Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Garda Virus Question

  • 21-12-2012 5:29pm
    #1
    Registered Users, Registered Users 2 Posts: 222 ✭✭


    Hi,

    The 'garda virus/malware' seems to be on my house pc.

    It has effected one of the profiles on the comp.

    I can still access mine, and have used a usb key to install malwarebytes + run a can from my profile. It has detected ~ 30 infected files.

    Will this be enough to get rid of the virus or do I have to do something else?


    cheers


Comments

  • Registered Users, Registered Users 2 Posts: 110 ✭✭amallon


    Malwarebytes is fairly good and I would have a fair amount of confidence that it should clean it. Doing a scan with another antivirus program would do no harm though.


    Try something like Comodo Cleaning Essentials, its quite good at cleaning up after an infection.

    Make sure your antivirus is up to date, if you don't have one get Avast Free edition and do a full scan with it. Microsoft Security essentials is getting better detection ratings these days and is another free Anti Virus alternative.


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    post the mbam log


  • Registered Users, Registered Users 2 Posts: 222 ✭✭GodlikeRed


    Even tho it says no action taken, I did end up removing them. They are in the quarantine section.





    Database version: v2012.09.29.05


    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Luke :: CLARKE-PC [administrator]


    31/12/2001 23:11:57
    1st log.txt


    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 372381
    Time elapsed: 25 minute(s), 49 second(s)


    Memory Processes Detected: 0
    (No malicious items detected)


    Memory Modules Detected: 0
    (No malicious items detected)


    Registry Keys Detected: 27
    HKCR\CLSID\{168DC258-1455-4E61-8590-9DAC2F27B675} (Adware.VideoEgg) -> No action taken.
    HKCR\VideoEgg.ActiveXLoader.1 (Adware.VideoEgg) -> No action taken.
    HKCR\CLSID\{1A8642F1-DC80-4EDC-A39D-0FB62A58B455} (Adware.VideoEgg) -> No action taken.
    HKCR\CLSID\{3F91EB90-EF62-44EE-A685-FAC29AF111CD} (Adware.VideoEgg) -> No action taken.
    HKCR\CLSID\{5C29C7E4-5321-4CAD-BE2E-877666BED5DF} (Adware.VideoEgg) -> No action taken.
    HKCR\CLSID\{83DFB6EE-AB18-41B5-86D4-B544A141D67E} (Adware.VideoEgg) -> No action taken.
    HKCR\CLSID\{88D6CF0E-CF70-4C24-BF6E-E4E414BC649C} (Adware.VideoEgg) -> No action taken.
    HKCR\CLSID\{8F6A82A2-D7B1-443E-BB9F-F7DC887DD618} (Adware.VideoEgg) -> No action taken.
    HKCR\CLSID\{9856E2D8-FFB2-4FE5-8CAD-D5AD6A35A804} (Adware.VideoEgg) -> No action taken.
    HKCR\CLSID\{A3D06987-C35E-49E4-8FE2-AC67B9FBFB4C} (Adware.VideoEgg) -> No action taken.
    HKCR\CLSID\{A58C497B-3EE2-45E7-9594-DACA6BE2A0D0} (Adware.VideoEgg) -> No action taken.
    HKCR\CLSID\{AD0A3058-FD49-4F98-A514-FD055201835E} (Adware.VideoEgg) -> No action taken.
    HKCR\CLSID\{AD5915EA-B61A-4DBA-B5C8-EF4B2DF0A3C7} (Adware.VideoEgg) -> No action taken.
    HKCR\CLSID\{AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (Adware.VideoEgg) -> No action taken.
    HKCR\CLSID\{BB187C0D-6F53-4F3E-9590-98FD3A7364A2} (Adware.VideoEgg) -> No action taken.
    HKCR\CLSID\{C5041FD9-4819-4DC4-B20E-C950B5B03D2A} (Adware.VideoEgg) -> No action taken.
    HKCR\CLSID\{D17726CC-D4DD-4C4A-9671-471D56E413B5} (Adware.VideoEgg) -> No action taken.
    HKCR\CLSID\{DB8CCE99-59C6-4552-8BFC-058FEB38D6CE} (Adware.VideoEgg) -> No action taken.
    HKCR\CLSID\{DC3A04EE-CDD7-4407-915C-A5502F97EECD} (Adware.VideoEgg) -> No action taken.
    HKCR\CLSID\{E1A63484-A022-4D42-830A-FBD411514440} (Adware.VideoEgg) -> No action taken.
    HKCR\CLSID\{E282C728-189D-419E-8EE2-1601F4B39BA5} (Adware.VideoEgg) -> No action taken.
    HKCR\VideoEgg.ActiveXLoader (Adware.VideoEgg) -> No action taken.
    HKCU\SOFTWARE\VideoEgg (Adware.VideoEgg) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoEgg (Adware.VideoEgg) -> No action taken.
    videoegg.com/Publisher,version=1.5 (Adware.VideoEgg) -> No action taken.
    HKLM\SOFTWARE\VideoEgg (Adware.VideoEgg) -> No action taken.
    videoegg.com/Publisher,version=1.5 (Adware.VideoEgg) -> No action taken.


    Registry Values Detected: 0
    (No malicious items detected)


    Registry Data Items Detected: 0
    (No malicious items detected)


    Folders Detected: 13
    C:\Users\Luke\AppData\Roaming\VideoEgg (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Loader (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Loader\4665 (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520 (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\messages (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4665 (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Updater (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Updater\4665 (Adware.VideoEgg) -> No action taken.
    C:\Users\Home\AppData\Roaming\WeatherDPA (Adware.Hotbar) -> No action taken.


    Files Detected: 154
    C:\Users\Luke\AppData\Roaming\VideoEgg\Loader\4665\npvideoegg-loader.dll (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Updater\updater.exe (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Updater\VideoEggBroker.exe (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Updater\VideoEggBroker.exe.old (Adware.VideoEgg) -> No action taken.
    C:\$Recycle.Bin\S-1-5-21-3374161282-1943681884-473319434-1004\$RRFSP0O.exe (Malware.Tool) -> No action taken.
    c:\users\home\appdata\local\temp\jh160jzln0e30uan.exe (Trojan.Zbot) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Uninstall.exe (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Loader\loader.ver (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\publisher.ver (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\avcodec.dll (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\crashRpt.dll (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\FLVEncoder.dll (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\lame_enc.dll (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\LevelMeter.ax (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\libcurlve.dll (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\libpng.dll (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\npvideoegg-publisher.dll (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\zlib.dll (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_down.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_over.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_right.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_top_right.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_over.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_vertical.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_instructions.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_btn_highlighted.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_dark.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_light.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcams.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_light.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_down.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading_movie.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_down.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\playhead.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_down.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_thumbnail.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\locating.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_bottom.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_middle.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_top.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide_disabled.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\movie_placeholder.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_over.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fill.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_pause.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_play.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_disabled.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_to_start.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\powered_by.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\progress.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_down.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_over.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_up.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart_over.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_disabled.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_over.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over_highlight.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_slider.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_disabled.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_down.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_over.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_slider.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\tab_slide_deselected.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\tape_control.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder_highlight.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file_highlight.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone_highlight.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam_highlight.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\title.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_fill.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_high.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_low.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_medium.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_down.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_from.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_over.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_gray.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_green.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_high.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_low.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_orange.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_red.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_slider.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\waiting_for_email.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcams_title.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_slide.png (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\messages\messages.en-US.bundle (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Updater\updater.ver (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Updater\4665\libcurlve.dll (Adware.VideoEgg) -> No action taken.
    C:\Users\Luke\AppData\Roaming\VideoEgg\Updater\4665\updater.dll (Adware.VideoEgg) -> No action taken.


    (end)


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    there's one thing there that may cause issues


    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Quick Scan button. Do not change any settings. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files here


  • Registered Users, Registered Users 2 Posts: 222 ✭✭GodlikeRed


    I'm scanning now. I see the file age is set to 30 days? I've had it for over 3 months now on the specific computer but I haven't been using it.


  • Advertisement
  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    That's fine, will deal with that later


  • Registered Users, Registered Users 2 Posts: 485 ✭✭Lombardo86


    Am after getting this on one of the laptops, running McAfee scan on it now. No files found yet but presuming they will show up..

    Seems to have infected a lot of people. First Virus i have faced. Anything specific need to be done besides Virus Scan?


  • Registered Users, Registered Users 2 Posts: 222 ✭✭GodlikeRed


    OTL Extras logfile created on: 21/12/2012 20:19:37 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Luke\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    3.00 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 53.87% Memory free
    6.22 Gb Paging File | 4.64 Gb Available in Paging File | 74.56% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 458.31 Gb Total Space | 191.12 Gb Free Space | 41.70% Space Free | Partition Type: NTFS
    Drive D: | 7.45 Gb Total Space | 0.99 Gb Free Space | 13.27% Space Free | Partition Type: NTFS
    Drive G: | 1.86 Gb Total Space | 1.43 Gb Free Space | 76.67% Space Free | Partition Type: FAT

