Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AxBb4Z6hIO1.exe Unremoveable


  • This topic is locked This topic is locked
16 replies to this topic

#1 NiallH

NiallH

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:27 AM

Posted 16 August 2010 - 02:55 PM

AxBb4Z6hIO1.exe is a process that keeps running whenever I log on with a user on my computer. I am running Win 7 64 bit.
I've noticed an inability to use the net when this is running. I can't even ping. When I kill that process it I can ping away. I have Microsoft security Essentials and it is up to date. I've run a full scan and it didn't show anything up.
I've deleted the file from the two locations listed in the hijackthis log but it just comes back on reboot. Anyone heard of it this? Or is it just some corrupt process?

Thanks in advance smile.gif

Edit: According to a post I found on msfn.org this thing is called MSIL/Arcdoor.A. I'm confused as to why security essentials isn't picking it up?

Attached Files


Edited by NiallH, 16 August 2010 - 03:23 PM.


BC AdBot (Login to Remove)

 


#2 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:04:27 AM

Posted 23 August 2010 - 07:54 PM

Hi NiallH,

Welcome to Bleeping Computer!

My name is mpascal, and I will be helping you fix your problem.

Before we begin, I would like give a few guidelines so that we can fix your problem as quickly and efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.
  • Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.
  • If you are unsure of how to reply, or need help with anything regarding the website, please look here.

STEP 1 - Preparation Guide

Please follow the instructions in the Preparation Guide until you have reached step 6. You may stop once you have finished step 6 and continue with the instructions here.

STEP 2 - MBAM

Note: In the event that you already have MBAM installed, you do not need to reinstall it. Simply Updating it and doing a Quickscan is sufficient.

Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 3 - GMER

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

STEP 4 - OTL

Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • In the Custom Scans box, copy and paste the following:
    CODE
    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of the files, and post it with your next reply.
STEP 5 - Reply

Please reply with the following logs:
  • MBAM Log
  • GMER Log
  • OTL Log

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#3 NiallH

NiallH
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:27 AM

Posted 25 August 2010 - 06:28 AM

Thank's for the reply, here are the logs:

---X--- MBAM Log ---X---

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4475

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

8/25/2010 12:00:11 PM
mbam-log-2010-08-25 (12-00-11).txt

Scan type: Quick scan
Objects scanned: 158280
Time elapsed: 15 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{83313942-b21e-454e-b5ae-d01992a63ad5} (Backdoor.SpyNet) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Windows\System32\memman.vxd (Rogue.sysCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\audio hd driver (Backdoor.SpyNet) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\audio hd driver (Backdoor.SpyNet) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\$Recycle.Bin\S-1-5-21-251985211-2031373186-2301387326-1003\$RXIPBK0.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-251985211-2031373186-2301387326-1003\$RGC16NK\tRUE's.Crack.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-251985211-2031373186-2301387326-1003\$RVLYF26\keygen.exe (Trojan.Banker) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-251985211-2031373186-2301387326-1003\$RVLYF26\Setup.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\System32\memman.vxd (Rogue.sysCleaner) -> Quarantined and deleted successfully.
C:\Users\Niall Acer Laptop\AppData\Roaming\AxBb4Z6hIO1.exe (Backdoor.SpyNet) -> Quarantined and deleted successfully.
C:\Users\Niall (Backdoor.SpyNet) -> Quarantined and deleted successfully.

---X--- GMER ---X---

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-25 12:16:36
Windows 6.1.7600
Running: fxxy4myp.exe


---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A686F79F-6F4E-CC60-EC32-D20041AE7700}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D5F44A6D-119D-0A30-013D-A49704B764CE}

---- EOF - GMER 1.0.15 ----

---X--- OTL ---X---

OTL logfile created on: 8/25/2010 12:18:34 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Niall Acer Laptop\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.93 Gb Total Space | 38.72 Gb Free Space | 25.83% Space Free | Partition Type: NTFS
Drive D: | 123.65 Gb Total Space | 71.07 Gb Free Space | 57.48% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NIALLACERLAPTOP
Current User Name: Niall Acer Laptop
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Niall Acer Laptop\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Users\Niall Acer Laptop\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
PRC - C:\Program Files (x86)\SRWare Iron\iron.exe (SRWare)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\xampp\xampp\mysql\bin\mysqld.exe (MySQL AB)
PRC - C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
PRC - C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
PRC - C:\Program Files (x86)\DesktopEarth\DesktopEarth.exe (CodeFromThe70s.org)


========== Modules (SafeList) ==========

MOD - C:\Users\Niall Acer Laptop\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (VMware NAT Service) -- C:\Windows\SysNative\vmnat.exe File not found
SRV:64bit: - (VMnetDHCP) -- C:\Windows\SysNative\vmnetdhcp.exe File not found
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (AppleTimeSrv) -- C:\Windows\SysNative\AppleTimeSrv.exe (Apple Inc.)
SRV:64bit: - (AppleOSSMgr) -- C:\Windows\SysNative\AppleOSSMgr.exe ()
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV:64bit: - (MSSQLServerADHelper100) -- c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE (Microsoft Corporation)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (WAS) -- C:\Windows\SysNative\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV:64bit: - (W3SVC) -- C:\Windows\SysNative\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AppHostSvc) -- C:\Windows\SysNative\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV:64bit: - (MSSQL$SQLEXPRESS) -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV:64bit: - (SQLAgent$SQLEXPRESS) -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (MySQL) -- C:\xampp\xampp\mysql\bin\mysqld.exe (MySQL AB)
SRV - (FileZilla Server) -- C:\xampp\xampp\FileZillaFTP\FileZilla server.exe (FileZilla Project)
SRV - (Mercury) -- C:\xampp\xampp\xampp_service_mercury.exe (Apache Friends)
SRV - (Apache2.2) -- C:\xampp\xampp\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe (VMware, Inc.)
SRV - (cvhsvc) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (NMSAccess) -- C:\Program Files (x86)\Blaze Media Pro\NMSAccess32.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (jumi) -- C:\Windows\SysNative\drivers\jumi.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (cpuz133) -- C:\Windows\SysNative\drivers\cpuz133_x64.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (MacHALDriver) -- C:\Windows\SysNative\drivers\MacHALDriver.sys (Apple Inc.)
DRV:64bit: - (KeyAgent) -- C:\Windows\SysNative\drivers\KeyAgent.sys (Apple Inc.)
DRV:64bit: - (vmm) -- C:\Windows\SysNative\drivers\VMM.sys (Microsoft Corporation)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwusbfake) -- C:\Windows\SysNative\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (netw5v64) Intel® -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RsFx0103) -- C:\Windows\SysNative\drivers\RsFx0103.sys (Microsoft Corporation)
DRV:64bit: - (PCWinSoft) -- C:\Windows\SysNative\drivers\scrcamhrdrv_x64.sys (Windows ® Server 2003 DDK provider)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV - (VSPerfDrv100) -- D:\WPSDK\Team Tools\Performance Tools\x64\VSPerfDrv100.sys (Microsoft Corporation)
DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys (VMware, Inc.)
DRV - (sftplay) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\sftplaylh.sys (Microsoft Corporation)
DRV - (sftvol) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\SftVollh.sys (Microsoft Corporation)
DRV - (sftfs) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\SftFSlh.sys (Microsoft Corporation)
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (zlportio) -- C:\Program Files (x86)\UltraStar\zlportio.sys (SpecoSoft)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=15446&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ie.msn.com/iat/us_ie.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 4B 59 AF 11 DB CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8

FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/08/07 19:00:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/08/07 19:14:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/05 21:39:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/24 12:41:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/08/07 19:00:53 | 000,000,000 | ---D | M]

