\Users\Damien\AppData\Local\{AEC0683C-EA16-4E37-B288-E0A4C125896A} folder moved successfully.
    C:\Users\Damien\AppData\Local\{9A2664D8-6B52-4F0D-9F6A-C4532626916F} folder moved successfully.
    C:\Users\Damien\AppData\Local\{82272DAE-BA29-452B-AF40-43E875F006C8} folder moved successfully.
    C:\Users\Damien\AppData\Local\{7340F78A-677A-4F12-AECC-7BD01511F13E} folder moved successfully.
    C:\Users\Damien\AppData\Local\{B855673D-D377-456C-8B2B-42C05CAA439C} folder moved successfully.
    C:\Users\Damien\AppData\Local\{C11DC50F-E3CA-4DE7-AE53-17D6A4C3C894} folder moved successfully.
    C:\Users\Damien\AppData\Local\{A58B84CA-8967-41C3-8C87-FE6620D8F916} folder moved successfully.
    C:\Users\Damien\AppData\Local\{F32E6C03-83ED-4C42-991C-53D2AA00FA1B} folder moved successfully.
    C:\Users\Damien\AppData\Local\{D1A9C3F3-F147-4005-91EF-FF0C49225B9E} folder moved successfully.
    C:\Users\Damien\AppData\Local\{70352530-26A2-440E-AAC9-2B348D4B7867} folder moved successfully.
    C:\Users\Damien\AppData\Local\{8DE582E8-8EBB-47D0-9BF3-D40CDE6789B4} folder moved successfully.
    C:\Users\Damien\AppData\Local\{49863EFB-BDA4-429B-831B-DAF57C6350B3} folder moved successfully.
    C:\Users\Damien\AppData\Local\{8F6EC3BB-CFE5-43F1-B233-A56341788DD7} folder moved successfully.
    C:\Users\Damien\AppData\Local\{5E59D183-BB05-43B8-A69F-39EB7194DB3A} folder moved successfully.
    C:\Users\Damien\AppData\Local\{DEEDACC2-A309-460A-95C5-14ACBA971083} folder moved successfully.
    C:\Users\Damien\AppData\Local\{D8F7AB84-76D4-462F-8767-799810667B5B} folder moved successfully.
    C:\Users\Damien\AppData\Local\{D2A1F9D2-77E6-40C0-AD4F-013B57A4EB2D} folder moved successfully.
    C:\Users\Damien\AppData\Local\{C31358DE-AB59-489B-812F-B1D68E097F4A} folder moved successfully.
    C:\Users\Damien\AppData\Local\{6127FA56-054D-45F1-875B-AB9DF062D326} folder moved successfully.
    C:\Users\Damien\AppData\Local\{1D6D78B9-105D-4C02-92D6-6C19CDA22AF4} folder moved successfully.
    C:\Users\Damien\AppData\Local\{E68596DD-72B8-479A-9EF1-9A3D11220FB0} folder moved successfully.
    C:\Users\Damien\AppData\Local\{144FCDA6-4487-4002-9317-E298C3BAA5A9} folder moved successfully.
    C:\Users\Damien\AppData\Local\{31A860D9-3C70-4386-BC55-9B7C474B8027} folder moved successfully.
    C:\Users\Damien\AppData\Local\{F959FD00-38A3-4A85-884C-0E792052CA55} folder moved successfully.
    C:\Users\Damien\AppData\Local\{EC1F278C-905C-42B4-BEA5-B0B452F34145} folder moved successfully.
    C:\Users\Damien\AppData\Local\{7B28DD0C-E3D5-4182-8D0A-7EA6078E441B} folder moved successfully.
    C:\Users\Damien\AppData\Local\{CB9D770F-8932-4481-8ED1-92527901878D} folder moved successfully.
    C:\Users\Damien\AppData\Local\{02513A86-0DE9-4A37-822D-28F5B8908277} folder moved successfully.
    C:\Users\Damien\AppData\Local\{08F79F9F-FA8F-41FB-8298-A59AB4CC25A3} folder moved successfully.
    C:\Users\Damien\AppData\Local\{3C9F1C4F-3C30-4158-BF76-C452B43571CB} folder moved successfully.
    C:\Users\Damien\AppData\Local\{01F4A0C5-6900-4D6F-AA86-EF5A389F209B} folder moved successfully.
    C:\Users\Damien\AppData\Local\{A966CCCD-72B5-4798-ADF1-A92A075F1450} folder moved successfully.
    C:\Users\Damien\AppData\Local\{C11C1397-BDCA-44C7-AB2C-F8071E9E3695} folder moved successfully.
    C:\Users\Damien\AppData\Local\{8F464FEA-5339-41C5-81E3-CAC0F93474BE} folder moved successfully.
    C:\Users\Damien\AppData\Local\{C2E93DE3-36E6-410E-BC18-9840E3BCC1A5} folder moved successfully.
    C:\Users\Damien\AppData\Local\{48AE0376-5C42-4BD9-9524-11F32339F9F7} folder moved successfully.
    C:\Users\Damien\AppData\Local\{D9921E95-326C-459C-A0C7-C17A7E49E762} folder moved successfully.
    C:\Users\Damien\AppData\Local\{891520E3-D004-477B-AB96-6E40D3918DEE} folder moved successfully.
    C:\Users\Damien\AppData\Local\{1987919F-7C2D-40A5-A2D2-F44EF1A7FA12} folder moved successfully.
    C:\Users\Damien\AppData\Local\{2F5F99BE-8D42-442A-9F55-037E1B28BBD0} folder moved successfully.
    C:\Users\Damien\AppData\Local\{8CF6422E-B3AB-451F-BAD6-B2D9298315FE} folder moved successfully.
    C:\Users\Damien\AppData\Local\{C45137E1-D37C-44B1-9A4B-784EFA087CB8} folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: AppData
    ->Temp folder emptied: 0 bytes