    Computer Name: CLARKE-PC | User Name: Luke | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{08A852D5-88DD-4259-94F7-265776F46638}" = lport=10244 | protocol=6 | dir=in | app=system |
    "{0B757924-6896-426A-B1F2-13A422F70649}" = rport=10244 | protocol=6 | dir=out | app=system |
    "{0E777D58-94C4-4F03-BA0E-526DF051B734}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{1C2E696A-0D43-4574-86E3-8D8AE72A258B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{1CA28C33-1236-47A7-B2D6-7B365707B9F8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{1F47A489-A3EA-428C-A93A-CBB48AF90E91}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{210FEBCF-A3AB-4685-B586-3FDCE3285431}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{2690A9CF-C698-4271-8C9A-8DD818EC952C}" = lport=3390 | protocol=6 | dir=in | app=system |
    "{3BF22EEF-09F8-4CAD-A3C8-431D187C4065}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{3E1C4A43-C249-428F-8B93-71CBC41A9719}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{478D1136-E970-4585-81D0-929DB18C2933}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{495C9307-7B55-402C-A1CC-ED4D384AD173}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{4A3D353C-06BF-439A-BD3A-A5ACEB03A983}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{4CEC4F58-C3B1-40DC-9664-DABCD68B392B}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{5E96D3BC-FF8A-4905-B309-7F4B3E703F6B}" = lport=3390 | protocol=6 | dir=in | app=system |
    "{759DF179-A6D8-424C-B5E8-D8802454F351}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{7E28EC34-3AC6-476A-8EB4-FD3938DD8654}" = lport=10244 | protocol=6 | dir=in | app=system |
    "{801EFDB9-7D2A-49B8-AC18-D75E81F4E64D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{80D62835-6246-4109-83ED-8F1EE7784C31}" = lport=1900 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server upnp discovery |
    "{A20EA58F-3E93-4D1D-A64A-CA39A579709F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{A2672A02-34C0-4119-8428-F548D7D31DED}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{AC36F3C8-5FCD-442C-90AD-5C14CA598519}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{B1ED1039-9407-45E8-93E0-A7DE6DE411CB}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{B9507953-C123-4CE0-989B-843A0BC4ED57}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{BDDCBDA2-40AB-4C14-A9AD-CB030FFE5540}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{C20CA39C-3AF3-49D3-9C0D-A930A781BB8A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CE52950A-7A16-40D4-9BCB-E66CD7C297FF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{D5E10E1A-13C4-4FAB-BE05-6F40FBC65124}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{D8D46D65-1AAE-44C4-B34D-AF747BC36FC7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{DE6AC89B-1106-4033-8E71-163F4D587C49}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{E6257B06-BD22-4C3C-81F4-CF921186B0CB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{EDF3DF50-FBB6-44A2-8561-05C87531017C}" = rport=10244 | protocol=6 | dir=out | app=system |
    "{F084D93E-37BA-4F9E-82F9-6B68E1FDEEB5}" = lport=9442 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server discovery |
    "{F5861A7A-9696-47FC-B096-729BD1A88BF6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F93FA8A1-1559-4316-8EEA-43E97A73D271}" = lport=2869 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0E0D3C91-B52C-4AFA-9B76-8A6AF188E82B}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{11E7D213-FEE7-4B49-8E2A-DC45A454BA00}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
    "{1FCEFC13-6C06-49C3-895B-554D3371F71E}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
    "{249F9F8D-0DE2-4610-B774-ABE0D4842DFB}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\command and conquer red alert 3\runme.exe |
    "{2652CAC4-F44A-4657-811B-87C78940E1BB}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{2A390371-471E-483B-92B4-F55228D5F872}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
    "{2F63729C-C8BB-4AE2-8347-51FD071E1000}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
    "{3200BB09-DD1C-47AD-9CD6-25CC7C2DE969}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\steelstorm\netradiant_win32\radiant.exe |
    "{346DECA5-24BC-4201-85A7-3A890E5B8B09}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\command and conquer red alert 3\support\ea help\electronic_arts_technical_support.htm |
    "{3594686A-B8D6-4AF8-9EA7-1E0AFD78D7ED}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\steelstorm\steelstorm.exe |
    "{367F75F5-1612-4F11-8CD7-00EDA0A71D49}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
    "{39CCC333-DDFF-456C-833C-F7B63682DB44}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\steelstorm\steelstorm.exe |
    "{3B12BF2D-BB11-4545-ACAC-0AB384F8F3B3}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
    "{3CDA4E25-D945-448F-8837-8C6D5BEA36F4}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
    "{405AAC3C-3758-4C44-A3BB-F72E9F2EE611}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
    "{4BA57422-1047-44B8-8542-C4D3CD506DEA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\bigred_irl\counter-strike source\hl2.exe |
    "{4EC52EFF-8A35-43A2-B23D-1C9653631511}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{50CD137A-0DD8-40A8-88C0-506830A14475}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
    "{5BC984E0-B6C4-47A4-AA45-1B8EC13411D9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{5C3EC33A-0573-42B7-B5EB-6EE87E322364}" = protocol=6 | dir=in | app=c:\users\luke\appdata\roaming\dropbox\bin\dropbox.exe |
    "{5C406712-0D99-4FAC-9BEE-AEA1C62778AC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\command and conquer red alert 3\support\ea help\electronic_arts_technical_support.htm |
    "{5C6782E7-BF3E-4B8D-A6EA-DED0691B0939}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
    "{5FC9629F-930B-447D-876F-2CEE23587718}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
    "{63A71B4E-3CDF-4AC1-986B-EAB66E0ECF4D}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdxpswx.exe |
    "{649356C0-3BFF-4EC8-91ED-0B93F58CC926}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
    "{662CB34D-FD97-4861-8514-950268818ECF}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{680CF2C6-6AC1-4A5C-A004-479B12537B6B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\command and conquer red alert 3\runme.exe |
    "{690F3566-38F4-44D4-AD57-E82ACD9EF6AA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\hammerfight\hammerfight.exe |
    "{6A3B71E3-E3CB-4F21-A5EC-2623EDABDA8D}" = dir=in | app=c:\users\luke\appdata\local\facebook\video\skype\facebookvideocalling.exe |
    "{6E7676B8-B9E9-4572-B151-7671BBDA02AE}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdxjswx.exe |
    "{6FD0E3DF-FB38-41CA-93B9-40B224B90B35}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{71080A8F-44DD-4658-AC13-7F47230EFA5A}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
    "{71852F89-A6C7-496B-983B-58FB006D010A}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
    "{7223734F-CED6-4657-B8D6-F3B9F5876DF4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\cogs\cogs.exe |
    "{73D9F770-E35B-4E95-A336-BDFEA7913242}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
    "{742732FA-EC36-44EC-A1BA-09A4B027C150}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
    "{744AF6C4-E827-4982-9AC0-8B8E2B5D0FE4}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
    "{7D0B2982-FA58-437A-9660-06F605F648E8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\command and conquer red alert 3\support\ea help\electronic_arts_technical_support.htm |
    "{7E833A16-9DE2-4568-8D22-9E5C95BD09AD}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{7F7ADC2B-0191-4DA1-AEDF-0612B9D76D72}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
    "{827270DA-D8FE-40FA-B3E6-5310C54FFA04}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
    "{8689E37E-88C1-43E2-B6F8-182554A1073F}" = protocol=17 | dir=in | app=c:\users\luke\appdata\roaming\dropbox\bin\dropbox.exe |
    "{888FD6D5-E21B-4855-84A4-B5C0CEF3404E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\bigred_irl\counter-strike source\hl2.exe |
    "{8DD928B3-50B5-48AB-B488-671CC2DAF3E4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{8E495FEA-03B5-4B55-ABF4-D6155569AFD8}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{90C6D648-3A63-4D67-ACFD-8B18AE7559AA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\crayon physics deluxe\launcher.exe |
    "{9A054ACA-B61C-4049-95F4-7CF6FC871D5A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{9DDE0700-F8AE-477A-9A30-704F9520C91D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\bigred_irl\counter-strike source\hl2.exe |
    "{A0D1647D-27D4-4E5F-AF2B-BFEC111E2E83}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\command and conquer red alert 3\runme.exe |
    "{A5151730-ED8E-4314-A874-E6DFC73A3657}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\command and conquer red alert 3\support\ea help\electronic_arts_technical_support.htm |
    "{A5C1ADCD-BD87-41CF-9C62-8404B26F4BF9}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{A5F7B87C-70D8-41C8-B736-DE39E4E35BB0}" = protocol=6 | dir=in | app=c:\windows\system32\lxdxcoms.exe |
    "{A9EB9A53-BCAC-42A0-9948-17A71ED9C808}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{AC1B5C93-D241-4816-B07B-43D90869B6C4}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdxtime.exe |
    "{AE3AA36E-F51C-4F5D-94D9-D3270F1C51EC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{AEDFC4EF-0BBD-487B-96B0-68358EE755CA}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
    "{AF2865F3-A5E6-4F70-A125-5228B52D0BC2}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
    "{AFB1C315-CEFB-477D-975C-9CF993B2AE55}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
    "{B270C57E-C631-466A-A19D-D8D47548D4C8}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{B2CA9B8D-02A7-4E6C-8DB2-B14C8F6B82C4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\hammerfight\hammerfight.exe |
    "{B56DB22A-DD05-41B6-98D6-CD6EF15A5B7E}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdxpswx.exe |
    "{BADB5955-AE1C-4CEE-BB8B-87869FDF8EB3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
    "{BBD506CF-7636-4B90-9DA4-D16021846C54}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\steelstorm\steelstorm-dedicated.exe |
    "{C08CA8CD-073E-44C7-9443-6DB98BA84A31}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdxjswx.exe |
    "{CAE6B43C-4BA2-42B8-BCDE-6C07EBA2240B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\steelstorm\steelstorm-dedicated.exe |
    "{CDC89CF9-9F37-44F8-9676-1409171B1FE4}" = protocol=17 | dir=in | app=c:\windows\system32\lxdxcoms.exe |
    "{D459E6CD-5C70-4680-9890-85E8817D155A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\cogs\cogs.exe |
    "{DB79644E-4433-47BE-8BC4-5CECF47C4CF4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
    "{DDEBAA32-CCAC-4470-B8A9-7892DE80A486}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
    "{E06B2168-8B7D-4594-9A16-2B12FCB90B28}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
    "{E397C40D-AFEE-4DCE-81A4-63E943E31052}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\bigred_irl\counter-strike source\hl2.exe |
    "{E6279FDE-F79E-4B58-B3D5-C1E7B497499C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{F3C39057-6656-4C14-B4EF-268AF5C2C426}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
    "{F5158404-2733-47E3-AA0B-2F7E7524D888}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\crayon physics deluxe\launcher.exe |
    "{F6D5A96A-242B-4899-A081-54D96177E858}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
    "{F7A15B8A-A592-43F4-9A45-DC5EDAE5E4F3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{F8909FA3-B5EA-43D1-853C-9BE93B380BF7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{FB30D371-6C46-4096-A6C3-1390C5477989}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{FB97F8F8-388D-4210-B76B-22C6A8C6780C}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdxtime.exe |
    "{FCFF8667-4C58-4200-A5FF-4DE93E364C78}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\command and conquer red alert 3\runme.exe |
    "{FD4E8D98-56AD-4CC7-B9AB-EAA7CD8AEA67}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\steelstorm\netradiant_win32\radiant.exe |
    "TCP Query User{11314B7F-786D-4DB8-B0A5-C68D9F8C78B9}C:\users\luke\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\luke\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
    "TCP Query User{13E880B3-B473-498C-9C3D-45DDC4C304A5}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
    "TCP Query User{1B631550-7116-4249-A11F-08247F5D2DBB}C:\program files\steam\steamapps\bigred_irl\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\bigred_irl\team fortress 2\hl2.exe |
    "TCP Query User{26A4666A-375D-4791-89FE-CFA65EC51F65}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{3D1FF13E-DCB8-46D8-B01F-C45647357AF3}C:\program files\steam\steamapps\bigred_irl\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\bigred_irl\team fortress 2\hl2.exe |
    "TCP Query User{450E59B8-236D-4A97-B25A-660A11BB8505}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "TCP Query User{61DD41C7-AE17-4EB8-BE1B-2FBCD6140E0B}C:\program files\lexmark 3600-4600 series\lxdxmon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 3600-4600 series\lxdxmon.exe |