[2010/02/04 11:16:17 | 000,000,000 | ---D | M] -- C:\Users\Niall Acer Laptop\AppData\Roaming\Mozilla\Extensions
[2010/04/22 15:29:16 | 000,000,000 | ---D | M] -- C:\Users\Niall Acer Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\g6s52okm.default\extensions
[2010/02/04 11:16:56 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Niall Acer Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\g6s52okm.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/06/06 16:05:16 | 000,000,000 | ---D | M] -- C:\Users\Niall Acer Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\g6s52okm.default\extensions\toolbar@ask.com
[2010/08/25 11:51:31 | 000,000,000 | ---D | M] -- C:\Users\Niall Acer Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\wji7vpo7.c\extensions
[2010/07/26 21:44:38 | 000,000,000 | ---D | M] (FetchMP3 Video to Audio Converter) -- C:\Users\Niall Acer Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\wji7vpo7.c\extensions\{1d8e98fb-53c3-47a8-9fb9-1b51bbf3890d}
[2010/03/30 17:59:05 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Niall Acer Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\wji7vpo7.c\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/05/29 11:48:24 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Niall Acer Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\wji7vpo7.c\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/08/04 18:58:00 | 000,000,000 | ---D | M] -- C:\Users\Niall Acer Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\wji7vpo7.c\extensions\ietab@ip.cn
[2010/08/23 10:53:09 | 000,000,000 | ---D | M] -- C:\Users\Niall Acer Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\wji7vpo7.c\extensions\webmaster@keep-tube.com
[2010/07/26 21:37:41 | 000,000,000 | ---D | M] -- C:\Users\Niall Acer Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\wji7vpo7.c\extensions\youtube2mp3@mondayx.de
[2010/05/26 15:18:50 | 000,002,333 | ---- | M] () -- C:\Users\Niall Acer Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\g6s52okm.default\searchplugins\askcom.xml
[2010/02/10 13:50:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/01/16 01:55:13 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/16 01:55:13 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/16 01:55:13 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/16 01:55:13 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/02/03 13:54:15 | 000,001,300 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - D:\WPSDK\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MysticThumbs] C:\Program Files\MysticCoder\MysticThumbs\MysticThumbsTray.exe (MysticCoder)
O4 - Startup: C:\Users\Niall Acer Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopEarth AutoStart.lnk = C:\Users\Niall Acer Laptop\AppData\Roaming\Microsoft\Installer\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}\_C1A9BF9D98647632ED5172.exe ()
O4 - Startup: C:\Users\Niall Acer Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Niall Acer Laptop\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Users\Niall Acer Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/sit...b?1281205115739 (MUCatalogWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} http://192.168.0.101/DvrOcx.cab (DvrOcx Control)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.101.160.4 89.101.160.5
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Users\Admin\AppData\Roaming\AxBb4Z6hIO1.exe) - C:\Users\Admin\AppData\Roaming\AxBb4Z6hIO1.exe File not found
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/03/20 16:42:25 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{78a108d7-1104-11df-bccb-001f16a903a2}\Shell - "" = AutoRun
O33 - MountPoints2\{78a108d7-1104-11df-bccb-001f16a903a2}\Shell\AutoRun\command - "" = Autoplay.exe -auto
O33 - MountPoints2\{78a108d8-1104-11df-bccb-001f16a903a2}\Shell - "" = AutoRun
O33 - MountPoints2\{78a108d8-1104-11df-bccb-001f16a903a2}\Shell\AutoRun\command - "" = Autoplay.exe -auto
O33 - MountPoints2\{93fe684b-1100-11df-b947-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{93fe684b-1100-11df-b947-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{a9ded779-88dc-11df-a42d-001f16a903a2}\Shell - "" = AutoRun
O33 - MountPoints2\{a9ded779-88dc-11df-a42d-001f16a903a2}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{a9ded782-88dc-11df-a42d-001f16a903a2}\Shell - "" = AutoRun
O33 - MountPoints2\{a9ded782-88dc-11df-a42d-001f16a903a2}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/08/25 11:40:11 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\AppData\Roaming\Malwarebytes
[2010/08/25 11:40:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/08/25 11:39:59 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/08/25 11:39:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/08/25 11:39:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/24 21:40:05 | 000,000,000 | ---D | C] -- C:\ProgramData\OEM
[2010/08/24 21:39:49 | 000,000,000 | ---D | C] -- C:\Program Files\Acer
[2010/08/24 14:18:01 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\Desktop\BIOS(Special)_Acer_2.35_Windows_Aspire 4810T
[2010/08/24 13:06:43 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2010/08/24 13:06:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software
[2010/08/23 17:35:21 | 000,159,208 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdm.sys
[2010/08/23 17:35:21 | 000,125,416 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadbus.sys
[2010/08/23 17:35:21 | 000,016,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdfl.sys
[2010/08/23 17:35:21 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwhnt.sys
[2010/08/23 17:35:21 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcmnt.sys
[2010/08/23 10:58:28 | 000,000,000 | ---D | C] -- C:\videooutput
[2010/08/23 10:58:21 | 000,139,264 | ---- | C] (http://www.xvid.org) -- C:\Windows\SysWow64\xvid.ax
[2010/08/23 10:58:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smallvideosoft
[2010/08/18 21:11:26 | 000,000,000 | ---D | C] -- C:\dell
[2010/08/14 17:26:46 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/08/14 13:58:23 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\AppData\Roaming\SoftGrid Client
[2010/08/14 13:31:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2010/08/13 17:33:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VB Decompiler Lite
[2010/08/12 12:35:42 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\AppData\Roaming\MusicBrainz
[2010/08/12 12:35:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MusicBrainz Picard
[2010/08/12 09:59:48 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/12 09:59:47 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010/08/12 09:59:47 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010/08/12 09:59:34 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/08/12 09:59:34 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/08/12 09:59:32 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/08/12 09:59:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/08/12 09:59:31 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/08/12 09:59:31 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/08/12 09:59:25 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010/08/12 09:59:25 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010/08/12 09:59:24 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/08/11 23:08:11 | 000,080,944 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmci.sys
[2010/08/11 23:08:07 | 000,068,656 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys
[2010/08/11 23:06:23 | 000,055,344 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetinst.dll
[2010/08/11 23:06:22 | 000,020,016 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetadapter.sys
[2010/08/11 23:06:14 | 000,334,384 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe
[2010/08/11 23:06:09 | 000,395,824 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe
[2010/08/11 23:06:09 | 000,030,256 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys
[2010/08/11 23:06:04 | 000,056,880 | R--- | C] (VMware, Inc.) -- C:\Windows\SysNative\vmnetbridge.dll
[2010/08/11 23:06:04 | 000,045,104 | R--- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetbridge.sys
[2010/08/11 23:06:04 | 000,024,112 | R--- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnet.sys
[2010/08/11 23:05:55 | 000,958,000 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll
[2010/08/11 23:03:34 | 000,029,744 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\VMkbd.sys
[2010/08/11 23:03:28 | 000,038,960 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys
[2010/08/11 22:58:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware
[2010/08/11 22:54:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VMware
[2010/08/11 17:56:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2010/08/11 17:56:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2010/08/11 16:00:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vidalia Bundle
[2010/08/11 14:24:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010/08/07 19:15:10 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\AppData\Roaming\Nokia
[2010/08/07 19:14:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PCSuite
[2010/08/07 19:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations
[2010/08/07 19:04:48 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\AppData\Local\NokiaAccount
[2010/08/07 19:04:48 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\AppData\Local\Nokia
[2010/08/07 19:04:47 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\AppData\Roaming\PC Suite
[2010/08/07 19:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2010/08/07 19:01:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nokia
[2010/08/07 19:00:45 | 000,025,600 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys
[2010/08/07 19:00:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[2010/08/07 18:59:48 | 000,069,120 | ---- | C] (Nokia) -- C:\Windows\SysNative\nmwcdclsx64.dll
[2010/08/07 18:57:58 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache
[2010/08/07 18:57:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nokia
[2010/08/07 15:21:05 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\.android
[2010/08/07 12:26:14 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\Desktop\J Mam SD Card
[2010/08/07 09:53:24 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\Desktop\WeddingSite
[2010/08/06 19:00:11 | 001,917,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01005.dll
[2010/08/06 19:00:11 | 001,917,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfCoInstaller01005.dll
[2010/08/06 19:00:11 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwh.sys
[2010/08/06 19:00:10 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcm.sys
[2010/08/06 18:56:39 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2010/08/06 18:55:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2010/08/06 17:25:42 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\AppData\Local\Downloaded Installations
[2010/08/06 16:19:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2010/08/06 16:18:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Samsung
[2010/08/06 16:06:38 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\Desktop\Galaxy S
[2010/08/03 12:22:04 | 000,000,000 | ---D | C] -- C:\DVR
[2010/08/01 13:10:50 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/07/28 18:59:02 | 000,000,000 | ---D | C] -- C:\Windows\Fonts\private
[2010/07/26 21:20:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AltBinz
[2010/07/26 17:29:32 | 000,157,712 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/25 12:23:30 | 009,437,184 | -HS- | M] () -- C:\Users\Niall Acer Laptop\ntuser.dat
[2010/08/25 12:08:09 | 000,016,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/25 12:08:09 | 000,016,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/25 12:03:09 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
[2010/08/25 12:03:05 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/25 12:02:49 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/25 12:02:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/25 12:02:32 | 3144,777,728 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/25 12:01:37 | 002,967,351 | -H-- | M] () -- C:\Users\Niall Acer Laptop\AppData\Local\IconCache.db
[2010/08/25 11:53:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/25 11:40:05 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/25 11:34:27 | 000,000,020 | ---- | M] () -- C:\Users\Niall Acer Laptop\defogger_reenable
[2010/08/23 19:03:22 | 001,005,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/23 19:03:22 | 000,825,278 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/23 19:03:22 | 000,181,970 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/22 21:42:03 | 000,002,048 | -H-- | M] () -- C:\Users\Niall Acer Laptop\Documents\Default.rdp
[2010/08/14 11:29:21 | 000,000,186 | ---- | M] () -- C:\Users\Niall Acer Laptop\RmUserCfg.ini
[2010/08/13 17:36:12 | 000,000,073 | ---- | M] () -- C:\Windows\w32demo8.ini
[2010/08/13 05:42:43 | 003,067,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/11 23:03:12 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/08/11 23:03:07 | 001,023,996 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/11 20:18:37 | 000,123,912 | ---- | M] () -- C:\Users\Niall Acer Laptop\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/11 18:37:31 | 000,011,183 | ---- | M] () -- C:\Users\Niall Acer Laptop\Desktop\Work.xlsx
[2010/08/07 16:10:18 | 000,001,042 | ---- | M] () -- C:\Users\Niall Acer Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2010/08/07 11:33:41 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2010/08/06 17:07:29 | 000,002,898 | ---- | M] () -- C:\aqua_bitmap.cpp
[2010/08/03 17:23:59 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010/08/03 17:23:59 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2010/07/29 07:30:34 | 000,082,944 | ---- | M] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/07/29 00:32:27 | 000,011,511 | ---- | M] () -- C:\Users\Public\Documents\System Compare.xlsx
[2010/07/29 00:07:04 | 000,000,165 | -H-- | M] () -- C:\Users\Public\Documents\~$System Compare.xlsx
[2010/07/26 13:38:35 | 000,000,162 | -H-- | M] () -- C:\Users\Niall Acer Laptop\Desktop\~$Landy.doc
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/25 11:40:05 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/25 11:34:26 | 000,000,020 | ---- | C] () -- C:\Users\Niall Acer Laptop\defogger_reenable
[2010/08/23 10:58:21 | 008,676,883 | ---- | C] () -- C:\Windows\SysWow64\NCMedia2.dll
[2010/08/13 17:36:00 | 000,000,073 | ---- | C] () -- C:\Windows\w32demo8.ini
[2010/08/11 18:37:28 | 000,011,183 | ---- | C] () -- C:\Users\Niall Acer Laptop\Desktop\Work.xlsx
[2010/08/07 16:10:18 | 000,001,042 | ---- | C] () -- C:\Users\Niall Acer Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2010/08/07 11:33:41 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2010/08/06 16:15:50 | 000,002,898 | ---- | C] () -- C:\aqua_bitmap.cpp
[2010/07/29 00:07:04 | 000,000,165 | -H-- | C] () -- C:\Users\Public\Documents\~$System Compare.xlsx
[2010/07/29 00:07:03 | 000,011,511 | ---- | C] () -- C:\Users\Public\Documents\System Compare.xlsx
[2010/07/26 13:38:35 | 000,000,162 | -H-- | C] () -- C:\Users\Niall Acer Laptop\Desktop\~$Landy.doc
[2010/06/20 20:09:55 | 000,000,224 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/06/20 20:09:10 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2010/06/20 20:09:10 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2010/06/20 20:09:10 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2010/03/23 15:21:27 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2010/03/22 22:28:29 | 000,000,192 | ---- | C] () -- C:\Windows\UserSetup.ini
[2010/03/22 22:27:53 | 000,002,627 | ---- | C] () -- C:\Windows\SysWow64\smport.sys
[2010/03/22 03:30:14 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll
[2010/03/03 01:00:00 | 004,555,278 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
[2010/03/03 01:00:00 | 001,449,935 | ---- | C] () -- C:\Windows\SysWow64\ffmpegmt.dll
[2010/03/03 01:00:00 | 000,882,688 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/03/03 01:00:00 | 000,877,385 | ---- | C] () -- C:\Windows\SysWow64\ff_x264.dll
[2010/03/03 01:00:00 | 000,556,491 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll
[2010/03/03 01:00:00 | 000,336,384 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2010/03/03 01:00:00 | 000,324,096 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2010/03/03 01:00:00 | 000,248,320 | ---- | C] () -- C:\Windows\SysWow64\ff_kernelDeint.dll
[2010/03/03 01:00:00 | 000,216,576 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2010/03/03 01:00:00 | 000,169,984 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2010/03/03 01:00:00 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2010/03/03 01:00:00 | 000,145,408 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2010/03/03 01:00:00 | 000,121,856 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2010/03/03 01:00:00 | 000,116,736 | ---- | C] () -- C:\Windows\SysWow64\ff_tremor.dll
[2010/03/03 01:00:00 | 000,100,864 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2010/03/03 01:00:00 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2010/03/03 01:00:00 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/02/08 12:21:07 | 001,023,996 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/02/07 21:06:42 | 000,000,036 | ---- | C] () -- C:\Users\Niall Acer Laptop\AppData\Local\housecall.guid.cache
[2010/02/04 22:37:43 | 000,941,784 | ---- | C] () -- C:\Windows\SysWow64\drivers\CAMTHWDM.sys
[2010/02/03 21:59:12 | 000,000,017 | ---- | C] () -- C:\Users\Niall Acer Laptop\AppData\Local\resmon.resmoncfg
[2010/01/29 16:33:18 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxPLK.dll
[2010/01/28 10:56:16 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxITA.dll
[2010/01/18 14:55:50 | 000,018,944 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxTRK.dll
[2010/01/04 17:51:58 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxESP.dll
[2009/12/23 10:52:16 | 000,018,944 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxDEU.dll
[2009/12/21 14:55:52 | 000,013,824 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxCHT.dll
[2009/12/11 16:26:18 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxCHS.dll
[2009/12/10 17:07:16 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxFRA.dll
[2009/12/10 17:07:16 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxRUS.dll
[2009/12/10 17:07:14 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxPTG.dll
[2009/12/10 17:07:12 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxPTB.dll
[2009/11/23 10:05:52 | 000,782,421 | ---- | C] () -- C:\Windows\SysWow64\RM_DVRNET_DLL.dll
[2009/11/21 09:39:24 | 000,229,442 | ---- | C] () -- C:\Windows\SysWow64\winpubf.dll
[2009/11/21 09:39:24 | 000,196,608 | ---- | C] () -- C:\Windows\SysWow64\nvrfs.dll
[2009/11/21 09:39:24 | 000,074,240 | ---- | C] () -- C:\Windows\SysWow64\CovH264ToAvi.dll
[2009/11/14 19:37:08 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2009/11/14 19:33:38 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2009/11/14 19:11:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2009/11/14 19:11:42 | 000,150,016 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2009/11/14 19:11:42 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2009/11/14 19:11:40 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2009/11/14 19:11:40 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2009/11/14 19:11:38 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2009/11/14 19:11:32 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2009/11/14 19:11:32 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 00:16:42 | 000,056,880 | ---- | C] () -- C:\Windows\SysWow64\scvideo.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/07 17:24:04 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/06/07 12:27:20 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\vbzlib1.dll
[2009/01/10 23:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\mmfinfo.dll
[2008/11/06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2008/10/04 00:07:10 | 003,754,896 | ---- | C] () -- C:\Windows\SysWow64\erdmpg-6.dll
[2008/09/28 18:33:01 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\Manipulate.dll
[2008/08/28 12:20:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\comLyricGetter.dll
[2008/08/28 12:17:22 | 000,097,280 | ---- | C] () -- C:\Windows\SysWow64\Uncommon.dll
[2008/08/28 12:17:20 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\NormalizeDSP.dll
[2007/10/13 10:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
[2006/11/06 20:30:38 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/08/11 23:03:12 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/08/06 17:07:29 | 000,002,898 | ---- | M] () -- C:\aqua_bitmap.cpp
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/07/14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/02/03 21:12:44 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/12/27 12:36:40 | 000,000,018 | ---- | M] () -- C:\Emergency.pid
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010/08/25 12:02:32 | 3144,777,728 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 08:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:44:20 | 000,075,280 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:44:20 | 000,090,128 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:44:20 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:44:20 | 000,094,224 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:44:20 | 000,080,400 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:44:20 | 000,078,864 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:44:20 | 000,074,768 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2009/07/22 14:52:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/26 17:20:20 | 000,001,253 | ---- | M] () -- C:\Jumi.Log
[2010/08/01 12:51:37 | 000,000,440 | ---- | M] () -- C:\Jumi.Log.Run
[2009/07/22 14:52:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/08/25 12:02:32 | 4193,038,336 | -HS- | M] () -- C:\pagefile.sys
[2009/06/20 09:32:16 | 000,015,911 | -HS- | M] () -- C:\Patch.rev
[2010/05/24 12:39:50 | 000,338,230 | RHS- | M] () -- C:\POZTC
[2009/06/24 22:39:13 | 000,000,193 | RHS- | M] () -- C:\Preload.rev
[2009/07/26 18:29:10 | 000,000,080 | ---- | M] () -- C:\recipe.txt
[2010/07/01 19:36:48 | 000,002,128 | ---- | M] () -- C:\RHDSetup.log
[2006/12/06 18:45:40 | 000,173,144 | ---- | M] (Gibson Research Corp.) -- C:\SR.exe
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:50:40 | 001,927,956 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:53:12 | 000,242,176 | ---- | M] () -- C:\VC_RED.MSI
[2010/05/24 12:39:50 | 000,000,020 | RHS- | M] () -- C:\win7.ld
[2 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%\Fonts\*.com >
[2009/07/14 06:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 06:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 06:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 06:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 21:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/04/17 00:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:820563D3
< End of report >
---X--- Extras ---X---