    User: Carol-Anne
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 27756971 bytes
    ->Java cache emptied: 122594 bytes
    ->FireFox cache emptied: 542483505 bytes
    ->Google Chrome cache emptied: 7102154 bytes
    ->Flash cache emptied: 24552 bytes

    User: Damien
    ->Temp folder emptied: 1155301 bytes
    ->Temporary Internet Files folder emptied: 12817119 bytes
    ->Java cache emptied: 8478 bytes
    ->FireFox cache emptied: 79701065 bytes
    ->Flash cache emptied: 76466 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56466 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56466 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 88433 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 87541 bytes
    %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67496 bytes
    RecycleBin emptied: 32805452 bytes

    Total Files Cleaned = 672.00 mb


    [EMPTYFLASH]

    User: All Users

    User: AppData

    User: Carol-Anne
    ->Flash cache emptied: 0 bytes

    User: Damien
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: UpdatusUser
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb

    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYJAVA]

    User: All Users

    User: AppData

    User: Carol-Anne
    ->Java cache emptied: 0 bytes

    User: Damien
    ->Java cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    User: UpdatusUser

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    D:\cmd.bat deleted successfully.
    D:\cmd.txt deleted successfully.

    OTL by OldTimer - Version 3.2.44.0 log created on 05292012_202845

    Files\Folders moved on Reboot...
    C:\Users\Damien\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...


  • Registered Users, Registered Users 2 Posts: 2,922 ✭✭✭TechnoFreek


    so how does that look?


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    all good unless you are having any more problems


  • Registered Users, Registered Users 2 Posts: 2,922 ✭✭✭TechnoFreek


    hmmm. i think my dl speed isnt up to scratch.

    normally get 2mb/s constant, barely getting 1.5 now. related?

    EDIT: And I alse use a remote desktop app on my android phone to connect to PC. it's now orking, getting a timeout error:
    "failed to connect to 192.1681.1.2 (port 3389) after 6000ms


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    have you done this part
    also fully uninstall one of those two anti-viruses, AVG/Avast, not good for your PC to have both on there even if one is messed up.


  • Registered Users, Registered Users 2 Posts: 2,922 ✭✭✭TechnoFreek


    ASJ112 wrote: »
    have you done this part


    Yean, uninstalled eset for the moment. just avg on there.
    but spybot and malwarebytes still there. that ok to leave?


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    could be due to installing AVG, it requiring more resources, other than that I am not sure. Wouldn't hurt to remove spybot since you have mbam, may help.

    no idea about the phone issue, we did flush your DNS cache but that's perfectly normal/safe to do...


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 2,922 ✭✭✭TechnoFreek


    thanks man. I'll try that and get back to you.

    what antivirus and malware combo do you recommend.

    should eset and malware bytes before enough?

    i always found eset powerful but light on resources


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    yeah eset and mbam are great, use a good browser like srware iron and you are good to go

    http://www.srware.net/en/software_srware_iron_download.php


  • Registered Users, Registered Users 2 Posts: 2,922 ✭✭✭TechnoFreek


    Thanks man, really appreciated all your help with this.

    Getting late now so tomorrow evening I will install eset, and uninstall avg. hopefully that will solve my two outstanding issues.


  • Registered Users, Registered Users 2 Posts: 2,922 ✭✭✭TechnoFreek


    ASJ, Just have a quick question regarding Malwarebytes. It regularly blocks the following:

    80.82.66.27 (Type: outgoing, Port: XXXXX, Process: firefox.exe)
    109.163.230.114 (Type: outgoing, Port: XXXXX, Process: firefox.exe)

    The ports change for each entry on the log.

    Any ideas what this might be?

    Thanks in advance


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    The first one seems to be from Holland, the latter is Irish. Cant say much more than that. I wouldn't worry bout them if you aren't having any issues.

    Probably best to post on the mbam forum if you want a definitive answer on them.


Advertisement