    "TCP Query User{79770FFE-4CB6-41AB-83F5-0F9D90F2ACCE}C:\windows\system32\spool\drivers\w32x86\3\lxdxpswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdxpswx.exe |
    "TCP Query User{86D036A6-3EA0-4B88-BFC4-5403482459A0}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{9AF1C330-287C-49DB-A791-E137BF14F7FE}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
    "TCP Query User{B9EA89B1-0A34-48A2-9429-4CBBE72CB730}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "TCP Query User{D18DE6A3-8FAE-437A-96E7-ACB7C79787E0}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
    "TCP Query User{F123E434-24A2-4F0F-8ADF-8A032A1C5BE0}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
    "TCP Query User{F6737E89-AD49-4887-B5CA-D2AA3A164E93}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
    "TCP Query User{F6AA350F-4725-494B-A761-81419402B8C5}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
    "UDP Query User{212CBA57-9E14-471F-86FE-BD610128F6BD}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
    "UDP Query User{24051A25-205D-4981-B6AD-64A1FFAF2EBB}C:\program files\lexmark 3600-4600 series\lxdxmon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 3600-4600 series\lxdxmon.exe |
    "UDP Query User{3901B9CE-583B-40DA-BAA1-86D51DB795C1}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{3F370F51-EADC-49BA-B8DB-728AE8C72656}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
    "UDP Query User{5C477BCB-5D67-4E35-B372-A66271F3536C}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "UDP Query User{6AAA1CA9-593E-4551-AEC8-F6133ED41EEA}C:\program files\steam\steamapps\bigred_irl\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\bigred_irl\team fortress 2\hl2.exe |
    "UDP Query User{84ABEC5D-2BC1-4C7E-AB0A-6CBE190CCA17}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
    "UDP Query User{8E51DF76-92D4-4226-B742-C02AF396C692}C:\program files\steam\steamapps\bigred_irl\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\bigred_irl\team fortress 2\hl2.exe |
    "UDP Query User{976C96D5-0CFD-4A6F-9827-C98BA552537E}C:\windows\system32\spool\drivers\w32x86\3\lxdxpswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdxpswx.exe |
    "UDP Query User{ABF4E36A-EC64-4AB7-83E2-046BEDC47F2D}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
    "UDP Query User{B62F2D4D-E2C5-4D7D-A781-9BB403EEDBB2}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
    "UDP Query User{B74A832C-6A02-4CAB-A379-08DB772D62DB}C:\users\luke\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\luke\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
    "UDP Query User{D4EECF87-82B7-4C45-AFFD-9C5BB056E7CA}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
    "UDP Query User{F0A89915-30EC-4B7D-821C-866DA8822709}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{F7E1FBC2-9788-443C-B46F-328BAF120E1F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
    "{07683840-959A-4B0D-8825-2C533F0DDB19}" = Microsoft Maths
    "{08681881-FCA5-44A7-B863-D66037A16AAF}" = Microsoft Student with Encarta Reference Library 2008
    "{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
    "{0A47BAFF-D4FF-4BD3-96CA-02A22EA62722}" = HP Active Support Library
    "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
    "{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
    "{1246FF64-3035-4A92-8FE6-A968275495EB}" = Sony Vegas Pro 8.0
    "{14AF024E-2E3B-49D0-A175-D1C1A06B155A}" = muvee autoProducer 6.0
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{1CECDCCE-1D2D-46E8-9F02-CCFC93120B55}" = DWGeditor
    "{1D7CE340-70C3-4848-BCCF-215950328A4C}" = Facebook Video Calling 1.0.0.8953
    "{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 24
    "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
    "{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
    "{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
    "{3070A9C6-D670-439A-21ED-ED0CB66B15FC}" = Catalyst Control Center Graphics Full Existing
    "{32A72502-BC2C-4C39-ACEA-BC3D463F0697}" = EN
    "{338AD4E5-9332-A678-5062-7A07ED70D6D4}" = ccc-core-static
    "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
    "{38024121-D084-4E7D-B1A2-1A04CB5C4CF3}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
    "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
    "{3C349576-B3B4-6708-F73C-DC2932065357}" = BBC iPlayer Desktop
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3CE924D4-E4AB-4730-8367-0F2AEE9D7FE0}" = Samsung PC Studio 3
    "{3E8C2BA2-F4CA-4A1D-A690-6B9A411DAF8B}" = ArcSoft PhotoImpression 5
    "{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
    "{43CB1196-79D0-18F6-B66D-BD94E8910883}" = ATI Catalyst Install Manager
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
    "{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
    "{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
    "{52A4E146-A102-4ED0-970F-6B1715EB3C86}" = Quake Live Mozilla Plugin
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
    "{5AC6F03B-0186-4CC8-A67D-BA37FD504CC4}" = COSMOSWorks 2006 SP04.1
    "{5D25B8F8-3D08-4510-8ACE-74020ACCDCDF}" = COSMOSMotion 2006 SP04.1
    "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
    "{624E54D0-E4F4-434F-9EF6-D4D066EE4348}" = Facebook Video Calling 1.1.1.1
    "{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
    "{660787DD-68B3-4E67-9073-4A66DD7AD193}" = ASUS VGA Driver
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
    "{67DEC296-C8CC-A5BE-0378-A25C760B78B4}" = Catalyst Control Center Graphics Full New
    "{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
    "{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
    "{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{6E7BF6EC-C3E7-43A7-8A03-0D204E3EC01B}" = Intel® Viiv™ Software
    "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7350006B-1CEB-44A6-B7A6-699DB1CA9DC0}" = HumanConcepts OrgPlus 9
    "{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
    "{75F3A4B2-F6E8-434D-A2EF-DBBC016C6CB2}" = Learning Essentials for Microsoft Office
    "{76560C00-0CFB-00F0-31AD-3DDA280032B6}" = Catalyst Control Center InstallProxy
    "{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
    "{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}" = Nokia PC Suite
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{774F2CE3-C9C9-BC80-1231-E9432F2756C3}" = ccc-utility
    "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}" = CorelDRAW Graphics Suite X3
    "{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
    "{7EAC91E4-AFC3-8A6F-B802-218548D21873}" = Catalyst Control Center Core Implementation
    "{82427977-8776-4087-90CA-9F65174D3C4D}" = Nokia Connectivity Cable Driver
    "{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
    "{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
    "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
    "{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
    "{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
    "{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
    "{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
    "{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{C00A9857-850C-4C68-A583-2EF4F24706F5}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95FC661A-A0C5-4B18-92CE-90347DA79CC9}" = Smart Menus (Windows Live Toolbar)
    "{962F04A4-130E-F725-BFC3-F46E33889D0E}" = ATI AVIVO Codecs
    "{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
    "{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
    "{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
    "{993960EE-CA4D-443F-8F88-E24260DD5FD2}" = LG PC Suite
    "{9944827A-6E24-429C-B232-406E58E19492}" = COSMOSFloWorks
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
    "{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
    "{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
    "{A059FB87-5DC3-0883-7D65-F68603CACDF1}" = Catalyst Control Center Graphics Previews Vista
    "{A5B9D7A6-EB25-4E44-86A1-85DD8ED8E5F4}" = HumanConcepts OrgPlus 9 Plug-in
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A961C6FD-C583-45F6-A0A4-5E4376C29E41}" = Catalyst Control Center - Branding
    "{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
    "{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
    "{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Titanium Maximum Security
    "{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
    "{AF145F8997B44EE9B106D018EF1DB58B}" = DivX Converter Mobile
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 260.99
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
    "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
    "{B395BC1D-CC06-425E-9049-4CD985EFF004}" = LightScribe 1.8.15.1
    "{B4750ECE-3B5F-462F-8950-614D1E0B2204}" = Facebook Video Calling 1.1.0.13
    "{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}" = PC Connectivity Solution
    "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
    "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
    "{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
    "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
    "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
    "{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
    "{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
    "{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
    "{D2B08D68-6F02-400E-9850-33EDB797F206}" = Focus on Fairground Rides
    "{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
    "{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
    "{D76D1828-BBA0-4BD9-8181-5ACC617DC5F2}" = Virtual Earth 3D (Beta)
    "{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
    "{D98A4E05-4DED-A9BC-313F-DCD315A6A654}" = CCC Help English
    "{DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}" = Windows Live Toolbar
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{E44895E5-15CA-48CB-B136-707E5183BEF3}" = eDrawings 2006
    "{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
    "{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = HP Basic Starter Camera
    "{ED7CED5A-26BF-DFD3-08AC-771E72D43F74}" = Catalyst Control Center Localization All
    "{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F2BF8269-028B-2226-8D15-076A0538EC8A}" = Skins
    "{F3AB0933-B7D6-4C47-5523-922B49B37AE3}" = Catalyst Control Center Graphics Light
    "{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
    "{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
    "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
    "{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
    "504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    "8461-7759-5462-8226" = Vuze
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
    "com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
    "Creative Removable Disk Manager" = Creative Removable Disk Manager
    "D978F69D5F15B845BD6BC6F8BF9BCD36982A2087" = Windows Driver Package - Nokia Modem (02/24/2009 4.0)
    "doPDF 7 printer_is1" = doPDF 7.1 printer
    "E7F682214B951640C9C539C41FDA1A7F836FF7B6" = Windows Driver Package - Nokia Modem (02/23/2009 7.01.0.2)
    "EA Download Manager" = EA Download Manager
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "Google Chrome" = Google Chrome
    "HP Photosmart Essential" = HP Photosmart Essential 2.01
    "Intel(R) Configuration Center" = Intel® Viiv™ Software
    "Lexmark 3600-4600 Series" = Lexmark 3600-4600 Series
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
    "Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
    "Mozilla Firefox 10.0.2 (x86 en-GB)" = Mozilla Firefox 10.0.2 (x86 en-GB)
    "Nokia PC Suite" = Nokia PC Suite
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
    "PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
    "Pixillion" = Pixillion Image Converter
    "Prism" = Prism Video Converter
    "PROSet" = Intel(R) PRO Network Connections Drivers
    "RealPlayer 6.0" = RealPlayer
    "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
    "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
    "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
    "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
    "Steam App 17480" = Command and Conquer: Red Alert 3
    "Steam App 18700" = And Yet It Moves
    "Steam App 240" = Counter-Strike: Source
    "Steam App 26500" = Cogs
    "Steam App 26900" = Crayon Physics Deluxe
    "Steam App 3590" = Plants vs. Zombies
    "Steam App 400" = Portal
    "Steam App 41100" = Hammerfight
    "Steam App 42710" = Call of Duty: Black Ops - Multiplayer
    "Steam App 440" = Team Fortress 2
    "Steam App 55040" = Atom Zombie Smasher
    "Steam App 70300" = VVVVVV
    "Steam App 96200" = Steel Storm: Burning Retribution
    "Switch" = Switch Sound File Converter
    "SysInfo" = Creative System Information
    "SystemRequirementsLab" = System Requirements Lab
    "Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
    "VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
    "Vuze_Remote Toolbar" = Vuze_Remote Toolbar
    "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
    "Windows Live Toolbar" = Windows Live Toolbar
    "WinRAR archiver" = WinRAR archiver
    "Xfire" = Xfire (remove only)
    "XobniMain" = Xobni