OTL Extras logfile created on: 8/25/2010 12:18:34 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Niall Acer Laptop\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.93 Gb Total Space | 38.72 Gb Free Space | 25.83% Space Free | Partition Type: NTFS
Drive D: | 123.65 Gb Total Space | 71.07 Gb Free Space | 57.48% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NIALLACERLAPTOP
Current User Name: Niall Acer Laptop
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromiumHTML] -- C:\Program Files (x86)\SRWare Iron\iron.exe (SRWare)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UACDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Admin\AppData\Local\Temp\995kDyehZ01L.exe" = C:\Users\Admin\AppData\Local\Temp\995kDyehZ01L.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found
"C:\Users\Admin\AppData\Local\Temp\995kDyehZ01L.exe" = C:\Users\Admin\AppData\Local\Temp\995kDyehZ01L.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{0DA20600-6130-443B-9D4B-F30520315FA6}" = Bonjour Print Services
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
"{20140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 (Beta)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3ACFD241-50FD-39E4-9B34-B4A4850C6965}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{404BB1FF-A84F-432F-B77B-301E88E8D1C7}" = Apple Mobile Device Support
"{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}" = Microsoft SQL Server System CLR Types (x64)
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{5620F67D-C7BE-434B-BBF7-83047FEF84F4}" = DVD or CD Sharing
"{5752C2CD-9AD4-4575-8DBA-9C8FFE2960AF}" = MysticThumbs
"{59996900-0E6C-45B7-8C39-C64CB98462E4}" = Microsoft Web Platform Installer 2.0
"{5D068141-189F-39E2-A052-E40D4B561256}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{88BAE373-00F4-3E33-828F-96E89E5E0CB9}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8FF0ACBD-17A5-3637-95F4-D7C69723E2BF}" = Microsoft Visual Studio 2010 Performance Collection Tools - ENU
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials
"{96D5EB02-DE18-4DCD-A713-929B4461CA8D}" = iTunes
"{9DADBA45-2B06-4F7F-970B-E854ABC8917A}" = WBFS Manager 2.5
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A8E27C2D-C2C8-3A1D-8EBB-D2524A4EF191}" = Windows Phone Emulator x64 - ENU
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B2B7054B-EC2E-4E96-8666-FD6ED77678B2}" = Boot Camp Services
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{C19D4D8F-4433-4F6D-9F0C-79589FD0B973}" = Bonjour
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DA67488A-2689-4F10-B90F-D2F6977509D6}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"01D845C666B4FC04566E16B923F638B2A404807C" = Windows Driver Package - Intel Net (11/07/2007 8.10.1.0)
"0CB233C04CEB3FB45CEDFFEA9146B77B4B783FDA" = Windows Driver Package - Intel Net (06/13/2008 9.52.9.0)
"1864DCF02A292C57953B91D537026F4F1CA60D91" = Windows Driver Package - Intel (e1kexpress) Net (07/22/2008 10.3.45.0)
"269C8F82CDD61B0400CE8D6768EC084C59C63079" = Windows Driver Package - Intel Net (02/06/2008 9.12.18.0)
"294FF9FB7AF744F64B12EC12F83D8661CD9AD532" = Windows Driver Package - Intel (e1express) Net (02/06/2008 9.12.17.0)
"2CD6536AAFFF9B465A871060CF483EC9F3341D29" = Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows Driver Package - Nokia Modem (06/09/2010 4.5)
"3A8900CC8E77F2BF2269FEFF364561BDF86B9F27" = Windows Driver Package - Intel (E1G60) Net (01/08/2008 8.3.9.0)
"5CC5D940D9F4B779FAAF12E7F75A212618ABEB7D" = Windows Driver Package - Intel Net (08/05/2008 10.3.49.0)
"70C7CBB0824BF74552A2F28F5FFBF62A15053DA8" = Windows Driver Package - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0)
"76830D11874044260C923425E7F5A72F25EDA758" = Windows Driver Package - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1)
"7C4C70065E755397913A9698B9D9DF16D7345D18" = Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (01/02/2010 6.6001.1.21)
"831BF8DFEC5520D988361807D534A2041AE4AAB3" = Windows Driver Package - Apple Inc. Apple Keyboard (04/06/2009 3.0.0.0)
"91F52A595A7B2112937CED490A8C682CD03F945E" = Windows Driver Package - Apple Inc. Apple ODD (01/17/2008 2.0.2.2)
"A0A897639A1D288A8B472FE790EBF9DB71E52ACF" = Windows Driver Package - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1)
"AB15AB4CCF6B85925973ED9DB360D8BAAB10690C" = Windows Driver Package - Broadcom (b57nd60a) Net (05/28/2009 12.2.0.3)
"B3F27F12C500003EFE44A668CE685DE4B46A735C" = Windows Driver Package - Apple Inc. Apple Wireless Mouse (11/30/2009 3.0.0.6)
"B5F4B8404EB7E69E8CEC89A0B5970B2316C68AB0" = Windows Driver Package - Apple Inc. Apple Multitouch (09/10/2009 3.0.0.0)
"C6EE9CD0ED6B98A9727DEE7DA213859B639F3FD6" = Windows Driver Package - Apple Inc. Apple Broadcom Bluetooth (11/23/2009 3.1.0.1)
"C840EA8E99FB237CC57769BB041F070E4F370C32" = Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (01/11/2008 3.10.3.9)
"C9952C95B4A2ACCCBC684FC6E8182A3210DEDC13" = Windows Driver Package - Intel (e1qexpress) Net (08/05/2008 10.3.49.0)
"CDD703ED0B390A5643DB748EBFA5BD55FEEC0D8A" = Windows Driver Package - Marvell (yukonx64) Net (12/06/2007 10.51.1.3)
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.54
"CutePDF Writer Installation" = CutePDF Writer 2.8
"D5BB697E7D0C75712F3AD00AB1B85412CB5C0FD3" = Windows Driver Package - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0)
"D6E8EA419C953B3514051D715F98B377B0D6FD70" = Windows Driver Package - Apple Inc. Apple Bluetooth (11/23/2009 3.0.0.4)
"D701F1A58CF3028E88DA512D1423EC3DD6D7BE86" = Windows Driver Package - Intel Net (07/22/2008 10.3.45.0)
"E073A3AB46FE59FEF6E150EFD33F2B484BBBAD2C" = Windows Driver Package - Apple Inc. Apple Multitouch Mouse (09/10/2009 3.0.0.0)
"E0EAD0CEA9119B77350ED4DE28D9A82E57014D94" = Windows Driver Package - Apple Inc. Apple Display (01/23/2009 3.0.0.0)
"E2708073906571A0B56F17FD825EF19281ECE29B" = Windows Driver Package - Intel System (07/20/2007 1.2.76.0)
"E43E2A40D22886250D739AEE91E9C7E9ABDD52DA" = Windows Driver Package - Intel (e1yexpress) Net (07/16/2008 9.52.10.0)
"E5AEAAF07505D71E430CCA10496FAE61597B81A2" = Windows Driver Package - Atheros Communications Inc. (athr) Net (11/18/2009 8.0.0.258)
"E9575EA5D430B59D0CFF29323C74D0FBA1898F3B" = Windows Driver Package - Broadcom (BCM43XX) Net (08/21/2009 5.60.18.8)
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.7)
"F5E7472CCD6B3C1A568AEE4486C4BA0813A7D7AC" = Windows Driver Package - Apple Inc. System (08/22/2008 2.1.1.1)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Essentials" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{01C79EF3-DE84-4B56-B638-8BEA0D507506}" = Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
"{043A279C-57B8-473B-99B4-30562D0822B8}" = Microsoft Silverlight 4 SDK
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{086C9B62-C669-3A4D-9D59-7D31AFAA8139}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{08C84CC6-E7FD-4B2D-BBF9-B02CC90EE031}" = Microsoft XNA Game Studio 4.0 (Shared Components)
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{1373559F-6DC6-44EA-9079-6ABDCCE8CDAD}" = OviMPlatform
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2133CB3F-F891-4081-8681-FEE2B2419FF4}" = Orb Runtime libraries
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{2552401E-DED0-49E6-B5A4-340BB9A3B8E7}" = Microsoft XNA Game Studio Platform Tools
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29F563F4-8807-4496-8463-441EAA0E96AB}" = PC Connectivity Solution
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2D10FC46-1D96-44C4-8855-85F21B9B011E}" = Ovi Desktop Sync Engine
"{2D9FEBEE-F1B7-344F-BFDF-760E18332D96}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3F4EB5FE-B5BE-4069-A5A8-6D9262E1B379}" = Microsoft XNA Game Studio 4.0 Documentation
"{40241BF9-33F0-4158-93F8-C9F68AAAE428}" = YouTube Batch Downloader
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skype™ 4.1
"{5DDF31D2-63BB-4268-895B-FB05A82A1C00}" = Microsoft XNA Game Studio 4.0 Windows Phone Extensions
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68BD57D3-D606-411E-A7E0-3EB6EA5660F6}" = Microsoft XNA Game Studio 4.0 (Redists)
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{73BE04D9-BA0E-4BAF-9C9D-677278BDB3DC}" = Microsoft XNA Game Studio 4.0 (ARP entry)
"{74487955-B85B-4040-A3B6-9EAC0A8AD198}" = AirPort
"{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7C4196CA-CA41-4F34-9C08-7724E7705D52}" = Jasc Animation Shop 3
"{8070452B-15D6-4169-B9B9-FCC3B54588AD}" = Nokia Ovi Suite
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C496FBF-DB4A-468D-A3A1-15E127382218}" = Microsoft XNA Game Studio 4.0 (Visual Studio)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{961034C0-58DF-11DF-97FD-005056806466}" = Google Earth Plug-in
"{9BBD3275-DC27-3115-B783-828FC7B36270}" = Microsoft Visual Studio 2010 Express for Windows Phone CTP - ENU
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A306FD29-7D3A-4287-91AC-9A0180931395}_is1" = Roadkil's Unstoppable Copier Version 4.4
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B86149D3-18A2-41FD-A153-60AF944E47FE}" = Microsoft Windows Phone Developer Resources
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C3A964F5-11F1-39D1-BCDC-A3391D30E4BA}" = Windows Phone 7 Add-in for Visual Studio 2010 - ENU
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron 4.0.280
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}" = Blaze Media Pro
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}" = DesktopEarth
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EF36A836-BF89-4A4F-B079-057B0C68C1E0}" = Sid Meier's Civilization IV Colonization
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Alt.Binz" = Alt.Binz 0.25.0
"Bulk Image Downloader_is1" = Bulk Image Downloader v1.39.0.6
"CamStudio" = CamStudio
"CCleaner" = CCleaner
"CodInstl" = Intel A/V Codecs V2.0
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CopyTrans Suite" = CopyTrans Suite Remove Only
"DC++" = DC++ 0.762
"DVD Shrink_is1" = DVD Shrink 3.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow" = ffdshow (remove only)
"FileZilla Client" = FileZilla Client 3.3.2.1
"Freez FLV to AVI/MPEG/WMV Converter v1.6_is1" = Freez FLV to AVI/MPEG/WMV Converter
"iDriveRepair User Client_is1" = iDriveRepair User Client 4.2
"ImgBurn" = ImgBurn
"JDownloader" = JDownloader
"LookInMyPC" = LookInMyPC
"Magic ISO Maker v5.5 (build 0265)" = Magic ISO Maker v5.5 (build 0265)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Visual Studio 2010 Express for Windows Phone CTP - ENU" = Microsoft Windows Phone Developer Tools CTP - ENU
"Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MultipleIEs_is1" = MultipleIEs
"MusicBrainz Picard" = MusicBrainz Picard
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"Notepad++" = Notepad++
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010 (Beta)
"Orb" = Orb
"Polipo" = Polipo 1.0.4.1
"Prism" = Prism Video File Converter
"Punch! Home Design - Platinum" = Punch! Home Design - Platinum
"QuickPar" = QuickPar 0.9
"RAR Repair Tool_is1" = RAR Repair Tool v.3.1
"Recover My Files_is1" = Recover My Files
"SmartDraw VP" = SmartDraw VP
"SopCast" = SopCast 3.2.4
"Stellar Phoenix Password Recovery_is1" = Stellar Phoenix Password Recovery v1.0
"Tor" = Tor 0.2.1.26
"TURBOFloorPlan3D Home & Landscape PRO 15" = TURBOFloorPlan3D Home & Landscape PRO 15
"UBCD4Win_is1" = UBCD4Win 3.50
"UltraStar" = UltraStar 0.7.1
"uTorrent" = µTorrent
"VB Decompiler Lite_is1" = VB Decompiler Lite
"Veetle TV" = Veetle TV 0.9.17
"Vidalia" = Vidalia 0.2.9
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VideoLAN VLC media player 0.8.6
"VMware_Workstation" = VMware Workstation
"WebcamMax" = WebcamMax
"Windows 7 - Codec Pack" = Windows 7 Codec Pack 2.5.0
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"XNA Game Studio 4.0" = Microsoft XNA Game Studio 4.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/25/2010 5:24:01 AM | Computer Name = NiallAcerLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/25/2010 5:24:01 AM | Computer Name = NiallAcerLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6287

Error - 8/25/2010 5:24:01 AM | Computer Name = NiallAcerLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6287

Error - 8/25/2010 5:24:03 AM | Computer Name = NiallAcerLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/25/2010 5:24:03 AM | Computer Name = NiallAcerLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7598

Error - 8/25/2010 5:24:03 AM | Computer Name = NiallAcerLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7598

Error - 8/25/2010 5:24:04 AM | Computer Name = NiallAcerLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/25/2010 5:24:04 AM | Computer Name = NiallAcerLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8612

Error - 8/25/2010 5:24:04 AM | Computer Name = NiallAcerLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8612

Error - 8/25/2010 6:03:59 AM | Computer Name = NiallAcerLaptop | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

[ Media Center Events ]
Error - 3/2/2010 10:27:21 AM | Computer Name = NiallAcerLaptop | Source = MCUpdate | ID = 0
Description = 2:27:21 PM - Error connecting to the internet. 2:27:21 PM - Unable
to contact server..