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "Octoshape Streaming Services" = Octoshape Streaming Services

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 31/12/2001 20:19:10 | Computer Name = Clarke-Pc | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 31/12/2001 20:19:12 | Computer Name = Clarke-Pc | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 31/12/2001 20:19:12 | Computer Name = Clarke-Pc | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 31/12/2001 20:19:13 | Computer Name = Clarke-Pc | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 31/12/2001 20:19:13 | Computer Name = Clarke-Pc | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 31/12/2001 20:47:46 | Computer Name = Clarke-Pc | Source = Application Hang | ID = 1002
    Description = The program Skype.exe version 5.10.0.116 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: b1c Start Time: 01c1925937fe54f8 Termination Time: 0

    Error - 21/12/2012 15:01:38 | Computer Name = Clarke-Pc | Source = Application Hang | ID = 1002
    Description = The program firefox.exe version 10.0.2.4428 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: 1630 Start Time: 01c1925e45f083d8 Termination Time: 16

    Error - 21/12/2012 16:01:35 | Computer Name = Clarke-Pc | Source = MsiInstaller | ID = 10005
    Description =

    Error - 21/12/2012 16:01:41 | Computer Name = Clarke-Pc | Source = MsiInstaller | ID = 10005
    Description =

    Error - 21/12/2012 16:01:45 | Computer Name = Clarke-Pc | Source = MsiInstaller | ID = 10005
    Description =

    Error - 21/12/2012 16:01:52 | Computer Name = Clarke-Pc | Source = MsiInstaller | ID = 10005
    Description =

    [ Media Center Events ]
    Error - 26/08/2009 17:59:08 | Computer Name = Clarke-Pc | Source = Mcx2Svc | ID = 301
    Description =

    Error - 26/08/2009 18:06:20 | Computer Name = Clarke-Pc | Source = Mcx2Svc | ID = 301
    Description =

    Error - 26/08/2009 18:06:32 | Computer Name = Clarke-Pc | Source = Mcx2Svc | ID = 301
    Description =

    Error - 26/08/2009 18:06:44 | Computer Name = Clarke-Pc | Source = Mcx2Svc | ID = 301
    Description =

    Error - 26/08/2009 18:06:58 | Computer Name = Clarke-Pc | Source = Mcx2Svc | ID = 301
    Description =

    Error - 26/08/2009 18:07:11 | Computer Name = Clarke-Pc | Source = Mcx2Svc | ID = 301
    Description =

    Error - 26/08/2009 18:07:23 | Computer Name = Clarke-Pc | Source = Mcx2Svc | ID = 301
    Description =

    Error - 26/08/2009 18:07:35 | Computer Name = Clarke-Pc | Source = Mcx2Svc | ID = 301
    Description =

    Error - 26/08/2009 18:07:48 | Computer Name = Clarke-Pc | Source = Mcx2Svc | ID = 301
    Description =

    Error - 10/01/2012 19:00:00 | Computer Name = Clarke-Pc | Source = Mcx2Svc | ID = 301
    Description =

    [ OSession Events ]
    Error - 11/08/2008 15:23:33 | Computer Name = Clarke-Pc | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    [URL="tel:12.0.4518.1014"]12.0.4518.1014[/URL], Microsoft Office Version: [URL="tel:12.0.4518.1014"]12.0.4518.1014[/URL]. This session lasted 26873
    seconds with 1080 seconds of active time. This session ended with a crash.

    Error - 19/11/2008 19:34:09 | Computer Name = Clarke-Pc | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    [URL="tel:12.0.4518.1014"]12.0.4518.1014[/URL], Microsoft Office Version: [URL="tel:12.0.4518.1014"]12.0.4518.1014[/URL]. This session lasted 12702
    seconds with 540 seconds of active time. This session ended with a crash.

    Error - 16/11/2009 04:00:20 | Computer Name = Clarke-Pc | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    [URL="tel:12.0.6514.5000"]12.0.6514.5000[/URL], Microsoft Office Version: [URL="tel:12.0.6425.1000"]12.0.6425.1000[/URL]. This session lasted 46083
    seconds with 300 seconds of active time. This session ended with a crash.

    Error - 18/01/2010 19:17:06 | Computer Name = Clarke-Pc | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    [URL="tel:12.0.6514.5000"]12.0.6514.5000[/URL], Microsoft Office Version: [URL="tel:12.0.6425.1000"]12.0.6425.1000[/URL]. This session lasted 11353
    seconds with 2280 seconds of active time. This session ended with a crash.

    Error - 29/05/2012 19:13:02 | Computer Name = Clarke-Pc | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    [URL="tel:12.0.6661.5000"]12.0.6661.5000[/URL], Microsoft Office Version: [URL="tel:12.0.6612.1000"]12.0.6612.1000[/URL]. This session lasted 8939
    seconds with 480 seconds of active time. This session ended with a crash.

    Error - 12/07/2012 19:33:16 | Computer Name = Clarke-Pc | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    [URL="tel:12.0.6661.5000"]12.0.6661.5000[/URL], Microsoft Office Version: [URL="tel:12.0.6612.1000"]12.0.6612.1000[/URL]. This session lasted 14701
    seconds with 180 seconds of active time. This session ended with a crash.

    Error - 09/08/2012 19:40:34 | Computer Name = Clarke-Pc | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 786
    seconds with 120 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 31/12/2001 20:14:39 | Computer Name = Clarke-Pc | Source = Service Control Manager | ID = 7000
    Description =

    Error - 31/12/2001 20:14:39 | Computer Name = Clarke-Pc | Source = Service Control Manager | ID = 7026
    Description =

    Error - 21/12/2012 15:57:14 | Computer Name = Clarke-Pc | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 19:55:26 on 21/12/2012 was unexpected.

    Error - 21/12/2012 15:58:46 | Computer Name = Clarke-Pc | Source = Service Control Manager | ID = 7009
    Description =

    Error - 21/12/2012 15:58:46 | Computer Name = Clarke-Pc | Source = Service Control Manager | ID = 7000
    Description =

    Error - 21/12/2012 15:58:46 | Computer Name = Clarke-Pc | Source = Service Control Manager | ID = 7026
    Description =

    Error - 21/12/2012 15:59:20 | Computer Name = Clarke-Pc | Source = Service Control Manager | ID = 7009
    Description =

    Error - 21/12/2012 15:59:20 | Computer Name = Clarke-Pc | Source = Service Control Manager | ID = 7000
    Description =

    Error - 21/12/2012 16:03:40 | Computer Name = Clarke-Pc | Source = Service Control Manager | ID = 7022
    Description =

    Error - 21/12/2012 16:15:29 | Computer Name = Clarke-Pc | Source = BROWSER | ID = 8032
    Description =


    < End of report >


  • Registered Users, Registered Users 2 Posts: 222 ✭✭GodlikeRed


    OTL logfile created on: 21/12/2012 20:19:37 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Luke\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    3.00 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 53.87% Memory free
    6.22 Gb Paging File | 4.64 Gb Available in Paging File | 74.56% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 458.31 Gb Total Space | 191.12 Gb Free Space | 41.70% Space Free | Partition Type: NTFS
    Drive D: | 7.45 Gb Total Space | 0.99 Gb Free Space | 13.27% Space Free | Partition Type: NTFS
    Drive G: | 1.86 Gb Total Space | 1.43 Gb Free Space | 76.67% Space Free | Partition Type: FAT

    Computer Name: CLARKE-PC | User Name: Luke | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/12/21 17:32:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Luke\Desktop\OTL(1).exe
    PRC - [2012/09/08 21:12:06 | 001,011,016 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
    PRC - [2012/05/24 18:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2012/02/27 13:44:06 | 000,133,424 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
    PRC - [2011/08/02 20:58:12 | 000,200,632 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
    PRC - [2011/08/02 20:58:12 | 000,142,952 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
    PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    PRC - [2010/10/16 12:42:12 | 000,792,680 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    PRC - [2010/10/16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    PRC - [2010/04/01 09:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
    PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    PRC - [2009/11/18 05:45:56 | 000,368,640 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
    PRC - [2009/11/18 05:45:26 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
    PRC - [2009/11/13 18:09:34 | 000,046,824 | ---- | M] (Xobni Corporation) -- C:\Program Files\Xobni\XobniService.exe
    PRC - [2009/04/10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/04/10 22:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
    PRC - [2009/01/08 13:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Users\Luke\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
    PRC - [2008/08/16 12:41:17 | 000,185,632 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    PRC - [2008/02/28 00:53:26 | 000,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdxcoms.exe
    PRC - [2008/01/19 07:33:27 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
    PRC - [2008/01/15 10:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
    PRC - [2007/04/18 15:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
    PRC - [2007/02/15 11:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    PRC - [2006/09/19 08:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe
    PRC - [2006/09/03 17:32:28 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
    PRC - [2006/03/10 18:04:34 | 000,626,688 | ---- | M] () -- C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe
    PRC - [2005/08/11 16:30:30 | 000,618,496 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/06/13 18:39:53 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
    MOD - [2012/06/13 18:37:23 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
    MOD - [2012/06/13 18:37:15 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
    MOD - [2012/05/12 20:01:56 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
    MOD - [2012/05/12 20:01:00 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
    MOD - [2012/05/12 18:57:26 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
    MOD - [2012/05/12 18:55:44 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
    MOD - [2012/05/12 18:54:20 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
    MOD - [2011/08/02 20:58:12 | 000,057,344 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll
    MOD - [2011/08/02 20:58:12 | 000,049,152 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll
    MOD - [2011/02/08 17:26:00 | 001,703,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3609.23390__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll
    MOD - [2011/02/08 17:26:00 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3609.23260__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
    MOD - [2011/02/08 17:26:00 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3609.23281__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
    MOD - [2011/02/08 17:26:00 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3609.23336__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
    MOD - [2011/02/08 17:26:00 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3609.23306__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
    MOD - [2011/02/08 17:26:00 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3609.23275__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
    MOD - [2011/02/08 17:26:00 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3609.23270__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
    MOD - [2011/02/08 17:25:59 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3609.23357__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
    MOD - [2011/02/08 17:25:59 | 000,356,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3609.23322__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
    MOD - [2011/02/08 17:25:59 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3609.23322__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
    MOD - [2011/02/08 17:25:59 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3609.23269__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
    MOD - [2011/02/08 17:25:59 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3609.23358__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
    MOD - [2011/02/08 17:25:59 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3609.23321__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
    MOD - [2011/02/08 17:25:59 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3609.23316__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
    MOD - [2011/02/08 17:25:59 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3609.23390__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll
    MOD - [2011/02/08 17:25:58 | 000,643,072 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3609.23369__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
    MOD - [2011/02/08 17:25:57 | 000,827,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3609.23308__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
    MOD - [2011/02/08 17:25:57 | 000,409,600 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3609.23331__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
    MOD - [2011/02/08 17:25:57 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3609.23308__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
    MOD - [2011/02/08 17:25:57 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3609.23368__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
    MOD - [2011/02/08 17:25:56 | 001,142,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3609.23385__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll
    MOD - [2011/02/08 17:25:56 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3609.23282__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
    MOD - [2011/02/08 17:25:56 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3609.23302__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
    MOD - [2011/02/08 17:25:56 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3609.23282__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
    MOD - [2011/02/08 17:25:56 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3609.23313__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
    MOD - [2011/02/08 17:25:56 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3609.23306__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
    MOD - [2011/02/08 17:25:56 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3609.23313__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
    MOD - [2011/02/08 17:25:56 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3609.23286__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
    MOD - [2011/02/08 17:25:56 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3609.23315__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
    MOD - [2011/02/08 17:25:55 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3609.23307__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
    MOD - [2011/02/08 17:25:55 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    MOD - [2011/02/08 17:25:55 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3609.23307__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
    MOD - [2011/02/08 17:25:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3589.25834__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
    MOD - [2011/02/08 17:25:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3589.25817__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
    MOD - [2011/02/08 17:25:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3589.25847__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
    MOD - [2011/02/08 17:25:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3589.25951__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
    MOD - [2011/02/08 17:25:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3589.25922__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
    MOD - [2011/02/08 17:25:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3589.25854__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
    MOD - [2011/02/08 17:25:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3589.25916__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
    MOD - [2011/02/08 17:25:54 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
    MOD - [2011/02/08 17:25:53 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3589.25791__90ba9c70f846762e\LOG.Foundation.dll
    MOD - [2011/02/08 17:25:53 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3589.25794__90ba9c70f846762e\NEWAEM.Foundation.dll
    MOD - [2011/02/08 17:25:53 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3589.25837__90ba9c70f846762e\MOM.Foundation.dll
    MOD - [2011/02/08 17:25:53 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
    MOD - [2011/02/08 17:25:52 | 000,151,552 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3589.25814__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
    MOD - [2011/02/08 17:25:52 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3589.25796__90ba9c70f846762e\CLI.Foundation.dll
    MOD - [2011/02/08 17:25:52 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
    MOD - [2011/02/08 17:25:52 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3589.26042__90ba9c70f846762e\CLI.Foundation.XManifest.dll
    MOD - [2011/02/08 17:25:52 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3589.25822__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
    MOD - [2011/02/08 17:25:52 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
    MOD - [2011/02/08 17:25:52 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3589.25829__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
    MOD - [2011/02/08 17:25:52 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3589.25810__90ba9c70f846762e\CLI.Component.Client.Shared.dll
    MOD - [2011/02/08 17:25:52 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3589.25907__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll
    MOD - [2011/02/08 17:25:52 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3589.25917__90ba9c70f846762e\DEM.Graphics.dll
    MOD - [2011/02/08 17:25:52 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
    MOD - [2011/02/08 17:25:52 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3589.25832__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
    MOD - [2011/02/08 17:25:52 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3589.25896__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
    MOD - [2011/02/08 17:25:52 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3589.25844__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
    MOD - [2011/02/08 17:25:51 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3589.25859__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
    MOD - [2011/02/08 17:25:51 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3589.25948__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
    MOD - [2011/02/08 17:25:51 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3589.25848__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
    MOD - [2011/02/08 17:25:51 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3589.25945__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
    MOD - [2011/02/08 17:25:51 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3589.25905__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
    MOD - [2011/02/08 17:25:51 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3589.25893__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
    MOD - [2011/02/08 17:25:51 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3589.25862__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
    MOD - [2011/02/08 17:25:51 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3589.25838__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
    MOD - [2011/02/08 17:25:50 | 000,741,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3609.23384__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
    MOD - [2011/02/08 17:25:50 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3589.25846__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
    MOD - [2011/02/08 17:25:50 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3589.25888__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
    MOD - [2011/02/08 17:25:50 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3609.23363__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
    MOD - [2011/02/08 17:25:50 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3589.25831__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
    MOD - [2011/02/08 17:25:50 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3589.25857__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
    MOD - [2011/02/08 17:25:50 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3589.25912__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
    MOD - [2011/02/08 17:25:50 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3589.25825__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
    MOD - [2011/02/08 17:25:50 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3589.25858__90ba9c70f846762e\APM.Foundation.dll
    MOD - [2011/02/08 17:25:50 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3589.25836__90ba9c70f846762e\AEM.Server.Shared.dll
    MOD - [2011/02/08 17:25:49 | 000,565,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3609.23345__90ba9c70f846762e\CLI.Component.Systemtray.dll
    MOD - [2011/02/08 17:25:49 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3609.23275__90ba9c70f846762e\CLI.Component.Wizard.dll
    MOD - [2011/02/08 17:25:49 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3609.23351__90ba9c70f846762e\MOM.Implementation.dll
    MOD - [2011/02/08 17:25:49 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3609.23350__90ba9c70f846762e\LOG.Foundation.Implementation.dll
    MOD - [2011/02/08 17:25:49 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3609.23259__90ba9c70f846762e\CLI.Component.SkinFactory.dll
    MOD - [2011/02/08 17:25:49 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3589.25849__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
    MOD - [2011/02/08 17:25:49 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3589.25806__90ba9c70f846762e\CLI.Foundation.Private.dll
    MOD - [2011/02/08 17:25:49 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3589.25801__90ba9c70f846762e\LOG.Foundation.Private.dll
    MOD - [2011/02/08 17:25:49 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3589.25839__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
    MOD - [2011/02/08 17:25:49 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3589.25819__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
    MOD - [2011/02/08 17:25:49 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3589.25856__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
    MOD - [2011/02/08 17:25:49 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3609.23257__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
    MOD - [2011/02/08 17:25:48 | 001,220,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3609.23265__90ba9c70f846762e\CLI.Component.Dashboard.dll
    MOD - [2011/02/08 17:25:48 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3609.23257__90ba9c70f846762e\CLI.Component.Runtime.dll
    MOD - [2011/02/08 17:25:48 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3589.25826__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
    MOD - [2011/02/08 17:25:48 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3589.25851__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
    MOD - [2011/02/08 17:25:48 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3589.25865__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
    MOD - [2011/02/08 17:25:48 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3609.23351__90ba9c70f846762e\CCC.Implementation.dll
    MOD - [2011/02/08 17:25:47 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3609.23255__90ba9c70f846762e\APM.Server.dll
    MOD - [2011/02/08 17:25:47 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3609.23256__90ba9c70f846762e\AEM.Server.dll
    MOD - [2011/02/08 17:25:47 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
    MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2008/12/10 11:19:08 | 000,430,080 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
    MOD - [2007/09/14 09:58:00 | 000,059,904 | ---- | M] () -- C:\Program Files\ArcSoft\PhotoImpression 5\Share\PIHook.dll
    MOD - [2006/09/19 08:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe


    ========== Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
    SRV - File not found [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
    SRV - [2012/09/08 10:22:23 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/05/25 14:14:34 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
    SRV - [2010/10/16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2009/11/18 05:45:26 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
    SRV - [2009/11/13 18:09:34 | 000,046,824 | ---- | M] (Xobni Corporation) [Auto | Running] -- C:\Program Files\Xobni\XobniService.exe -- (XobniService)
    SRV - [2009/03/04 10:25:12 | 000,621,056 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2008/02/28 00:53:26 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdxcoms.exe -- (lxdx_device)
    SRV - [2008/02/28 00:53:22 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe -- (lxdxCATSCustConnectService)
    SRV - [2008/01/19 07:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/11/07 07:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
    SRV - [2006/09/11 23:02:44 | 000,544,256 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service)
    SRV - [2006/09/11 23:01:04 | 000,167,936 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL)
    SRV - [2006/09/11 22:56:32 | 000,075,264 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe -- (ISSM)
    SRV - [2006/09/11 22:56:20 | 000,188,416 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService)
    SRV - [2006/09/03 17:32:28 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
    SRV - [2006/09/01 06:47:56 | 000,026,624 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server)
    SRV - [2006/05/10 16:13:52 | 000,029,696 | R--- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)
    SRV - [2006/03/10 18:04:34 | 000,626,688 | ---- | M] () [Auto | Running] -- C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe -- (Remote Solver for COSMOSFloWorks 2006)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | System | Stopped] -- System32\drivers\FNETURPX.SYS -- (FNETURPX)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aaivsxpl)
    DRV - [2012/09/24 22:01:24 | 000,095,224 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
    DRV - [2012/09/24 22:00:48 | 000,076,648 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
    DRV - [2012/09/24 22:00:12 | 000,257,952 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
    DRV - [2011/08/02 20:58:24 | 000,092,432 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
    DRV - [2011/08/02 20:58:22 | 000,171,280 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tmnciesc.sys -- (tmnciesc)
    DRV - [2011/08/02 20:58:22 | 000,055,056 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tmeevw.sys -- (tmeevw)
    DRV - [2010/10/16 18:55:00 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2010/05/02 11:51:28 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
    DRV - [2009/11/18 06:20:34 | 005,140,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2009/03/19 12:48:18 | 000,136,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
    DRV - [2009/03/19 12:48:12 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
    DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2008/01/19 06:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV - [2007/07/11 15:51:48 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
    DRV - [2007/07/11 10:45:00 | 000,021,632 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
    DRV - [2007/07/11 10:40:18 | 000,012,416 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
    DRV - [2007/05/02 11:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
    DRV - [2007/05/02 11:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
    DRV - [2007/05/02 11:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus)
    DRV - [2007/04/13 13:22:56 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
    DRV - [2007/03/27 17:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3)
    DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
    DRV - [2006/07/24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
    DRV - [2005/12/12 17:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_IE&c=74&bd=Pavilion&pf=desktop
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_IE&c=74&bd=Pavilion&pf=desktop
    IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{80773AED-1C73-4FA1-B532-30A449A4EADE}: "URL" = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936
    IE - HKLM\..\SearchScopes\{C90EC1A1-F7C7-43C0-816B-61367CF1D550}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie7chrome

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
    IE - HKCU\..\SearchScopes,DefaultScope = {6F009D22-38AB-43A3-93C7-8EAE237F5A66}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKCU\..\SearchScopes\{6F009D22-38AB-43A3-93C7-8EAE237F5A66}: "URL" = http://www.google.ie/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7HPEA_en-GB
    IE - HKCU\..\SearchScopes\{80773AED-1C73-4FA1-B532-30A449A4EADE}: "URL" = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936
    IE - HKCU\..\SearchScopes\{C90EC1A1-F7C7-43C0-816B-61367CF1D550}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie7chrome
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://myzone.tcd.ie/|http://www.facebook.com/|www.youtube.com|www.twitter.com|http://www.meteor.ie/"
    FF - prefs.js..extensions.enabledAddons: savesession@noasobi.net:1.3.1.6
    FF - prefs.js..extensions.enabledAddons: {ba14329e-9550-4989-b3f2-9732e92d17cc}:3.15.1.0
    FF - prefs.js..extensions.enabledAddons: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.6.0.15
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - user.js - File not found

    adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
    divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
    divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
    idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
    java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    microsoft.com/VirtualEarth3D,version=2.0: C:\Program Files\Virtual Earth 3D\ [2008/03/12 19:50:46 | 000,000,000 | ---D | M]
    microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    nosltd.com/getPlus+(R),version=1.6.2.103: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
    nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    real.com/nppl3260;version=6.0.11.2852: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    real.com/nprjplug;version=1.0.2.2910: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    real.com/nsJSRealPlayerPlugin;version=: File not found
    tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Luke\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Luke\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension [2002/01/01 00:23:36 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2012/03/06 17:26:49 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2002/01/01 00:23:55 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/19 19:17:21 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/01 16:58:58 | 000,000,000 | ---D | M]

    [2008/06/20 19:13:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luke\AppData\Roaming\Mozilla\Extensions
    [2012/09/18 22:04:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\4g2aghse.default\extensions
    [2010/04/30 16:58:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\4g2aghse.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2009/04/15 12:06:02 | 000,000,000 | ---D | M] (Aquatint Black Gloss) -- C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\4g2aghse.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
    [2012/08/28 17:16:03 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\4g2aghse.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
    [2012/09/18 22:04:03 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\4g2aghse.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
    [2011/05/06 22:02:03 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\4g2aghse.default\extensions\engine@conduit.com
    [2011/05/05 20:48:23 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\4g2aghse.default\extensions\personas@christopher.beard.xpi
    [2012/01/15 02:25:27 | 000,013,039 | ---- | M] () (No name found) -- C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\4g2aghse.default\extensions\savesession@noasobi.net.xpi
    [2012/08/28 17:16:03 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\4g2aghse.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2009/04/15 12:06:02 | 001,304,961 | ---- | M] () (No name found) -- C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\4g2aghse.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}\chrome\tmp.xpi
    [2011/11/22 18:16:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2008/07/18 01:16:58 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2012/02/19 13:56:00 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2012/01/22 22:45:28 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2012/01/22 22:45:28 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/01/22 22:45:28 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2012/01/22 22:45:28 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2012/01/22 22:45:28 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

    ========== Chrome ==========

    CHR - homepage: http://www.google.com
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
    CHR - homepage: http://www.google.com
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Luke\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Trend Micro Titanium (Enabled) = C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: DivX\u00AE Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
    CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
    CHR - plugin: getPlusPlus for Adobe 162103 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
    CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Luke\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
    CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Luke\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll
    CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
    CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll
    CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Luke\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    CHR - plugin: VideoEgg Publisher (Enabled) = C:\Users\Luke\AppData\Roaming\VideoEgg\Loader\4665\npvideoegg-loader.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: TweetDeck = C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\1.6.1_0\
    CHR - Extension: TweetDeck = C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\2.3.0_0\
    CHR - Extension: Trend Micro Toolbar = C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\heoldelcflnigdllmlopiefhkkobendj\5.2.0.1035_0\
    CHR - Extension: Trend Micro Toolbar = C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\heoldelcflnigdllmlopiefhkkobendj\5.4.0.1023_0\