Error - 3/2/2010 10:27:36 AM | Computer Name = NiallAcerLaptop | Source = MCUpdate | ID = 0
Description = 2:27:26 PM - Error connecting to the internet. 2:27:26 PM - Unable
to contact server..

Error - 3/27/2010 6:39:37 AM | Computer Name = NiallAcerLaptop | Source = MCUpdate | ID = 0
Description = 10:39:37 AM - Error connecting to the internet. 10:39:37 AM - Unable
to contact server..

Error - 3/27/2010 6:39:54 AM | Computer Name = NiallAcerLaptop | Source = MCUpdate | ID = 0
Description = 10:39:42 AM - Error connecting to the internet. 10:39:42 AM - Unable
to contact server..

[ System Events ]
Error - 8/24/2010 6:09:00 AM | Computer Name = NiallAcerLaptop | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:07:10 AM on ?8/?24/?2010 was unexpected.

Error - 8/24/2010 6:09:18 AM | Computer Name = NiallAcerLaptop | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Encrypted volume check: Volume information on \\?\Volume{93fe6846-1100-11df-b947-806e6f6e6963}
cannot be read.

Error - 8/24/2010 6:57:15 AM | Computer Name = NiallAcerLaptop | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:42:46 AM on ?8/?24/?2010 was unexpected.

Error - 8/24/2010 6:57:21 AM | Computer Name = NiallAcerLaptop | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Encrypted volume check: Volume information on \\?\Volume{93fe6846-1100-11df-b947-806e6f6e6963}
cannot be read.

Error - 8/24/2010 7:11:20 AM | Computer Name = NiallAcerLaptop | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:10:02 PM on ?8/?24/?2010 was unexpected.

Error - 8/24/2010 7:11:32 AM | Computer Name = NiallAcerLaptop | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Encrypted volume check: Volume information on \\?\Volume{93fe6846-1100-11df-b947-806e6f6e6963}
cannot be read.

Error - 8/24/2010 8:46:50 AM | Computer Name = NiallAcerLaptop | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:45:08 PM on ?8/?24/?2010 was unexpected.

Error - 8/24/2010 8:46:57 AM | Computer Name = NiallAcerLaptop | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Encrypted volume check: Volume information on \\?\Volume{93fe6846-1100-11df-b947-806e6f6e6963}
cannot be read.

Error - 8/24/2010 8:54:32 AM | Computer Name = NiallAcerLaptop | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Encrypted volume check: Volume information on \\?\Volume{93fe6846-1100-11df-b947-806e6f6e6963}
cannot be read.

Error - 8/24/2010 8:57:58 AM | Computer Name = NiallAcerLaptop | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Encrypted volume check: Volume information on \\?\Volume{93fe6846-1100-11df-b947-806e6f6e6963}
cannot be read.


< End of report >

Edited by NiallH, 25 August 2010 - 07:00 AM.


#4 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:04:27 AM

Posted 25 August 2010 - 05:11 PM

Hi there,

STEP 1 - OTL Fix

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    CODE
    :Commands
    [purity]
    [emptytemp]
    [resethosts]
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.

STEP 2 - MBAM

Open Malwarebyte's Anti-Malware.
  • Under the Updates tab, click Check for Updates. Let the updates install (if any).
  • After that, under the Scanner tab, click Perform Quick Scan and then Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 3 - Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.



  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply
STEP 4 - Reply

Please reply with the following log:
  • MBAM Log
  • Kaspersky Log

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#5 NiallH

NiallH
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:27 AM

Posted 26 August 2010 - 02:11 PM

Here is the MBAM log, Kaspersky is hanging on download of the virus definitions. Been at it for nearly 3 hours now. I'll post the kaspersky stuff as soon as I have it:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4475

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

8/26/2010 6:39:50 PM
mbam-log-2010-08-26 (18-39-50).txt

Scan type: Quick scan
Objects scanned: 157858
Time elapsed: 9 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{83313942-b21e-454e-b5ae-d01992a63ad5} (Backdoor.SpyNet) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#6 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:04:27 AM

Posted 26 August 2010 - 04:06 PM

Okay, so far so good. If you can't get Kaspersky to finish, let me know and I'll give you another option.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#7 NiallH

NiallH
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:27 AM

Posted 27 August 2010 - 01:07 PM

I'm still having trouble with kaspersky, it has either hung or crashed whenever I have tried to run it. Tried various browsers and no joy. Can you give me an alternative? Thanks smile.gif

#8 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:04:27 AM

Posted 27 August 2010 - 01:52 PM

Hi there,

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#9 NiallH

NiallH
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:27 AM

Posted 28 August 2010 - 03:58 AM

Thanks for that eset, ran fine, here is the output:

C:\$Recycle.Bin\S-1-5-21-251985211-2031373186-2301387326-1003\$RVLYF26\Mystik.Media.Blaze.Media.Pro.v9.10-HERiTAGE.rar probably a variant of Win32/TrojanDropper.Agent.KCNQZHP trojan deleted - quarantined
C:\DvrCenter\ClassPackage.dll probably a variant of Win32/Dialer.generic application cleaned by deleting - quarantined
D:\Kieran Recovered\Documents and Settings\Blah\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.lnk Win32/Adware.ADON application cleaned by deleting - quarantined
D:\Kieran Recovered\Documents and Settings\Blah\Start Menu\eBay.lnk Win32/Adware.ADON application cleaned by deleting - quarantined
D:\NZB DL's\Software\Microsoft.Windows.XP.Professional.OEM.SP3.Integrated-ETH0\e-xppo3.iso a variant of Win32/HackTool.Patcher.C trojan deleted - quarantined


#10 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:04:27 AM

Posted 28 August 2010 - 04:14 PM

Hi there,

Are you still having problems?

Open up OTL and push the Quickscan button. Post the resulting log here.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#11 NiallH

NiallH
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:27 AM

Posted 29 August 2010 - 12:37 PM

Here is the OTL Log:

OTL logfile created on: 8/29/2010 6:30:22 PM - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Niall Acer Laptop\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 65.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.93 Gb Total Space | 45.56 Gb Free Space | 30.39% Space Free | Partition Type: NTFS
Drive D: | 123.65 Gb Total Space | 71.16 Gb Free Space | 57.55% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NIALLACERLAPTOP
Current User Name: Niall Acer Laptop
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Users\Niall Acer Laptop\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Users\Niall Acer Laptop\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
PRC - C:\Program Files (x86)\SRWare Iron\iron.exe (SRWare)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\xampp\xampp\mysql\bin\mysqld.exe (MySQL AB)
PRC - C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
PRC - C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
PRC - C:\Program Files (x86)\DesktopEarth\DesktopEarth.exe (CodeFromThe70s.org)


========== Modules (SafeList) ==========

MOD - C:\Users\Niall Acer Laptop\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (VMware NAT Service) -- C:\Windows\SysNative\vmnat.exe File not found
SRV:64bit: - (VMnetDHCP) -- C:\Windows\SysNative\vmnetdhcp.exe File not found
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (AppleTimeSrv) -- C:\Windows\SysNative\AppleTimeSrv.exe (Apple Inc.)
SRV:64bit: - (AppleOSSMgr) -- C:\Windows\SysNative\AppleOSSMgr.exe ()
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV:64bit: - (MSSQLServerADHelper100) -- c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE (Microsoft Corporation)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (WAS) -- C:\Windows\SysNative\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV:64bit: - (W3SVC) -- C:\Windows\SysNative\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AppHostSvc) -- C:\Windows\SysNative\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV:64bit: - (MSSQL$SQLEXPRESS) -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV:64bit: - (SQLAgent$SQLEXPRESS) -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (MySQL) -- C:\xampp\xampp\mysql\bin\mysqld.exe (MySQL AB)
SRV - (FileZilla Server) -- C:\xampp\xampp\FileZillaFTP\FileZilla server.exe (FileZilla Project)
SRV - (Mercury) -- C:\xampp\xampp\xampp_service_mercury.exe (Apache Friends)
SRV - (Apache2.2) -- C:\xampp\xampp\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe (VMware, Inc.)
SRV - (cvhsvc) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (NMSAccess) -- C:\Program Files (x86)\Blaze Media Pro\NMSAccess32.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (jumi) -- C:\Windows\SysNative\drivers\jumi.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (cpuz133) -- C:\Windows\SysNative\drivers\cpuz133_x64.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (MacHALDriver) -- C:\Windows\SysNative\drivers\MacHALDriver.sys (Apple Inc.)
DRV:64bit: - (KeyAgent) -- C:\Windows\SysNative\drivers\KeyAgent.sys (Apple Inc.)
DRV:64bit: - (vmm) -- C:\Windows\SysNative\drivers\VMM.sys (Microsoft Corporation)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwusbfake) -- C:\Windows\SysNative\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (netw5v64) Intel® -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RsFx0103) -- C:\Windows\SysNative\drivers\RsFx0103.sys (Microsoft Corporation)
DRV:64bit: - (PCWinSoft) -- C:\Windows\SysNative\drivers\scrcamhrdrv_x64.sys (Windows ® Server 2003 DDK provider)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV - (VSPerfDrv100) -- D:\WPSDK\Team Tools\Performance Tools\x64\VSPerfDrv100.sys (Microsoft Corporation)
DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys (VMware, Inc.)
DRV - (sftplay) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\sftplaylh.sys (Microsoft Corporation)
DRV - (sftvol) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\SftVollh.sys (Microsoft Corporation)
DRV - (sftfs) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\SftFSlh.sys (Microsoft Corporation)
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (zlportio) -- C:\Program Files (x86)\UltraStar\zlportio.sys (SpecoSoft)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=15446&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ie.msn.com/iat/us_ie.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 4B 59 AF 11 DB CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8

FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/08/07 19:00:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/08/07 19:14:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/05 21:39:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/24 12:41:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/08/07 19:00:53 | 000,000,000 | ---D | M]

[2010/02/04 11:16:17 | 000,000,000 | ---D | M] -- C:\Users\Niall Acer Laptop\AppData\Roaming\Mozilla\Extensions
[2010/04/22 15:29:16 | 000,000,000 | ---D | M] -- C:\Users\Niall Acer Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\g6s52okm.default\extensions
[2010/02/04 11:16:56 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Niall Acer Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\g6s52okm.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/06/06 16:05:16 | 000,000,000 | ---D | M] -- C:\Users\Niall Acer Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\g6s52okm.default\extensions\toolbar@ask.com
[2010/08/28 19:49:51 | 000,000,000 | ---D | M] -- C:\Users\Niall Acer Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\wji7vpo7.c\extensions
[2010/07/26 21:44:38 | 000,000,000 | ---D | M] (FetchMP3 Video to Audio Converter) -- C:\Users\Niall Acer Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\wji7vpo7.c\extensions\{1d8e98fb-53c3-47a8-9fb9-1b51bbf3890d}
[2010/03/30 17:59:05 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Niall Acer Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\wji7vpo7.c\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/05/29 11:48:24 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Niall Acer Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\wji7vpo7.c\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/08/04 18:58:00 | 000,000,000 | ---D | M] -- C:\Users\Niall Acer Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\wji7vpo7.c\extensions\ietab@ip.cn
[2010/08/23 10:53:09 | 000,000,000 | ---D | M] -- C:\Users\Niall Acer Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\wji7vpo7.c\extensions\webmaster@keep-tube.com
[2010/07/26 21:37:41 | 000,000,000 | ---D | M] -- C:\Users\Niall Acer Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\wji7vpo7.c\extensions\youtube2mp3@mondayx.de
[2010/05/26 15:18:50 | 000,002,333 | ---- | M] () -- C:\Users\Niall Acer Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\g6s52okm.default\searchplugins\askcom.xml
[2010/02/10 13:50:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/01/16 01:55:13 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/16 01:55:13 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/16 01:55:13 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/16 01:55:13 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/08/27 19:13:30 | 000,001,002 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - D:\WPSDK\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MysticThumbs] C:\Program Files\MysticCoder\MysticThumbs\MysticThumbsTray.exe (MysticCoder)
O4 - Startup: C:\Users\Niall Acer Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopEarth AutoStart.lnk = C:\Users\Niall Acer Laptop\AppData\Roaming\Microsoft\Installer\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}\_C1A9BF9D98647632ED5172.exe ()
O4 - Startup: C:\Users\Niall Acer Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Niall Acer Laptop\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Users\Niall Acer Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/sit...b?1281205115739 (MUCatalogWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} http://192.168.0.101/DvrOcx.cab (DvrOcx Control)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.101.160.4 89.101.160.5
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Users\Admin\AppData\Roaming\AxBb4Z6hIO1.exe) - C:\Users\Admin\AppData\Roaming\AxBb4Z6hIO1.exe File not found
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/03/20 16:42:25 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{78a10630-1104-11df-bccb-001f16a903a2}\Shell - "" = AutoRun
O33 - MountPoints2\{78a10630-1104-11df-bccb-001f16a903a2}\Shell\AutoRun\command - "" = G:\setup.exe -- File not found
O33 - MountPoints2\{78a108d7-1104-11df-bccb-001f16a903a2}\Shell - "" = AutoRun
O33 - MountPoints2\{78a108d7-1104-11df-bccb-001f16a903a2}\Shell\AutoRun\command - "" = Autoplay.exe -auto
O33 - MountPoints2\{78a108d8-1104-11df-bccb-001f16a903a2}\Shell - "" = AutoRun
O33 - MountPoints2\{78a108d8-1104-11df-bccb-001f16a903a2}\Shell\AutoRun\command - "" = Autoplay.exe -auto
O33 - MountPoints2\{93fe684b-1100-11df-b947-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{93fe684b-1100-11df-b947-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{a9ded779-88dc-11df-a42d-001f16a903a2}\Shell - "" = AutoRun
O33 - MountPoints2\{a9ded779-88dc-11df-a42d-001f16a903a2}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{a9ded782-88dc-11df-a42d-001f16a903a2}\Shell - "" = AutoRun
O33 - MountPoints2\{a9ded782-88dc-11df-a42d-001f16a903a2}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/08/27 20:03:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/08/26 18:18:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/25 11:40:11 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\AppData\Roaming\Malwarebytes
[2010/08/25 11:40:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/08/25 11:39:59 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/08/25 11:39:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/08/25 11:39:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/24 21:40:05 | 000,000,000 | ---D | C] -- C:\ProgramData\OEM
[2010/08/24 21:39:49 | 000,000,000 | ---D | C] -- C:\Program Files\Acer
[2010/08/24 14:18:01 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\Desktop\BIOS(Special)_Acer_2.35_Windows_Aspire 4810T
[2010/08/24 13:06:43 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2010/08/24 13:06:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software
[2010/08/23 17:35:21 | 000,159,208 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdm.sys
[2010/08/23 17:35:21 | 000,125,416 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadbus.sys
[2010/08/23 17:35:21 | 000,016,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdfl.sys
[2010/08/23 17:35:21 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwhnt.sys
[2010/08/23 17:35:21 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcmnt.sys
[2010/08/23 10:58:28 | 000,000,000 | ---D | C] -- C:\videooutput
[2010/08/23 10:58:21 | 000,139,264 | ---- | C] (http://www.xvid.org) -- C:\Windows\SysWow64\xvid.ax
[2010/08/23 10:58:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smallvideosoft
[2010/08/18 21:11:26 | 000,000,000 | ---D | C] -- C:\dell
[2010/08/14 17:26:46 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/08/14 13:58:23 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\AppData\Roaming\SoftGrid Client
[2010/08/14 13:31:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2010/08/13 17:33:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VB Decompiler Lite
[2010/08/12 12:35:42 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\AppData\Roaming\MusicBrainz
[2010/08/12 12:35:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MusicBrainz Picard
[2010/08/11 23:08:11 | 000,080,944 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmci.sys
[2010/08/11 23:08:07 | 000,068,656 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys
[2010/08/11 23:06:23 | 000,055,344 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetinst.dll
[2010/08/11 23:06:22 | 000,020,016 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetadapter.sys
[2010/08/11 23:06:14 | 000,334,384 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe
[2010/08/11 23:06:09 | 000,395,824 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe
[2010/08/11 23:06:09 | 000,030,256 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys
[2010/08/11 23:06:04 | 000,056,880 | R--- | C] (VMware, Inc.) -- C:\Windows\SysNative\vmnetbridge.dll
[2010/08/11 23:06:04 | 000,045,104 | R--- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetbridge.sys
[2010/08/11 23:06:04 | 000,024,112 | R--- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnet.sys
[2010/08/11 23:05:55 | 000,958,000 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll
[2010/08/11 23:03:34 | 000,029,744 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\VMkbd.sys
[2010/08/11 23:03:28 | 000,038,960 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys
[2010/08/11 22:58:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware
[2010/08/11 22:54:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VMware
[2010/08/11 17:56:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2010/08/11 17:56:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2010/08/11 16:00:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vidalia Bundle
[2010/08/11 14:24:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010/08/07 19:15:10 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\AppData\Roaming\Nokia
[2010/08/07 19:14:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PCSuite
[2010/08/07 19:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations
[2010/08/07 19:04:48 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\AppData\Local\NokiaAccount
[2010/08/07 19:04:48 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\AppData\Local\Nokia
[2010/08/07 19:04:47 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\AppData\Roaming\PC Suite
[2010/08/07 19:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2010/08/07 19:01:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nokia
[2010/08/07 19:00:45 | 000,025,600 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys
[2010/08/07 19:00:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[2010/08/07 18:59:48 | 000,069,120 | ---- | C] (Nokia) -- C:\Windows\SysNative\nmwcdclsx64.dll
[2010/08/07 18:57:58 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache
[2010/08/07 18:57:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nokia
[2010/08/07 15:21:05 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\.android
[2010/08/07 12:26:14 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\Desktop\J Mam SD Card
[2010/08/07 09:53:24 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\Desktop\WeddingSite
[2010/08/06 19:00:11 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwh.sys
[2010/08/06 19:00:10 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcm.sys
[2010/08/06 18:56:39 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2010/08/06 18:55:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2010/08/06 17:25:42 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\AppData\Local\Downloaded Installations
[2010/08/06 16:19:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2010/08/06 16:18:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Samsung
[2010/08/06 16:06:38 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\Desktop\Galaxy S
[2010/08/03 12:22:04 | 000,000,000 | ---D | C] -- C:\DVR
[2010/08/01 13:10:50 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/07/28 18:59:02 | 000,000,000 | ---D | C] -- C:\Windows\Fonts\private
[2010/07/26 21:20:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AltBinz
[2010/07/26 17:29:32 | 000,157,712 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
[2010/07/24 16:17:03 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\Documents\JumiController
[2010/07/24 16:15:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jumi
[2010/07/21 07:56:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/07/21 07:56:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/07/12 16:10:41 | 000,117,120 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys
[2010/07/12 16:10:39 | 000,133,632 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbnet.sys
[2010/07/12 16:10:35 | 000,114,304 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbfake.sys
[2010/07/12 16:09:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Vodafone
[2010/07/12 16:08:25 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\AppData\Local\{9A51B9F7-E6AF-4C55-9C1E-E02A701F9C0C}
[2010/07/10 20:20:36 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\AppData\Local\WBFSManager
[2010/07/10 20:17:21 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\Documents\WBFS Manager Covers
[2010/07/10 20:17:17 | 000,000,000 | ---D | C] -- C:\Program Files\WBFS
[2010/07/07 20:16:52 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour Print Services
[2010/07/06 13:51:09 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\AppData\Local\MigWiz
[2010/07/05 21:46:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DesktopEarth
[2010/07/05 20:00:41 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\AppData\Local\VMware
[2010/07/05 20:00:27 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\AppData\Roaming\VMware
[2010/07/05 19:50:38 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2010/07/05 15:42:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stellar Phoenix Password Recovery
[2010/07/01 20:10:02 | 000,000,000 | ---D | C] -- C:\Program Files\DVD or CD Sharing
[2010/07/01 19:39:54 | 000,058,656 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2010/07/01 19:39:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2010/07/01 19:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\Boot Camp
[2010/07/01 19:37:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Motorola
[2010/07/01 19:36:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2010/07/01 19:36:33 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/07/01 19:36:13 | 000,518,944 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2010/07/01 19:36:13 | 000,368,416 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2010/07/01 19:36:13 | 000,310,048 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2010/07/01 19:36:13 | 000,310,048 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2010/07/01 19:36:13 | 000,211,376 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2010/07/01 19:36:13 | 000,204,064 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2010/07/01 19:36:13 | 000,198,944 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2010/07/01 19:36:13 | 000,155,936 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2010/07/01 19:36:13 | 000,101,152 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2010/07/01 19:36:13 | 000,078,624 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2010/07/01 19:36:12 | 000,325,920 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2010/07/01 19:36:11 | 000,300,320 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2010/07/01 19:36:11 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2010/07/01 19:36:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2010/07/01 19:35:09 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010/07/01 19:34:53 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2010/07/01 19:34:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IDT
[2010/07/01 19:34:31 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\AppData\Local\Programs
[2010/07/01 19:32:37 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/07/01 17:23:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicISO
[2010/07/01 17:13:07 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\Desktop\Boot from mac
[2010/07/01 11:33:38 | 000,020,968 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\Windows\SysNative\drivers\cpuz133_x64.sys
[2010/07/01 11:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2010/06/29 18:48:15 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\Desktop\AppDev
[2010/06/20 20:09:55 | 000,000,000 | ---D | C] -- C:\Sierra
[2010/06/20 20:09:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2010/06/18 11:16:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2010/06/17 12:22:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\BestPractices
[2010/06/17 12:22:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\BestPractices
[2010/06/17 12:22:13 | 000,000,000 | ---D | C] -- C:\inetpub
[2010/06/17 12:19:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/06/16 20:31:03 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\AppData\Roaming\OpenOffice.org
[2010/06/16 20:28:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2010/06/15 09:28:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DC++
[2010/06/14 14:20:22 | 000,000,000 | ---D | C] -- C:\Program Files\MysticCoder
[2010/06/14 14:11:49 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\Desktop\Suru
[2010/06/12 17:21:05 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\AppData\Roaming\WebcamMax
[2010/06/12 17:21:05 | 000,000,000 | ---D | C] -- C:\ProgramData\WebcamMax
[2010/06/07 19:07:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Blaze Media Pro
[2010/06/07 19:01:47 | 000,000,000 | ---D | C] -- C:\Windows\uninstall
[2010/06/07 17:45:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\custom matrices
[2010/06/07 17:45:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\QuickTime
[2010/06/07 17:45:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\C2MP
[2010/06/07 17:42:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow
[2010/06/07 17:25:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010/06/07 17:13:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010/06/07 17:03:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebcamMax
[2010/06/06 18:22:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rar Repair Tool
[2010/06/03 16:07:18 | 000,015,160 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\drivers\jumi.sys
[2010/06/02 13:47:54 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\Desktop\Joeboylemotors
[2010/06/01 20:14:57 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\Documents\TURBOFloorPlan 3D
[2010/06/01 20:13:42 | 000,000,000 | ---D | C] -- C:\ProgramData\IMSIDesign
[2010/06/01 20:10:43 | 000,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2010/06/01 20:04:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IMSIDesign
[2010/05/31 19:19:51 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\AppData\Roaming\SmartDraw
[2010/05/31 19:19:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SmartDraw VP

========== Files - Modified Within 90 Days ==========

[2010/08/29 18:33:58 | 000,016,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/29 18:33:58 | 000,016,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/29 18:29:07 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/29 18:29:07 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
[2010/08/29 18:28:43 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/29 18:28:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/29 18:28:30 | 3144,777,728 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/29 11:31:26 | 009,437,184 | -HS- | M] () -- C:\Users\Niall Acer Laptop\ntuser.dat
[2010/08/29 11:20:18 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/28 12:45:07 | 001,005,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/28 12:45:07 | 000,825,278 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/28 12:45:07 | 000,181,970 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/27 19:20:17 | 000,015,410 | ---- | M] () -- C:\Users\Niall Acer Laptop\Desktop\phone.jpg
[2010/08/27 19:13:30 | 000,001,002 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2010/08/26 20:00:00 | 002,967,651 | -H-- | M] () -- C:\Users\Niall Acer Laptop\AppData\Local\IconCache.db
[2010/08/25 11:40:05 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/22 21:42:03 | 000,002,048 | -H-- | M] () -- C:\Users\Niall Acer Laptop\Documents\Default.rdp
[2010/08/14 11:29:21 | 000,000,186 | ---- | M] () -- C:\Users\Niall Acer Laptop\RmUserCfg.ini
[2010/08/13 17:36:12 | 000,000,073 | ---- | M] () -- C:\Windows\w32demo8.ini
[2010/08/13 05:42:43 | 003,067,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/11 23:03:12 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/08/11 23:03:07 | 001,023,996 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/11 20:18:37 | 000,123,912 | ---- | M] () -- C:\Users\Niall Acer Laptop\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/11 18:37:31 | 000,011,183 | ---- | M] () -- C:\Users\Niall Acer Laptop\Desktop\Work.xlsx
[2010/08/07 16:10:18 | 000,001,042 | ---- | M] () -- C:\Users\Niall Acer Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2010/08/07 11:33:41 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2010/08/06 17:07:29 | 000,002,898 | ---- | M] () -- C:\aqua_bitmap.cpp
[2010/08/03 17:23:59 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010/08/03 17:23:59 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2010/07/29 00:32:27 | 000,011,511 | ---- | M] () -- C:\Users\Public\Documents\System Compare.xlsx
[2010/07/29 00:07:04 | 000,000,165 | -H-- | M] () -- C:\Users\Public\Documents\~$System Compare.xlsx
[2010/07/26 13:38:35 | 000,000,162 | -H-- | M] () -- C:\Users\Niall Acer Laptop\Desktop\~$Landy.doc
[2010/07/18 20:19:27 | 000,018,944 | ---- | M] () -- C:\Users\Niall Acer Laptop\Desktop\HolyCross Hours.xls
[2010/07/18 20:18:59 | 000,018,944 | ---- | M] () -- C:\Users\Public\Documents\HolyCross Hours.xls
[2010/07/15 12:10:07 | 000,012,899 | ---- | M] () -- C:\Users\Niall Acer Laptop\Desktop\FKey Current.xlsx
[2010/07/06 13:51:23 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_EhStorPwdDrv_01_09_00.Wdf
[2010/07/05 21:46:06 | 000,003,051 | ---- | M] () -- C:\Users\Niall Acer Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopEarth AutoStart.lnk
[2010/06/20 20:09:55 | 000,000,224 | ---- | M] () -- C:\Windows\SIERRA.INI
[2010/06/20 20:09:10 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\SIntfNT.dll
[2010/06/20 20:09:10 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\SIntf32.dll
[2010/06/20 20:09:10 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\SIntf16.dll
[2010/06/17 17:32:47 | 000,000,387 | ---- | M] () -- C:\Windows\win.ini
[2010/06/03 16:07:18 | 000,015,160 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\drivers\jumi.sys
[2010/06/01 20:38:27 | 000,167,580 | ---- | M] () -- C:\Users\Niall Acer Laptop\Desktop\Basement.jpg
[2010/06/01 20:33:23 | 000,073,949 | ---- | M] () -- C:\Users\Niall Acer Laptop\Desktop\23 Leinster Square main house plan.pdf