    O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: ::1 localhost
    O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
    O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
    O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe32.dll (Trend Micro Inc.)
    O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
    O4 - HKLM..\Run: [CCUTRAYICON] FactoryMode File not found
    O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
    O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
    O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
    O4 - HKLM..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe File not found
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKCU..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
    O4 - HKCU..\Run: [Facebook Update] C:\Users\Luke\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Luke\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
    O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
    O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)" -"http://www.isketch.net/isketch.shtml" File not found
    O4 - Startup: C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-ie.cab (MSN Photo Upload Tool)
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-IE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6EC8FBFD-227C-4130-B837-F781C6BDF05D}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe32.dll (Trend Micro Inc.)
    O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
    O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
    O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Luke\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Luke\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/09/19 09:13:48 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{540f0216-55e1-11df-8473-001d60c140c4}\Shell - "" = AutoRun
    O33 - MountPoints2\{540f0216-55e1-11df-8473-001d60c140c4}\Shell\AutoRun\command - "" = F:\autorun.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [20 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [20 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/12/21 20:14:37 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/12/21 20:14:06 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/12/21 20:03:50 | 000,674,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/12/21 20:03:50 | 000,135,340 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/12/21 19:57:19 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/12/21 19:57:19 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/12/21 19:57:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/12/21 19:57:09 | 3220,496,384 | -HS- | M] () -- C:\hiberfil.sys
    [2012/12/21 19:41:05 | 000,000,252 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
    [2012/12/21 17:32:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Luke\Desktop\OTL(1).exe
    [2012/12/21 17:15:02 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Luke\Desktop\mbam-setup-1.65.1.1000.exe
    [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [20 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [20 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/09/30 17:22:35 | 000,108,048 | ---- | C] () -- C:\Windows\RegBootClean.exe
    [2012/05/24 11:46:28 | 000,365,568 | ---- | C] () -- C:\Windows\System32\ZSHP1020.EXE
    [2012/05/24 11:46:28 | 000,169,472 | ---- | C] () -- C:\Windows\System32\ZLhp1020.DLL
    [2012/05/24 11:46:22 | 000,245,248 | ---- | C] () -- C:\Windows\System32\zshp1020s.dll
    [2012/03/06 17:25:55 | 000,000,056 | ---- | C] () -- C:\Windows\System32\SupportTool.exe.bat
    [2011/09/10 01:39:23 | 000,000,007 | ---- | C] () -- C:\Windows\System32\mkghj.dll
    [2011/04/17 19:57:54 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
    [2011/04/08 00:43:43 | 000,000,122 | ---- | C] () -- C:\Users\Luke\webct_upload_applet.properties
    [2011/02/08 17:24:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2010/07/24 13:22:17 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
    [2010/05/30 23:51:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/01/03 13:18:19 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
    [2009/08/19 18:09:33 | 000,781,312 | -HS- | C] () -- C:\Users\Luke\ehthumbs_vista.db
    [2009/08/18 10:41:17 | 000,000,680 | ---- | C] () -- C:\Users\Luke\AppData\Local\d3d9caps.dat
    [2008/05/31 20:25:12 | 000,062,976 | ---- | C] () -- C:\Users\Luke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/05/31 12:28:10 | 000,000,000 | ---- | C] () -- C:\Users\Luke\AppData\Roaming\wklnhst.dat

    ========== ZeroAccess Check ==========

    [2006/11/02 12:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 22:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 22:28:26 | 000,347,648 | ----


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    run mbam on any infected machines


    open otl copy and paste this in the custom scan/fixes box


    :OTL
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aaivsxpl)
    O33 - MountPoints2\{540f0216-55e1-11df-8473-001d60c140c4}\Shell - "" = AutoRun
    O33 - MountPoints2\{540f0216-55e1-11df-8473-001d60c140c4}\Shell\AutoRun\command - "" = F:\autorun.exe
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [EMPTYFLASH]
    [RESETHOSTS]
    [EMPTYJAVA]
    [CREATERESTOREPOINT]
    [Reboot]
    :Files
    ipconfig /flushdns /c

    click run fix post the log it gives and tell me how that pc is running


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 222 ✭✭GodlikeRed


    Seems ok.

    All processes killed
    ========== OTL ==========
    Error: No service named aaivsxpl was found to stop!
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aaivsxpl deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{540f0216-55e1-11df-8473-001d60c140c4}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{540f0216-55e1-11df-8473-001d60c140c4}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{540f0216-55e1-11df-8473-001d60c140c4}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{540f0216-55e1-11df-8473-001d60c140c4}\ not found.
    File F:\autorun.exe not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: dave
    ->Temp folder emptied: 312239078 bytes
    ->Java cache emptied: 16824242 bytes
    ->FireFox cache emptied: 54563126 bytes
    ->Flash cache emptied: 3137324 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Flash cache emptied: 56504 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Home
    ->Temp folder emptied: 1948564113 bytes
    ->Java cache emptied: 57721574 bytes
    ->FireFox cache emptied: 61182589 bytes
    ->Google Chrome cache emptied: 11144097 bytes
    ->Flash cache emptied: 58919 bytes

    User: IUSR_NMPR
    ->Temp folder emptied: 0 bytes

    User: Luke
    ->Temp folder emptied: 1268726961 bytes
    ->Java cache emptied: 61952070 bytes
    ->FireFox cache emptied: 82271002 bytes
    ->Google Chrome cache emptied: 386112417 bytes
    ->Flash cache emptied: 8167544 bytes

    User: Mcx1
    ->Temp folder emptied: 0 bytes

    User: Mcx2
    ->Temp folder emptied: 0 bytes

    User: niamh
    ->Temp folder emptied: 135441834 bytes
    ->Java cache emptied: 254631 bytes
    ->FireFox cache emptied: 71737111 bytes
    ->Flash cache emptied: 200825 bytes

    User: Public


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    update mbam and run another quick scan, I want to see if the zbot infection returns.


  • Registered Users, Registered Users 2 Posts: 222 ✭✭GodlikeRed


    http://imgur.com/zQo5F

    mbam froze when I hit remove on the threats.


  • Registered Users, Registered Users 2 Posts: 222 ✭✭GodlikeRed


    also should I be in safemode etc while doing this?


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    you can skip the scan as you definitely have stuff hiding. no need to run anything in safe mode unless it freezes


    download and run combofix instead, post the log it gives

    http://www.bleepingcomputer.com/download/combofix/


  • Registered Users, Registered Users 2 Posts: 222 ✭✭GodlikeRed


    ComboFix 12-12-20.02 - Luke 22/12/2012 0:17.1.4 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.353.1033.18.3071.1964 [GMT 0:00]
    Running from: c:\users\Luke\Downloads\ComboFix.exe
    AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}
    SP: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\DealPly
    c:\program files\DealPly\DealPly.crx
    c:\programdata\SPL1E87.tmp
    c:\programdata\SPL1F04.tmp
    c:\programdata\SPL3F12.tmp
    c:\programdata\SPL4B4C.tmp
    c:\programdata\SPL539E.tmp
    c:\programdata\SPL565.tmp
    c:\programdata\SPL5F00.tmp
    c:\programdata\SPL699C.tmp
    c:\programdata\SPL794A.tmp
    c:\programdata\SPL8539.tmp
    c:\programdata\SPL8631.tmp
    c:\programdata\SPLA30E.tmp
    c:\programdata\SPLA5EB.tmp
    c:\programdata\SPLC468.tmp
    c:\programdata\SPLD1B6.tmp
    c:\programdata\SPLD4CB.tmp
    c:\programdata\SPLD995.tmp
    c:\programdata\SPLEF1F.tmp
    c:\programdata\SPLF867.tmp
    c:\programdata\SPLFE9B.tmp
    c:\users\Home\AppData\Roaming\Eczi
    c:\users\Home\AppData\Roaming\Eczi\faurf.zic
    c:\users\Home\AppData\Roaming\Hiyw
    c:\users\Home\AppData\Roaming\Hiyw\geofe.yxu
    c:\users\Home\AppData\Roaming\WeatherDPA
    c:\users\Luke\AppData\Roaming\VideoEgg
    c:\windows\system32\html
    c:\windows\system32\html\calendar.html
    c:\windows\system32\html\calendarbottom.html
    c:\windows\system32\html\calendartop.html
    c:\windows\system32\html\crystalexportdialog.htm
    c:\windows\system32\html\crystalprinthost.html
    c:\windows\system32\images
    c:\windows\system32\images\toolbar\calendar.gif
    c:\windows\system32\images\toolbar\crlogo.gif
    c:\windows\system32\images\toolbar\export.gif
    c:\windows\system32\images\toolbar\export_over.gif
    c:\windows\system32\images\toolbar\exportd.gif
    c:\windows\system32\images\toolbar\First.gif
    c:\windows\system32\images\toolbar\first_over.gif
    c:\windows\system32\images\toolbar\Firstd.gif
    c:\windows\system32\images\toolbar\gotopage.gif
    c:\windows\system32\images\toolbar\gotopage_over.gif
    c:\windows\system32\images\toolbar\gotopaged.gif
    c:\windows\system32\images\toolbar\grouptree.gif
    c:\windows\system32\images\toolbar\grouptree_over.gif
    c:\windows\system32\images\toolbar\grouptreed.gif
    c:\windows\system32\images\toolbar\grouptreepressed.gif
    c:\windows\system32\images\toolbar\Last.gif
    c:\windows\system32\images\toolbar\last_over.gif
    c:\windows\system32\images\toolbar\Lastd.gif
    c:\windows\system32\images\toolbar\Next.gif
    c:\windows\system32\images\toolbar\next_over.gif
    c:\windows\system32\images\toolbar\Nextd.gif
    c:\windows\system32\images\toolbar\Prev.gif
    c:\windows\system32\images\toolbar\prev_over.gif
    c:\windows\system32\images\toolbar\Prevd.gif
    c:\windows\system32\images\toolbar\print.gif
    c:\windows\system32\images\toolbar\print_over.gif
    c:\windows\system32\images\toolbar\printd.gif
    c:\windows\system32\images\toolbar\Refresh.gif
    c:\windows\system32\images\toolbar\refresh_over.gif
    c:\windows\system32\images\toolbar\refreshd.gif
    c:\windows\system32\images\toolbar\Search.gif
    c:\windows\system32\images\toolbar\search_over.gif
    c:\windows\system32\images\toolbar\searchd.gif
    c:\windows\system32\images\toolbar\up.gif
    c:\windows\system32\images\toolbar\up_over.gif
    c:\windows\system32\images\toolbar\upd.gif
    c:\windows\system32\images\tree\begindots.gif
    c:\windows\system32\images\tree\beginminus.gif
    c:\windows\system32\images\tree\beginplus.gif
    c:\windows\system32\images\tree\blank.gif
    c:\windows\system32\images\tree\blankdots.gif
    c:\windows\system32\images\tree\dots.gif
    c:\windows\system32\images\tree\lastdots.gif
    c:\windows\system32\images\tree\lastminus.gif
    c:\windows\system32\images\tree\lastplus.gif
    c:\windows\system32\images\tree\Magnify.gif
    c:\windows\system32\images\tree\minus.gif
    c:\windows\system32\images\tree\minusbox.gif
    c:\windows\system32\images\tree\plus.gif
    c:\windows\system32\images\tree\plusbox.gif
    c:\windows\system32\images\tree\singleminus.gif
    c:\windows\system32\images\tree\singleplus.gif
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-11-22 to 2012-12-22 )))))))))))))))))))))))))))))))
    .
    .
    2012-12-22 00:29 . 2012-12-22 00:29
    d
    w- c:\users\TEMP\AppData\Local\temp
    2012-12-22 00:29 . 2012-12-22 00:29
    d
    w- c:\users\niamh\AppData\Local\temp
    2012-12-22 00:29 . 2012-12-22 00:29
    d
    w- c:\users\Mcx2\AppData\Local\temp
    2012-12-22 00:29 . 2012-12-22 00:29
    d
    w- c:\users\Mcx1\AppData\Local\temp
    2012-12-22 00:29 . 2012-12-22 00:29
    d
    w- c:\users\IUSR_NMPR\AppData\Local\temp
    2012-12-22 00:29 . 2012-12-22 00:29
    d
    w- c:\users\Home\AppData\Local\temp
    2012-12-22 00:29 . 2012-12-22 00:29
    d
    w- c:\users\Default\AppData\Local\temp
    2012-12-22 00:29 . 2012-12-22 00:29
    d
    w- c:\users\dave\AppData\Local\temp
    2012-12-21 21:06 . 2012-12-21 21:06
    d
    w- C:\_OTL
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-30 17:24 . 2012-09-30 17:22 108048 ----a-w- c:\windows\RegBootClean.exe
    2012-09-29 19:54 . 2001-12-31 23:09 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-24 22:01 . 2012-03-06 17:28 95224 ----a-w- c:\windows\system32\drivers\tmactmon.sys
    2012-09-24 22:00 . 2012-03-06 17:28 76648 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
    2012-09-24 22:00 . 2012-03-06 17:28 257952 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2012-02-19 13:56 . 2011-05-05 11:59 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-04-15 2515552]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    2010-04-15 11:33 2515552 ----a-w- c:\program files\Vuze_Remote\tbVuze.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-04-15 2515552]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-04-15 2515552]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @=&quot;{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 ----a-w- c:\users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @=&quot;{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 ----a-w- c:\users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @=&quot;{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 ----a-w- c:\users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-23 39408]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
    "Octoshape Streaming Services"="c:\users\Luke\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
    "Steam"="c:\program files\Steam\Steam.exe" [2012-12-21 1354736]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
    "Facebook Update"="c:\users\Luke\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-08-26 138096]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CCUTRAYICON"="FactoryMode" [X]
    "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
    "KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
    "OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
    "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
    "SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-16 185632]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-18 98304]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
    "Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-09-08 1304824]
    "Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 133424]
    .
    c:\users\niamh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    OneNote Table Of Contents.onetoc2 [2008-7-15 3656]
    .
    c:\users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-12-21 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
    - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39]
    .
    2012-08-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3374161282-1943681884-473319434-1004Core.job
    - c:\users\Luke\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-14 05:13]
    .
    2012-12-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3374161282-1943681884-473319434-1004UA.job
    - c:\users\Luke\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-14 05:13]
    .
    2012-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 17:09]
    .
    2012-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 17:09]
    .
    .
    Supplementary Scan
    .
    uStart Page = hxxp://www.google.ie/
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_IE&c=74&bd=Pavilion&pf=desktop
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\4g2aghse.default\
    FF - prefs.js: browser.startup.homepage - hxxp://myzone.tcd.ie/|http://www.facebook.com/|www.youtube.com|www.twitter.com|http://www.meteor.ie/
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
    HKLM-Run-tsnpstd3 - c:\windows\tsnpstd3.exe
    HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-12-22 00:30
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    LOCKED REGISTRY KEYS
    .
    [HKEY_USERS\S-1-5-21-3374161282-1943681884-473319434-1004\Software\SecuROM\License information*]
    "datasecu"=hex:bb,c2,27,e7,77,ee,66,3c,77,66,d9,5a,5a,eb,93,a1,5f,87,a4,35,c9,
    49,c7,c2,5f,6c,fa,06,c3,ad,ba,e9,8d,29,52,eb,9c,1d,9b,ea,7b,00,dd,29,c4,4c,\
    "rkeysecu"=hex:3a,e0,63,29,d6,04,4c,ac,d6,a7,b2,cc,be,52,c9,7e
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2012-12-22 00:32:23
    ComboFix-quarantined-files.txt 2012-12-22 00:32
    .
    Pre-Run: 213,670,162,432 bytes free
    Post-Run: 217,234,812,928 bytes free
    .
    - - End Of File - - 3AD61C3EEEBE8916030615D1CBCE1380