========== Files Created - No Company Name ==========

[2010/08/27 19:20:16 | 000,015,410 | ---- | C] () -- C:\Users\Niall Acer Laptop\Desktop\phone.jpg
[2010/08/25 11:40:05 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/23 10:58:21 | 008,676,883 | ---- | C] () -- C:\Windows\SysWow64\NCMedia2.dll
[2010/08/13 17:36:00 | 000,000,073 | ---- | C] () -- C:\Windows\w32demo8.ini
[2010/08/11 18:37:28 | 000,011,183 | ---- | C] () -- C:\Users\Niall Acer Laptop\Desktop\Work.xlsx
[2010/08/07 16:10:18 | 000,001,042 | ---- | C] () -- C:\Users\Niall Acer Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2010/08/07 11:33:41 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2010/08/06 16:15:50 | 000,002,898 | ---- | C] () -- C:\aqua_bitmap.cpp
[2010/07/29 00:07:04 | 000,000,165 | -H-- | C] () -- C:\Users\Public\Documents\~$System Compare.xlsx
[2010/07/29 00:07:03 | 000,011,511 | ---- | C] () -- C:\Users\Public\Documents\System Compare.xlsx
[2010/07/26 13:38:35 | 000,000,162 | -H-- | C] () -- C:\Users\Niall Acer Laptop\Desktop\~$Landy.doc
[2010/07/21 15:45:58 | 000,000,186 | ---- | C] () -- C:\Users\Niall Acer Laptop\RmUserCfg.ini
[2010/07/18 20:19:27 | 000,018,944 | ---- | C] () -- C:\Users\Niall Acer Laptop\Desktop\HolyCross Hours.xls
[2010/07/18 20:16:26 | 000,018,944 | ---- | C] () -- C:\Users\Public\Documents\HolyCross Hours.xls
[2010/07/07 21:53:21 | 000,012,899 | ---- | C] () -- C:\Users\Niall Acer Laptop\Desktop\FKey Current.xlsx
[2010/07/06 13:51:23 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_EhStorPwdDrv_01_09_00.Wdf
[2010/07/05 21:46:06 | 000,003,051 | ---- | C] () -- C:\Users\Niall Acer Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopEarth AutoStart.lnk
[2010/07/05 19:51:21 | 000,001,024 | ---- | C] () -- C:\.rnd
[2010/06/20 20:09:55 | 000,000,224 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/06/20 20:09:10 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2010/06/20 20:09:10 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2010/06/20 20:09:10 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2010/06/01 20:38:27 | 000,167,580 | ---- | C] () -- C:\Users\Niall Acer Laptop\Desktop\Basement.jpg
[2010/06/01 20:33:23 | 000,073,949 | ---- | C] () -- C:\Users\Niall Acer Laptop\Desktop\23 Leinster Square main house plan.pdf
[2010/05/31 19:19:46 | 000,000,496 | ---- | C] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
[2010/03/23 15:21:27 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2010/03/22 22:28:29 | 000,000,192 | ---- | C] () -- C:\Windows\UserSetup.ini
[2010/03/22 22:27:53 | 000,002,627 | ---- | C] () -- C:\Windows\SysWow64\smport.sys
[2010/03/22 03:30:14 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll
[2010/03/03 01:00:00 | 004,555,278 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
[2010/03/03 01:00:00 | 001,449,935 | ---- | C] () -- C:\Windows\SysWow64\ffmpegmt.dll
[2010/03/03 01:00:00 | 000,882,688 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/03/03 01:00:00 | 000,877,385 | ---- | C] () -- C:\Windows\SysWow64\ff_x264.dll
[2010/03/03 01:00:00 | 000,556,491 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll
[2010/03/03 01:00:00 | 000,336,384 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2010/03/03 01:00:00 | 000,324,096 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2010/03/03 01:00:00 | 000,248,320 | ---- | C] () -- C:\Windows\SysWow64\ff_kernelDeint.dll
[2010/03/03 01:00:00 | 000,216,576 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2010/03/03 01:00:00 | 000,169,984 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2010/03/03 01:00:00 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2010/03/03 01:00:00 | 000,145,408 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2010/03/03 01:00:00 | 000,121,856 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2010/03/03 01:00:00 | 000,116,736 | ---- | C] () -- C:\Windows\SysWow64\ff_tremor.dll
[2010/03/03 01:00:00 | 000,100,864 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2010/03/03 01:00:00 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2010/03/03 01:00:00 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/02/08 12:21:07 | 001,023,996 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/02/07 21:06:42 | 000,000,036 | ---- | C] () -- C:\Users\Niall Acer Laptop\AppData\Local\housecall.guid.cache
[2010/02/04 22:37:43 | 000,941,784 | ---- | C] () -- C:\Windows\SysWow64\drivers\CAMTHWDM.sys
[2010/02/03 21:59:12 | 000,000,017 | ---- | C] () -- C:\Users\Niall Acer Laptop\AppData\Local\resmon.resmoncfg
[2010/01/29 16:33:18 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxPLK.dll
[2010/01/28 10:56:16 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxITA.dll
[2010/01/18 14:55:50 | 000,018,944 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxTRK.dll
[2010/01/04 17:51:58 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxESP.dll
[2009/12/23 10:52:16 | 000,018,944 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxDEU.dll
[2009/12/21 14:55:52 | 000,013,824 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxCHT.dll
[2009/12/11 16:26:18 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxCHS.dll
[2009/12/10 17:07:16 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxFRA.dll
[2009/12/10 17:07:16 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxRUS.dll
[2009/12/10 17:07:14 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxPTG.dll
[2009/12/10 17:07:12 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxPTB.dll
[2009/11/23 10:05:52 | 000,782,421 | ---- | C] () -- C:\Windows\SysWow64\RM_DVRNET_DLL.dll
[2009/11/21 09:39:24 | 000,229,442 | ---- | C] () -- C:\Windows\SysWow64\winpubf.dll
[2009/11/21 09:39:24 | 000,196,608 | ---- | C] () -- C:\Windows\SysWow64\nvrfs.dll
[2009/11/21 09:39:24 | 000,074,240 | ---- | C] () -- C:\Windows\SysWow64\CovH264ToAvi.dll
[2009/11/14 19:37:08 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2009/11/14 19:33:38 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2009/11/14 19:11:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2009/11/14 19:11:42 | 000,150,016 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2009/11/14 19:11:42 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2009/11/14 19:11:40 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2009/11/14 19:11:40 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2009/11/14 19:11:38 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2009/11/14 19:11:32 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2009/11/14 19:11:32 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 00:16:42 | 000,056,880 | ---- | C] () -- C:\Windows\SysWow64\scvideo.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/07 17:24:04 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/06/07 12:27:20 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\vbzlib1.dll
[2009/01/10 23:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\mmfinfo.dll
[2008/11/06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2008/10/04 00:07:10 | 003,754,896 | ---- | C] () -- C:\Windows\SysWow64\erdmpg-6.dll
[2008/09/28 18:33:01 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\Manipulate.dll
[2008/08/28 12:20:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\comLyricGetter.dll
[2008/08/28 12:17:22 | 000,097,280 | ---- | C] () -- C:\Windows\SysWow64\Uncommon.dll
[2008/08/28 12:17:20 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\NormalizeDSP.dll
[2007/10/13 10:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
[2006/11/06 20:30:38 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll

========== LOP Check ==========

[2010/02/11 17:00:39 | 000,000,000 | ---D | M] -- C:\Users\Niall Acer Laptop\AppData\Roaming\CopyTrans
[2010/02/11 16:59:58 | 000,000,000 | ---D | M] -- C:\Users\Niall Acer Laptop\AppData\Roaming\CopyTransControlCenter
[2010/08/29 18:29:23 | 000,000,000 | ---D | M] -- C:\Users\Niall Acer Laptop\AppData\Roaming\Dropbox
[2010/08/28 16:25:55 | 000,000,000 | ---D | M] -- C:\Users\Niall Acer Laptop\AppData\Roaming\FileZilla
[2010/03/25 22:20:14 | 000,000,000 | ---D | M] -- C:\Users\Niall Acer Laptop\AppData\Roaming\ImgBurn
[2010/08/12 12:35:42 | 000,000,000 | ---D | M] -- C:\Users\Niall Acer Laptop\AppData\Roaming\MusicBrainz
[2010/08/11 17:11:24 | 000,000,000 | ---D | M] -- C:\Users\Niall Acer Laptop\AppData\Roaming\Nokia
[2010/05/24 10:48:41 | 000,000,000 | ---D | M] -- C:\Users\Niall Acer Laptop\AppData\Roaming\Notepad++
[2010/06/16 20:31:03 | 000,000,000 | ---D | M] -- C:\Users\Niall Acer Laptop\AppData\Roaming\OpenOffice.org
[2010/08/07 19:04:47 | 000,000,000 | ---D | M] -- C:\Users\Niall Acer Laptop\AppData\Roaming\PC Suite
[2010/05/31 19:33:20 | 000,000,000 | ---D | M] -- C:\Users\Niall Acer Laptop\AppData\Roaming\SmartDraw
[2010/08/14 13:58:55 | 000,000,000 | ---D | M] -- C:\Users\Niall Acer Laptop\AppData\Roaming\SoftGrid Client
[2010/06/12 17:21:05 | 000,000,000 | ---D | M] -- C:\Users\Niall Acer Laptop\AppData\Roaming\WebcamMax
[2010/07/05 14:09:56 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/08/29 18:29:07 | 000,000,496 | ---- | M] () -- C:\Windows\Tasks\SDMsgUpdate (TE).job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:820563D3
< End of report >


#12 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:04:27 AM

Posted 29 August 2010 - 12:50 PM

Hi there,

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    CODE
    :OTL

    :Services

    :Reg

    :Files

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Open up OTL and push the Quickscan button. Post the resulting log here in your next reply.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#13 NiallH

NiallH
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:27 AM

Posted 30 August 2010 - 04:06 AM

Here is the OTL log:

OTL logfile created on: 8/30/2010 9:59:31 AM - Run 3
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Niall Acer Laptop\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 65.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.93 Gb Total Space | 45.79 Gb Free Space | 30.54% Space Free | Partition Type: NTFS
Drive D: | 123.65 Gb Total Space | 71.16 Gb Free Space | 57.55% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NIALLACERLAPTOP
Current User Name: Niall Acer Laptop
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Users\Niall Acer Laptop\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Users\Niall Acer Laptop\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
PRC - C:\Program Files (x86)\SRWare Iron\iron.exe (SRWare)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\xampp\xampp\mysql\bin\mysqld.exe (MySQL AB)
PRC - C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
PRC - C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
PRC - C:\Program Files (x86)\DesktopEarth\DesktopEarth.exe (CodeFromThe70s.org)


========== Modules (SafeList) ==========

MOD - C:\Users\Niall Acer Laptop\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (VMware NAT Service) -- C:\Windows\SysNative\vmnat.exe File not found
SRV:64bit: - (VMnetDHCP) -- C:\Windows\SysNative\vmnetdhcp.exe File not found
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (AppleTimeSrv) -- C:\Windows\SysNative\AppleTimeSrv.exe (Apple Inc.)
SRV:64bit: - (AppleOSSMgr) -- C:\Windows\SysNative\AppleOSSMgr.exe ()
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV:64bit: - (MSSQLServerADHelper100) -- c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE (Microsoft Corporation)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (WAS) -- C:\Windows\SysNative\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV:64bit: - (W3SVC) -- C:\Windows\SysNative\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AppHostSvc) -- C:\Windows\SysNative\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV:64bit: - (MSSQL$SQLEXPRESS) -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV:64bit: - (SQLAgent$SQLEXPRESS) -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (MySQL) -- C:\xampp\xampp\mysql\bin\mysqld.exe (MySQL AB)
SRV - (FileZilla Server) -- C:\xampp\xampp\FileZillaFTP\FileZilla server.exe (FileZilla Project)
SRV - (Mercury) -- C:\xampp\xampp\xampp_service_mercury.exe (Apache Friends)
SRV - (Apache2.2) -- C:\xampp\xampp\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe (VMware, Inc.)
SRV - (cvhsvc) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (NMSAccess) -- C:\Program Files (x86)\Blaze Media Pro\NMSAccess32.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (jumi) -- C:\Windows\SysNative\drivers\jumi.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (cpuz133) -- C:\Windows\SysNative\drivers\cpuz133_x64.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (MacHALDriver) -- C:\Windows\SysNative\drivers\MacHALDriver.sys (Apple Inc.)
DRV:64bit: - (KeyAgent) -- C:\Windows\SysNative\drivers\KeyAgent.sys (Apple Inc.)
DRV:64bit: - (vmm) -- C:\Windows\SysNative\drivers\VMM.sys (Microsoft Corporation)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwusbfake) -- C:\Windows\SysNative\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (netw5v64) Intel® -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RsFx0103) -- C:\Windows\SysNative\drivers\RsFx0103.sys (Microsoft Corporation)
DRV:64bit: - (PCWinSoft) -- C:\Windows\SysNative\drivers\scrcamhrdrv_x64.sys (Windows ® Server 2003 DDK provider)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV - (VSPerfDrv100) -- D:\WPSDK\Team Tools\Performance Tools\x64\VSPerfDrv100.sys (Microsoft Corporation)
DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys (VMware, Inc.)
DRV - (sftplay) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\sftplaylh.sys (Microsoft Corporation)
DRV - (sftvol) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\SftVollh.sys (Microsoft Corporation)
DRV - (sftfs) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\SftFSlh.sys (Microsoft Corporation)
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (zlportio) -- C:\Program Files (x86)\UltraStar\zlportio.sys (SpecoSoft)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=15446&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ie.msn.com/iat/us_ie.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 4B 59 AF 11 DB CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8

FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/08/07 19:00:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/08/07 19:14:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/05 21:39:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/24 12:41:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/08/07 19:00:53 | 000,000,000 | ---D | M]

[2010/02/04 11:16:17 | 000,000,000 | ---D | M] -- C:\Users\Niall Acer Laptop\AppData\Roaming\Mozilla\Extensions
[2010/04/22 15:29:16 | 000,000,000 | ---D | M] -- C:\Users\Niall Acer Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\g6s52okm.default\extensions
[2010/02/04 11:16:56 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Niall Acer Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\g6s52okm.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/06/06 16:05:16 | 000,000,000 | ---D | M] -- C:\Users\Niall Acer Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\g6s52okm.default\extensions\toolbar@ask.com
[2010/08/29 21:12:16 | 000,000,000 | ---D | M] -- C:\Users\Niall Acer Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\wji7vpo7.c\extensions
[2010/07/26 21:44:38 | 000,000,000 | ---D | M] (FetchMP3 Video to Audio Converter) -- C:\Users\Niall Acer Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\wji7vpo7.c\extensions\{1d8e98fb-53c3-47a8-9fb9-1b51bbf3890d}
[2010/03/30 17:59:05 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Niall Acer Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\wji7vpo7.c\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/05/29 11:48:24 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Niall Acer Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\wji7vpo7.c\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/08/04 18:58:00 | 000,000,000 | ---D | M] -- C:\Users\Niall Acer Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\wji7vpo7.c\extensions\ietab@ip.cn
[2010/08/23 10:53:09 | 000,000,000 | ---D | M] -- C:\Users\Niall Acer Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\wji7vpo7.c\extensions\webmaster@keep-tube.com
[2010/07/26 21:37:41 | 000,000,000 | ---D | M] -- C:\Users\Niall Acer Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\wji7vpo7.c\extensions\youtube2mp3@mondayx.de
[2010/05/26 15:18:50 | 000,002,333 | ---- | M] () -- C:\Users\Niall Acer Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\g6s52okm.default\searchplugins\askcom.xml
[2010/02/10 13:50:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/01/16 01:55:13 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/16 01:55:13 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/16 01:55:13 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/16 01:55:13 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/08/29 21:25:43 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - D:\WPSDK\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MysticThumbs] C:\Program Files\MysticCoder\MysticThumbs\MysticThumbsTray.exe (MysticCoder)
O4 - Startup: C:\Users\Niall Acer Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopEarth AutoStart.lnk = C:\Users\Niall Acer Laptop\AppData\Roaming\Microsoft\Installer\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}\_C1A9BF9D98647632ED5172.exe ()
O4 - Startup: C:\Users\Niall Acer Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Niall Acer Laptop\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Users\Niall Acer Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/sit...b?1281205115739 (MUCatalogWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} http://192.168.0.101/DvrOcx.cab (DvrOcx Control)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.101.160.4 89.101.160.5
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Users\Admin\AppData\Roaming\AxBb4Z6hIO1.exe) - C:\Users\Admin\AppData\Roaming\AxBb4Z6hIO1.exe File not found
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/03/20 16:42:25 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{78a10630-1104-11df-bccb-001f16a903a2}\Shell - "" = AutoRun
O33 - MountPoints2\{78a10630-1104-11df-bccb-001f16a903a2}\Shell\AutoRun\command - "" = G:\setup.exe -- File not found
O33 - MountPoints2\{78a108d7-1104-11df-bccb-001f16a903a2}\Shell - "" = AutoRun
O33 - MountPoints2\{78a108d7-1104-11df-bccb-001f16a903a2}\Shell\AutoRun\command - "" = Autoplay.exe -auto
O33 - MountPoints2\{78a108d8-1104-11df-bccb-001f16a903a2}\Shell - "" = AutoRun
O33 - MountPoints2\{78a108d8-1104-11df-bccb-001f16a903a2}\Shell\AutoRun\command - "" = Autoplay.exe -auto
O33 - MountPoints2\{93fe684b-1100-11df-b947-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{93fe684b-1100-11df-b947-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{a9ded779-88dc-11df-a42d-001f16a903a2}\Shell - "" = AutoRun
O33 - MountPoints2\{a9ded779-88dc-11df-a42d-001f16a903a2}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{a9ded782-88dc-11df-a42d-001f16a903a2}\Shell - "" = AutoRun
O33 - MountPoints2\{a9ded782-88dc-11df-a42d-001f16a903a2}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/08/27 20:03:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/08/26 18:18:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/25 11:40:11 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\AppData\Roaming\Malwarebytes
[2010/08/25 11:40:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/08/25 11:39:59 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/08/25 11:39:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/08/25 11:39:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/24 21:40:05 | 000,000,000 | ---D | C] -- C:\ProgramData\OEM
[2010/08/24 21:39:49 | 000,000,000 | ---D | C] -- C:\Program Files\Acer
[2010/08/24 14:18:01 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\Desktop\BIOS(Special)_Acer_2.35_Windows_Aspire 4810T
[2010/08/24 13:06:43 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2010/08/24 13:06:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software
[2010/08/23 17:35:21 | 000,159,208 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdm.sys
[2010/08/23 17:35:21 | 000,125,416 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadbus.sys
[2010/08/23 17:35:21 | 000,016,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdfl.sys
[2010/08/23 17:35:21 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwhnt.sys
[2010/08/23 17:35:21 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcmnt.sys
[2010/08/23 10:58:28 | 000,000,000 | ---D | C] -- C:\videooutput
[2010/08/23 10:58:21 | 000,139,264 | ---- | C] (http://www.xvid.org) -- C:\Windows\SysWow64\xvid.ax
[2010/08/23 10:58:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smallvideosoft
[2010/08/18 21:11:26 | 000,000,000 | ---D | C] -- C:\dell
[2010/08/14 17:26:46 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/08/14 13:58:23 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\AppData\Roaming\SoftGrid Client
[2010/08/14 13:31:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2010/08/13 17:33:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VB Decompiler Lite
[2010/08/12 12:35:42 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\AppData\Roaming\MusicBrainz
[2010/08/12 12:35:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MusicBrainz Picard
[2010/08/11 23:08:11 | 000,080,944 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmci.sys
[2010/08/11 23:08:07 | 000,068,656 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys
[2010/08/11 23:06:23 | 000,055,344 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetinst.dll
[2010/08/11 23:06:22 | 000,020,016 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetadapter.sys
[2010/08/11 23:06:14 | 000,334,384 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe
[2010/08/11 23:06:09 | 000,395,824 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe
[2010/08/11 23:06:09 | 000,030,256 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys
[2010/08/11 23:06:04 | 000,056,880 | R--- | C] (VMware, Inc.) -- C:\Windows\SysNative\vmnetbridge.dll
[2010/08/11 23:06:04 | 000,045,104 | R--- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetbridge.sys
[2010/08/11 23:06:04 | 000,024,112 | R--- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnet.sys
[2010/08/11 23:05:55 | 000,958,000 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll
[2010/08/11 23:03:34 | 000,029,744 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\VMkbd.sys
[2010/08/11 23:03:28 | 000,038,960 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys
[2010/08/11 22:58:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware
[2010/08/11 22:54:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VMware
[2010/08/11 17:56:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2010/08/11 17:56:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2010/08/11 16:00:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vidalia Bundle
[2010/08/11 14:24:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010/08/07 19:15:10 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\AppData\Roaming\Nokia
[2010/08/07 19:14:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PCSuite
[2010/08/07 19:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations
[2010/08/07 19:04:48 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\AppData\Local\NokiaAccount
[2010/08/07 19:04:48 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\AppData\Local\Nokia
[2010/08/07 19:04:47 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\AppData\Roaming\PC Suite
[2010/08/07 19:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2010/08/07 19:01:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nokia
[2010/08/07 19:00:45 | 000,025,600 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys
[2010/08/07 19:00:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[2010/08/07 18:59:48 | 000,069,120 | ---- | C] (Nokia) -- C:\Windows\SysNative\nmwcdclsx64.dll
[2010/08/07 18:57:58 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache
[2010/08/07 18:57:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nokia
[2010/08/07 15:21:05 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\.android
[2010/08/07 12:26:14 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\Desktop\J Mam SD Card
[2010/08/07 09:53:24 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\Desktop\WeddingSite
[2010/08/06 19:00:11 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwh.sys
[2010/08/06 19:00:10 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcm.sys
[2010/08/06 18:56:39 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2010/08/06 18:55:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2010/08/06 17:25:42 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\AppData\Local\Downloaded Installations
[2010/08/06 16:19:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2010/08/06 16:18:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Samsung
[2010/08/06 16:06:38 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\Desktop\Galaxy S
[2010/08/03 12:22:04 | 000,000,000 | ---D | C] -- C:\DVR
[2010/08/01 13:10:50 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/07/28 18:59:02 | 000,000,000 | ---D | C] -- C:\Windows\Fonts\private
[2010/07/26 21:20:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AltBinz
[2010/07/26 17:29:32 | 000,157,712 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
[2010/07/24 16:17:03 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\Documents\JumiController
[2010/07/24 16:15:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jumi
[2010/07/21 07:56:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/07/21 07:56:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/07/12 16:10:41 | 000,117,120 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys
[2010/07/12 16:10:39 | 000,133,632 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbnet.sys
[2010/07/12 16:10:35 | 000,114,304 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbfake.sys
[2010/07/12 16:09:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Vodafone
[2010/07/12 16:08:25 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\AppData\Local\{9A51B9F7-E6AF-4C55-9C1E-E02A701F9C0C}
[2010/07/10 20:20:36 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\AppData\Local\WBFSManager
[2010/07/10 20:17:21 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\Documents\WBFS Manager Covers
[2010/07/10 20:17:17 | 000,000,000 | ---D | C] -- C:\Program Files\WBFS
[2010/07/07 20:16:52 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour Print Services
[2010/07/06 13:51:09 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\AppData\Local\MigWiz
[2010/07/05 21:46:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DesktopEarth
[2010/07/05 20:00:41 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\AppData\Local\VMware
[2010/07/05 20:00:27 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\AppData\Roaming\VMware
[2010/07/05 19:50:38 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2010/07/05 15:42:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stellar Phoenix Password Recovery
[2010/07/01 20:10:02 | 000,000,000 | ---D | C] -- C:\Program Files\DVD or CD Sharing
[2010/07/01 19:39:54 | 000,058,656 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2010/07/01 19:39:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2010/07/01 19:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\Boot Camp
[2010/07/01 19:37:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Motorola
[2010/07/01 19:36:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2010/07/01 19:36:33 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/07/01 19:36:13 | 000,518,944 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2010/07/01 19:36:13 | 000,368,416 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2010/07/01 19:36:13 | 000,310,048 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2010/07/01 19:36:13 | 000,310,048 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2010/07/01 19:36:13 | 000,211,376 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2010/07/01 19:36:13 | 000,204,064 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2010/07/01 19:36:13 | 000,198,944 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2010/07/01 19:36:13 | 000,155,936 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2010/07/01 19:36:13 | 000,101,152 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2010/07/01 19:36:13 | 000,078,624 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2010/07/01 19:36:12 | 000,325,920 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2010/07/01 19:36:11 | 000,300,320 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2010/07/01 19:36:11 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2010/07/01 19:36:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2010/07/01 19:35:09 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010/07/01 19:34:53 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2010/07/01 19:34:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IDT
[2010/07/01 19:34:31 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\AppData\Local\Programs
[2010/07/01 19:32:37 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/07/01 17:23:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicISO
[2010/07/01 17:13:07 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\Desktop\Boot from mac
[2010/07/01 11:33:38 | 000,020,968 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\Windows\SysNative\drivers\cpuz133_x64.sys
[2010/07/01 11:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2010/06/29 18:48:15 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\Desktop\AppDev
[2010/06/20 20:09:55 | 000,000,000 | ---D | C] -- C:\Sierra
[2010/06/20 20:09:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2010/06/18 11:16:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2010/06/17 12:22:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\BestPractices
[2010/06/17 12:22:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\BestPractices
[2010/06/17 12:22:13 | 000,000,000 | ---D | C] -- C:\inetpub
[2010/06/17 12:19:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/06/16 20:31:03 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\AppData\Roaming\OpenOffice.org
[2010/06/16 20:28:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2010/06/15 09:28:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DC++
[2010/06/14 14:20:22 | 000,000,000 | ---D | C] -- C:\Program Files\MysticCoder
[2010/06/14 14:11:49 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\Desktop\Suru
[2010/06/12 17:21:05 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\AppData\Roaming\WebcamMax
[2010/06/12 17:21:05 | 000,000,000 | ---D | C] -- C:\ProgramData\WebcamMax
[2010/06/07 19:07:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Blaze Media Pro
[2010/06/07 19:01:47 | 000,000,000 | ---D | C] -- C:\Windows\uninstall
[2010/06/07 17:45:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\custom matrices
[2010/06/07 17:45:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\QuickTime
[2010/06/07 17:45:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\C2MP
[2010/06/07 17:42:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow
[2010/06/07 17:25:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010/06/07 17:13:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010/06/07 17:03:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebcamMax
[2010/06/06 18:22:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rar Repair Tool
[2010/06/03 16:07:18 | 000,015,160 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\drivers\jumi.sys
[2010/06/02 13:47:54 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\Desktop\Joeboylemotors
[2010/06/01 20:14:57 | 000,000,000 | ---D | C] -- C:\Users\Niall Acer Laptop\Documents\TURBOFloorPlan 3D
[2010/06/01 20:13:42 | 000,000,000 | ---D | C] -- C:\ProgramData\IMSIDesign
[2010/06/01 20:10:43 | 000,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2010/06/01 20:04:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IMSIDesign