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    update mbam run a quick scan post that log


  • Registered Users, Registered Users 2 Posts: 222 ✭✭GodlikeRed


    All clear?


    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.12.21.16

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Luke :: CLARKE-PC [administrator]

    22/12/2012 18:08:20
    mbam-log-2012-12-22 (18-08-20).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 382448
    Time elapsed: 13 minute(s), 54 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    looks perfect unless you are having any problems


  • Registered Users, Registered Users 2 Posts: 222 ✭✭GodlikeRed


    None at all!

    Thank you, you're a Gent!


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 1,882 ✭✭✭johndoe99


    got that pesky Garda Malware this morning too, easily removed:

    1.Start your computer in safe mode with command prompt.

    2. type rstrui.exe, and then press ENTER

    3. Choose a restore point from the day before.

    4. When your PC restarts download Malwarebytes (Free), leave the update box ticked.

    On mine it found "Exploit.Drop.GSA".


  • Registered Users, Registered Users 2 Posts: 3,193 ✭✭✭Eircom_Sucks


    ComboFix 12-12-25.02 - Anthony 25/12/2012 17:30:15.2.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.353.1033.18.8086.5733 [GMT 0:00]
    Running from: c:\users\Anthony\Desktop\ComboFix.exe
    AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-11-25 to 2012-12-25 )))))))))))))))))))))))))))))))
    .
    .
    2012-12-25 17:34 . 2012-12-25 17:34
    d
    w- c:\users\Yvonne\AppData\Local\temp
    2012-12-25 17:34 . 2012-12-25 17:34
    d
    w- c:\users\UpdatusUser\AppData\Local\temp
    2012-12-25 17:34 . 2012-12-25 17:34
    d
    w- c:\users\Default\AppData\Local\temp
    2012-12-25 17:18 . 2012-12-25 17:34
    d
    w- c:\users\Anthony\AppData\Local\temp
    2012-12-21 14:34 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-21 14:34 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-21 14:34 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-21 14:34 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-19 14:27 . 2012-12-19 14:27
    d
    w- c:\windows\system32\drivers\NSTx64
    2012-12-19 14:27 . 2012-12-19 14:27
    d
    w- c:\program files (x86)\Norton Identity Safe
    2012-12-19 14:27 . 2012-12-19 14:27
    d
    w- c:\program files\Symantec
    2012-12-19 14:27 . 2012-12-19 14:27 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2012-12-19 14:27 . 2012-12-19 14:27
    d
    w- c:\program files\Common Files\Symantec Shared
    2012-12-19 14:27 . 2012-12-19 14:27
    d
    w- c:\windows\system32\drivers\NAVx64
    2012-12-19 14:27 . 2012-12-19 14:27
    d
    w- c:\program files (x86)\Norton AntiVirus
    2012-12-19 14:10 . 2012-12-19 14:27
    d
    w- c:\program files (x86)\NortonInstaller
    2012-12-19 13:54 . 2012-12-19 13:54
    d
    w- c:\program files (x86)\Google
    2012-12-19 13:54 . 2012-10-30 22:50 285328 ----a-w- c:\windows\system32\aswBoot.exe
    2012-12-19 13:53 . 2012-12-19 14:26
    d
    w- c:\programdata\AVAST Software
    2012-12-19 13:53 . 2012-12-19 13:53
    d
    w- c:\program files\AVAST Software
    2012-12-19 13:33 . 2012-12-19 13:33
    d
    w- c:\users\Yvonne\AppData\Local\Adobe
    2012-12-18 21:08 . 2009-01-25 12:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
    2012-12-18 21:08 . 2012-12-18 21:08
    d
    w- c:\program files (x86)\Spybot - Search & Destroy 2
    2012-12-18 17:10 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2695B068-9A74-44AF-96C7-868830476A9A}\mpengine.dll
    2012-12-18 12:54 . 2012-12-18 12:55
    d
    w- C:\Linden Method
    2012-12-17 20:55 . 2012-12-17 20:55
    d
    w- c:\users\Yvonne\AppData\Roaming\Malwarebytes
    2012-12-17 20:54 . 2012-12-17 20:54
    d
    w- c:\users\Anthony\AppData\Roaming\Malwarebytes
    2012-12-17 20:54 . 2012-12-17 20:54
    d
    w- c:\programdata\Malwarebytes
    2012-12-17 20:54 . 2012-12-17 21:58
    d
    w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-12-17 18:21 . 2012-12-17 21:58
    d
    w- c:\program files (x86)\GridinSoft Trojan Killer
    2012-12-12 13:03 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-12-04 14:48 . 2012-12-09 08:13
    d
    w- c:\users\Yvonne\AppData\Local\CrashDumps
    2012-12-02 22:53 . 2012-12-02 22:53
    d
    w- c:\users\Anthony\AppData\Roaming\DivX
    2012-12-02 22:52 . 2012-12-02 22:58
    d
    w- c:\program files\DivX
    2012-12-02 22:52 . 2012-12-02 22:58
    d
    w- c:\program files (x86)\DivX
    2012-12-02 22:52 . 2012-12-02 22:58
    d
    w- c:\programdata\DivX
    2012-12-02 22:52 . 2012-12-02 22:52
    d
    w- c:\users\Anthony\AppData\Roaming\OpenCandy
    2012-12-02 22:51 . 2012-12-02 22:53
    d
    w- c:\users\Anthony\AppData\Roaming\DVDVideoSoft
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-12-11 22:07 . 2012-11-20 21:03 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-12-11 22:07 . 2012-05-07 17:58 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-24 12:48 . 2012-10-24 12:48 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2012-10-24 12:48 . 2012-10-24 12:48 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2012-10-24 12:48 . 2012-10-24 12:48 89088 ----a-w- c:\windows\system32\ie4uinit.exe
    2012-10-24 12:48 . 2012-10-24 12:48 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2012-10-24 12:48 . 2012-10-24 12:48 85504 ----a-w- c:\windows\system32\iesetup.dll
    2012-10-24 12:48 . 2012-10-24 12:48 82432 ----a-w- c:\windows\system32\icardie.dll
    2012-10-24 12:48 . 2012-10-24 12:48 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2012-10-24 12:48 . 2012-10-24 12:48 76800 ----a-w- c:\windows\system32\tdc.ocx
    2012-10-24 12:48 . 2012-10-24 12:48 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2012-10-24 12:48 . 2012-10-24 12:48 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2012-10-24 12:48 . 2012-10-24 12:48 65024 ----a-w- c:\windows\system32\pngfilt.dll
    2012-10-24 12:48 . 2012-10-24 12:48 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2012-10-24 12:48 . 2012-10-24 12:48 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
    2012-10-24 12:48 . 2012-10-24 12:48 534528 ----a-w- c:\windows\system32\ieapfltr.dll
    2012-10-24 12:48 . 2012-10-24 12:48 49664 ----a-w- c:\windows\system32\imgutil.dll
    2012-10-24 12:48 . 2012-10-24 12:48 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2012-10-24 12:48 . 2012-10-24 12:48 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2012-10-24 12:48 . 2012-10-24 12:48 452608 ----a-w- c:\windows\system32\dxtmsft.dll
    2012-10-24 12:48 . 2012-10-24 12:48 448512 ----a-w- c:\windows\system32\html.iec
    2012-10-24 12:48 . 2012-10-24 12:48 403248 ----a-w- c:\windows\system32\iedkcs32.dll
    2012-10-24 12:48 . 2012-10-24 12:48 39936 ----a-w- c:\windows\system32\iernonce.dll
    2012-10-24 12:48 . 2012-10-24 12:48 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
    2012-10-24 12:48 . 2012-10-24 12:48 367104 ----a-w- c:\windows\SysWow64\html.iec
    2012-10-24 12:48 . 2012-10-24 12:48 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2012-10-24 12:48 . 2012-10-24 12:48 282112 ----a-w- c:\windows\system32\dxtrans.dll
    2012-10-24 12:48 . 2012-10-24 12:48 267776 ----a-w- c:\windows\system32\ieaksie.dll
    2012-10-24 12:48 . 2012-10-24 12:48 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2012-10-24 12:48 . 2012-10-24 12:48 222208 ----a-w- c:\windows\system32\msls31.dll
    2012-10-24 12:48 . 2012-10-24 12:48 197120 ----a-w- c:\windows\system32\msrating.dll
    2012-10-24 12:48 . 2012-10-24 12:48 163840 ----a-w- c:\windows\system32\ieakui.dll
    2012-10-24 12:48 . 2012-10-24 12:48 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2012-10-24 12:48 . 2012-10-24 12:48 160256 ----a-w- c:\windows\system32\ieakeng.dll
    2012-10-24 12:48 . 2012-10-24 12:48 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2012-10-24 12:48 . 2012-10-24 12:48 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2012-10-24 12:48 . 2012-10-24 12:48 149504 ----a-w- c:\windows\system32\occache.dll
    2012-10-24 12:48 . 2012-10-24 12:48 145920 ----a-w- c:\windows\system32\iepeers.dll
    2012-10-24 12:48 . 2012-10-24 12:48 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2012-10-24 12:48 . 2012-10-24 12:48 12288 ----a-w- c:\windows\system32\mshta.exe
    2012-10-24 12:48 . 2012-10-24 12:48 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2012-10-24 12:48 . 2012-10-24 12:48 114176 ----a-w- c:\windows\system32\admparse.dll
    2012-10-24 12:48 . 2012-10-24 12:48 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2012-10-24 12:48 . 2012-10-24 12:48 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2012-10-24 12:48 . 2012-10-24 12:48 10752 ----a-w- c:\windows\system32\msfeedssync.exe
    2012-10-24 12:48 . 2012-10-24 12:48 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2012-10-24 12:48 . 2012-10-24 12:48 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2012-10-24 12:48 . 2012-10-24 12:48 249344 ----a-w- c:\windows\system32\webcheck.dll
    2012-10-24 12:48 . 2012-10-24 12:48 165888 ----a-w- c:\windows\system32\iexpress.exe
    2012-10-24 12:48 . 2012-10-24 12:48 160256 ----a-w- c:\windows\system32\wextract.exe
    2012-10-24 12:48 . 2012-10-24 12:48 103936 ----a-w- c:\windows\system32\inseng.dll
    2012-10-16 08:38 . 2012-11-27 19:41 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38 . 2012-11-27 19:41 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39 . 2012-11-27 19:41 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
    2012-10-09 18:17 . 2012-11-16 02:03 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
    2012-10-09 18:17 . 2012-11-16 02:03 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
    2012-10-09 17:40 . 2012-11-16 02:03 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
    2012-10-09 17:40 . 2012-11-16 02:03 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
    2012-10-04 16:40 . 2012-12-12 13:03 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-10-03 17:56 . 2012-11-16 02:00 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-10-03 17:44 . 2012-11-16 02:00 303104 ----a-w- c:\windows\system32\nlasvc.dll
    2012-10-03 17:44 . 2012-11-16 02:00 70656 ----a-w- c:\windows\system32\nlaapi.dll
    2012-10-03 17:44 . 2012-11-16 02:00 246272 ----a-w- c:\windows\system32\netcorehc.dll
    2012-10-03 17:44 . 2012-11-16 02:00 18944 ----a-w- c:\windows\system32\netevent.dll
    2012-10-03 17:44 . 2012-11-16 02:00 216576 ----a-w- c:\windows\system32\ncsi.dll
    2012-10-03 17:42 . 2012-11-16 02:00 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
    2012-10-03 16:42 . 2012-11-16 02:00 18944 ----a-w- c:\windows\SysWow64\netevent.dll
    2012-10-03 16:42 . 2012-11-16 02:00 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
    2012-10-03 16:42 . 2012-11-16 02:00 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
    2012-10-03 16:07 . 2012-11-16 02:00 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
    2012-09-27 18:07 . 2012-10-10 09:36 160992 ----a-w- c:\windows\system32\drivers\idmwfp.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{AB4C7833-A6EC-433f-B9FE-6B14B1A2F836}]
    2012-10-18 17:57 498584 ----a-r- c:\program files (x86)\Norton Identity Safe\Engine\2013.2.0.18\CoIEPlg.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{A13C2648-91D4-4bf3-BC6D-0079707C4389}"= "c:\program files (x86)\Norton Identity Safe\Engine\2013.2.0.18\coIEPlg.dll" [2012-10-18 498584]
    .
    [HKEY_CLASSES_ROOT\clsid\{a13c2648-91d4-4bf3-bc6d-0079707c4389}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-10-24 3536320]
    "Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
    "Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
    "RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
    "PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472]
    "BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2011-08-12 75048]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
    "WD Drive Unlocker"="c:\program files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe" [2012-09-06 1688008]
    "WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2012-09-19 5236664]
    "SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=&quot;"
    .
    R2 CLKMSVC10_9EC60124;CyberLink Product - 2012/05/07 13:39;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2011-08-11 248304]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-10-19 195072]
    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
    R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200]
    R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-01 340240]
    R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [2010-12-12 121960]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-24 1255736]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
    R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
    R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-09-22 1692480]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-04-22 25960]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
    S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1402000.013\SYMDS64.SYS [2012-10-04 493216]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1402000.013\SYMEFA64.SYS [2012-10-04 1133216]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-11-29 1384608]
    S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1402000.013\ccSetx64.sys [2012-10-04 168096]
    S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DD02000.012\ccSetx64.sys [2012-10-04 168096]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\IPSDefs\20121221.001\IDSvia64.sys [2012-12-18 513184]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1402000.013\Ironx64.SYS [2012-09-07 224416]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NAVx64\1402000.013\SYMNETS.SYS [2012-09-07 432800]
    S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]
    S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440]
    S2 IBUpdaterService;Updater Service;c:\programdata\IBUpdaterService\ibsvc.exe [2012-10-31 604928]
    S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-09-27 160992]
    S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe [2012-10-11 143928]
    S2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe [2012-10-11 143928]
    S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
    S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
    S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
    S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-22 378472]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
    S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2012-09-19 1157056]
    S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2012-09-06 248248]
    S2 WDRulesService;WD Rules;c:\program files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [2012-09-19 1177536]
    S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760]
    S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-10-19 195072]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-12-19 138912]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-16 317440]
    S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-05-17 25496]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
    S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [2010-07-13 29288]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    *Deregistered* - CLKMDRV10_9EC60124
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-12-23 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-20 22:07]
    .
    2012-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-19 13:54]
    .
    2012-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-19 13:54]
    .
    .
    X64 Entries
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
    @=&quot;{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
    2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-05 167704]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-05 392472]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-05 416024]
    "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
    "IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-11-01 1935120]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
    .
    Supplementary Scan
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.ie/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
    IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
    TCP: DhcpNameServer = 89.101.160.4 89.101.160.5
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Notify-SDWinLogon - SDWinLogon.dll
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]
    "ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\20.2.0.19\diMaster.dll\" /prefetch:1"
    --
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NCO]
    "ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2013.2.0.18\diMaster.dll\" /prefetch:1"
    .
    LOCKED REGISTRY KEYS
    .
    [HKEY_USERS\S-1-5-21-194967594-728612183-2698474476-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):c9,22,99,7a,81,7f,03,f5,08,a1,66,29,d5,2e,64,f9,3d,42,3c,5f,d2,
    3b,4c,88,04,86,dd,11,36,7c,6f,0f,42,25,e0,c4,97,13,0c,65,00,00,00,00,00,00,\
    .
    [HKEY_USERS\S-1-5-21-194967594-728612183-2698474476-1001_Classes\Wow6432Node\CLSID\{9d24b389-ef5d-4f44-9a0a-2cdd69e496c5}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:00000160
    "Therad"=dword:00000001
    "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
    1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @=&quot;FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @=&quot;c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @=&quot;{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @=&quot;IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @=&quot;{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @=&quot;{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @=&quot;FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @=&quot;c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @=&quot;{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @=&quot;Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @=&quot;c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @=&quot;0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @=&quot;ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @=&quot;c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @=&quot;{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @=&quot;1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @=&quot;ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @=&quot;Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @=&quot;c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @=&quot;FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @=&quot;c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @=&quot;{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @=&quot;1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @=&quot;FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @=&quot;IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @=&quot;{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @=&quot;{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-12-25 17:35:59
    ComboFix-quarantined-files.txt 2012-12-25 17:35
    .
    Pre-Run: 547,697,901,568 bytes free
    Post-Run: 547,633,451,008 bytes free
    .
    - - End Of File - - 4BCC39DB9A683C8CD6EE926623C9DEDF


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    not much showing there, can you download and run tdsskiller and awsmbr and post their logs

    http://www.bleepingcomputer.com/download/tdsskiller/
    http://www.bleepingcomputer.com/download/aswmbr/


  • Registered Users, Registered Users 2 Posts: 3,193 ✭✭✭Eircom_Sucks


    ASJ112 wrote: »
    not much showing there, can you download and run tdsskiller and awsmbr and post their logs

    http://www.bleepingcomputer.com/download/tdsskiller/ this came up with no log ??? but it said no threats found


    http://www.bleepingcomputer.com/download/aswmbr/[/QUOTE]


    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2012-12-26 22:44:26
    22:44:26.338 OS Version: Windows x64 6.1.7601 Service Pack 1
    22:44:26.338 Number of processors: 8 586 0x2A07
    22:44:26.338 ComputerName: ANTHONY-PC UserName: Anthony
    22:44:38.025 Initialize success
    22:46:14.367 AVAST engine defs: 12122601
    22:46:59.368 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    22:46:59.373 Disk 0 Vendor: ST975042 0002 Size: 715404MB BusType: 3
    22:46:59.403 Disk 0 MBR read successfully
    22:46:59.408 Disk 0 MBR scan
    22:46:59.418 Disk 0 Windows VISTA default MBR code
    22:46:59.428 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63
    22:46:59.443 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 20000 MB offset 208896
    22:46:59.468 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 695301 MB offset 41168896
    22:46:59.498 Disk 0 scanning C:\Windows\system32\drivers
    22:47:11.794 Service scanning
    22:47:36.987 Modules scanning
    22:47:37.007 Disk 0 trace - called modules:
    22:47:37.017 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll
    22:47:37.022 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80095c9790]
    22:47:37.027 3 CLASSPNP.SYS[fffff88001dbc43f] -> nt!IofCallDriver -> [0xfffffa80094db8d0]
    22:47:37.032 5 stdcfltn.sys[fffff88001d01c52] -> nt!IofCallDriver -> [0xfffffa8006ce5040]
    22:47:37.037 7 ACPI.sys[fffff88000f2c7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007b27050]
    22:47:38.617 AVAST engine scan C:\Windows
    22:47:41.898 AVAST engine scan C:\Windows\system32
    22:50:23.432 AVAST engine scan C:\Windows\system32\drivers
    22:50:49.421 AVAST engine scan C:\Users\Anthony
    22:51:15.304 Disk 0 MBR has been saved successfully to "C:\Users\Anthony\Desktop\MBR.dat"
    22:51:15.309 The log file has been saved successfully to "C:\Users\Anthony\Desktop\aswMBR.txt"


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    hows it running now


  • Registered Users, Registered Users 2 Posts: 3,193 ✭✭✭Eircom_Sucks


    ASJ112 wrote: »
    hows it running now

    Seems fine now

    Did you see anything that indicates it's still there ?


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    no your logs are all clear. If you are having no issues then we are all done.


  • Registered Users, Registered Users 2 Posts: 221 ✭✭pitkan


    Just as a footnote, I had the garda virus months ago and went into safe mode and used MBAM portable from a USB stick and in one scan removed the virus. I am on XP service pack 3 if that makes a difference.
    It's handy having the portable versions of what you use as they save space on your HD.


  • Registered Users, Registered Users 2 Posts: 3,193 ✭✭✭Eircom_Sucks


    ASJ112 wrote: »
    no your logs are all clear. If you are having no issues then we are all done.

    Thank you so very much , much appreciated


  • Advertisement
Advertisement