========== Files - Modified Within 90 Days ==========

[2010/08/30 10:05:26 | 009,437,184 | -HS- | M] () -- C:\Users\Niall Acer Laptop\ntuser.dat
[2010/08/30 09:54:50 | 000,016,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/30 09:54:50 | 000,016,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/30 09:53:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/30 09:49:31 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
[2010/08/30 09:49:28 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/30 09:49:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/30 09:49:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/30 09:49:05 | 3144,777,728 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/29 21:26:39 | 002,967,919 | -H-- | M] () -- C:\Users\Niall Acer Laptop\AppData\Local\IconCache.db
[2010/08/29 21:25:43 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2010/08/28 12:45:07 | 001,005,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/28 12:45:07 | 000,825,278 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/28 12:45:07 | 000,181,970 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/27 19:20:17 | 000,015,410 | ---- | M] () -- C:\Users\Niall Acer Laptop\Desktop\phone.jpg
[2010/08/27 19:13:30 | 000,001,002 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts.old
[2010/08/25 11:40:05 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/22 21:42:03 | 000,002,048 | -H-- | M] () -- C:\Users\Niall Acer Laptop\Documents\Default.rdp
[2010/08/14 11:29:21 | 000,000,186 | ---- | M] () -- C:\Users\Niall Acer Laptop\RmUserCfg.ini
[2010/08/13 17:36:12 | 000,000,073 | ---- | M] () -- C:\Windows\w32demo8.ini
[2010/08/13 05:42:43 | 003,067,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/11 23:03:12 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/08/11 23:03:07 | 001,023,996 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/11 20:18:37 | 000,123,912 | ---- | M] () -- C:\Users\Niall Acer Laptop\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/11 18:37:31 | 000,011,183 | ---- | M] () -- C:\Users\Niall Acer Laptop\Desktop\Work.xlsx
[2010/08/07 16:10:18 | 000,001,042 | ---- | M] () -- C:\Users\Niall Acer Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2010/08/07 11:33:41 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2010/08/06 17:07:29 | 000,002,898 | ---- | M] () -- C:\aqua_bitmap.cpp
[2010/08/03 17:23:59 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010/08/03 17:23:59 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2010/07/29 00:32:27 | 000,011,511 | ---- | M] () -- C:\Users\Public\Documents\System Compare.xlsx
[2010/07/29 00:07:04 | 000,000,165 | -H-- | M] () -- C:\Users\Public\Documents\~$System Compare.xlsx
[2010/07/26 13:38:35 | 000,000,162 | -H-- | M] () -- C:\Users\Niall Acer Laptop\Desktop\~$Landy.doc
[2010/07/18 20:19:27 | 000,018,944 | ---- | M] () -- C:\Users\Niall Acer Laptop\Desktop\HolyCross Hours.xls
[2010/07/18 20:18:59 | 000,018,944 | ---- | M] () -- C:\Users\Public\Documents\HolyCross Hours.xls
[2010/07/15 12:10:07 | 000,012,899 | ---- | M] () -- C:\Users\Niall Acer Laptop\Desktop\FKey Current.xlsx
[2010/07/06 13:51:23 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_EhStorPwdDrv_01_09_00.Wdf
[2010/07/05 21:46:06 | 000,003,051 | ---- | M] () -- C:\Users\Niall Acer Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopEarth AutoStart.lnk
[2010/06/20 20:09:55 | 000,000,224 | ---- | M] () -- C:\Windows\SIERRA.INI
[2010/06/20 20:09:10 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\SIntfNT.dll
[2010/06/20 20:09:10 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\SIntf32.dll
[2010/06/20 20:09:10 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\SIntf16.dll
[2010/06/17 17:32:47 | 000,000,387 | ---- | M] () -- C:\Windows\win.ini
[2010/06/03 16:07:18 | 000,015,160 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\drivers\jumi.sys
[2010/06/01 20:38:27 | 000,167,580 | ---- | M] () -- C:\Users\Niall Acer Laptop\Desktop\Basement.jpg
[2010/06/01 20:33:23 | 000,073,949 | ---- | M] () -- C:\Users\Niall Acer Laptop\Desktop\23 Leinster Square main house plan.pdf

========== Files Created - No Company Name ==========

[2010/08/27 19:20:16 | 000,015,410 | ---- | C] () -- C:\Users\Niall Acer Laptop\Desktop\phone.jpg
[2010/08/25 11:40:05 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/23 10:58:21 | 008,676,883 | ---- | C] () -- C:\Windows\SysWow64\NCMedia2.dll
[2010/08/13 17:36:00 | 000,000,073 | ---- | C] () -- C:\Windows\w32demo8.ini
[2010/08/11 18:37:28 | 000,011,183 | ---- | C] () -- C:\Users\Niall Acer Laptop\Desktop\Work.xlsx
[2010/08/07 16:10:18 | 000,001,042 | ---- | C] () -- C:\Users\Niall Acer Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2010/08/07 11:33:41 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2010/08/06 16:15:50 | 000,002,898 | ---- | C] () -- C:\aqua_bitmap.cpp
[2010/07/29 00:07:04 | 000,000,165 | -H-- | C] () -- C:\Users\Public\Documents\~$System Compare.xlsx
[2010/07/29 00:07:03 | 000,011,511 | ---- | C] () -- C:\Users\Public\Documents\System Compare.xlsx
[2010/07/26 13:38:35 | 000,000,162 | -H-- | C] () -- C:\Users\Niall Acer Laptop\Desktop\~$Landy.doc
[2010/07/21 15:45:58 | 000,000,186 | ---- | C] () -- C:\Users\Niall Acer Laptop\RmUserCfg.ini
[2010/07/18 20:19:27 | 000,018,944 | ---- | C] () -- C:\Users\Niall Acer Laptop\Desktop\HolyCross Hours.xls
[2010/07/18 20:16:26 | 000,018,944 | ---- | C] () -- C:\Users\Public\Documents\HolyCross Hours.xls
[2010/07/07 21:53:21 | 000,012,899 | ---- | C] () -- C:\Users\Niall Acer Laptop\Desktop\FKey Current.xlsx
[2010/07/06 13:51:23 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_EhStorPwdDrv_01_09_00.Wdf
[2010/07/05 21:46:06 | 000,003,051 | ---- | C] () -- C:\Users\Niall Acer Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopEarth AutoStart.lnk
[2010/07/05 19:51:21 | 000,001,024 | ---- | C] () -- C:\.rnd
[2010/06/20 20:09:55 | 000,000,224 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/06/20 20:09:10 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2010/06/20 20:09:10 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2010/06/20 20:09:10 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2010/06/01 20:38:27 | 000,167,580 | ---- | C] () -- C:\Users\Niall Acer Laptop\Desktop\Basement.jpg
[2010/06/01 20:33:23 | 000,073,949 | ---- | C] () -- C:\Users\Niall Acer Laptop\Desktop\23 Leinster Square main house plan.pdf
[2010/03/23 15:21:27 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2010/03/22 22:28:29 | 000,000,192 | ---- | C] () -- C:\Windows\UserSetup.ini
[2010/03/22 22:27:53 | 000,002,627 | ---- | C] () -- C:\Windows\SysWow64\smport.sys
[2010/03/22 03:30:14 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll
[2010/03/03 01:00:00 | 004,555,278 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
[2010/03/03 01:00:00 | 001,449,935 | ---- | C] () -- C:\Windows\SysWow64\ffmpegmt.dll
[2010/03/03 01:00:00 | 000,882,688 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/03/03 01:00:00 | 000,877,385 | ---- | C] () -- C:\Windows\SysWow64\ff_x264.dll
[2010/03/03 01:00:00 | 000,556,491 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll
[2010/03/03 01:00:00 | 000,336,384 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2010/03/03 01:00:00 | 000,324,096 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2010/03/03 01:00:00 | 000,248,320 | ---- | C] () -- C:\Windows\SysWow64\ff_kernelDeint.dll
[2010/03/03 01:00:00 | 000,216,576 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2010/03/03 01:00:00 | 000,169,984 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2010/03/03 01:00:00 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2010/03/03 01:00:00 | 000,145,408 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2010/03/03 01:00:00 | 000,121,856 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2010/03/03 01:00:00 | 000,116,736 | ---- | C] () -- C:\Windows\SysWow64\ff_tremor.dll
[2010/03/03 01:00:00 | 000,100,864 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2010/03/03 01:00:00 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2010/03/03 01:00:00 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/02/08 12:21:07 | 001,023,996 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/02/07 21:06:42 | 000,000,036 | ---- | C] () -- C:\Users\Niall Acer Laptop\AppData\Local\housecall.guid.cache
[2010/02/04 22:37:43 | 000,941,784 | ---- | C] () -- C:\Windows\SysWow64\drivers\CAMTHWDM.sys
[2010/02/03 21:59:12 | 000,000,017 | ---- | C] () -- C:\Users\Niall Acer Laptop\AppData\Local\resmon.resmoncfg
[2010/01/29 16:33:18 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxPLK.dll
[2010/01/28 10:56:16 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxITA.dll
[2010/01/18 14:55:50 | 000,018,944 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxTRK.dll
[2010/01/04 17:51:58 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxESP.dll
[2009/12/23 10:52:16 | 000,018,944 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxDEU.dll
[2009/12/21 14:55:52 | 000,013,824 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxCHT.dll
[2009/12/11 16:26:18 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxCHS.dll
[2009/12/10 17:07:16 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxFRA.dll
[2009/12/10 17:07:16 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxRUS.dll
[2009/12/10 17:07:14 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxPTG.dll
[2009/12/10 17:07:12 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxPTB.dll
[2009/11/23 10:05:52 | 000,782,421 | ---- | C] () -- C:\Windows\SysWow64\RM_DVRNET_DLL.dll
[2009/11/21 09:39:24 | 000,229,442 | ---- | C] () -- C:\Windows\SysWow64\winpubf.dll
[2009/11/21 09:39:24 | 000,196,608 | ---- | C] () -- C:\Windows\SysWow64\nvrfs.dll
[2009/11/21 09:39:24 | 000,074,240 | ---- | C] () -- C:\Windows\SysWow64\CovH264ToAvi.dll
[2009/11/14 19:37:08 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2009/11/14 19:33:38 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2009/11/14 19:11:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2009/11/14 19:11:42 | 000,150,016 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2009/11/14 19:11:42 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2009/11/14 19:11:40 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2009/11/14 19:11:40 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2009/11/14 19:11:38 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2009/11/14 19:11:32 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2009/11/14 19:11:32 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 00:16:42 | 000,056,880 | ---- | C] () -- C:\Windows\SysWow64\scvideo.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/07 17:24:04 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/06/07 12:27:20 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\vbzlib1.dll
[2009/01/10 23:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\mmfinfo.dll
[2008/11/06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2008/10/04 00:07:10 | 003,754,896 | ---- | C] () -- C:\Windows\SysWow64\erdmpg-6.dll
[2008/09/28 18:33:01 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\Manipulate.dll
[2008/08/28 12:20:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\comLyricGetter.dll
[2008/08/28 12:17:22 | 000,097,280 | ---- | C] () -- C:\Windows\SysWow64\Uncommon.dll
[2008/08/28 12:17:20 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\NormalizeDSP.dll
[2007/10/13 10:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
[2006/11/06 20:30:38 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll

========== LOP Check ==========

[2010/02/11 17:00:39 | 000,000,000 | ---D | M] -- C:\Users\Niall Acer Laptop\AppData\Roaming\CopyTrans
[2010/02/11 16:59:58 | 000,000,000 | ---D | M] -- C:\Users\Niall Acer Laptop\AppData\Roaming\CopyTransControlCenter
[2010/08/30 09:50:19 | 000,000,000 | ---D | M] -- C:\Users\Niall Acer Laptop\AppData\Roaming\Dropbox
[2010/08/28 16:25:55 | 000,000,000 | ---D | M] -- C:\Users\Niall Acer Laptop\AppData\Roaming\FileZilla
[2010/03/25 22:20:14 | 000,000,000 | ---D | M] -- C:\Users\Niall Acer Laptop\AppData\Roaming\ImgBurn
[2010/08/12 12:35:42 | 000,000,000 | ---D | M] -- C:\Users\Niall Acer Laptop\AppData\Roaming\MusicBrainz
[2010/08/11 17:11:24 | 000,000,000 | ---D | M] -- C:\Users\Niall Acer Laptop\AppData\Roaming\Nokia
[2010/05/24 10:48:41 | 000,000,000 | ---D | M] -- C:\Users\Niall Acer Laptop\AppData\Roaming\Notepad++
[2010/06/16 20:31:03 | 000,000,000 | ---D | M] -- C:\Users\Niall Acer Laptop\AppData\Roaming\OpenOffice.org
[2010/08/07 19:04:47 | 000,000,000 | ---D | M] -- C:\Users\Niall Acer Laptop\AppData\Roaming\PC Suite
[2010/05/31 19:33:20 | 000,000,000 | ---D | M] -- C:\Users\Niall Acer Laptop\AppData\Roaming\SmartDraw
[2010/08/14 13:58:55 | 000,000,000 | ---D | M] -- C:\Users\Niall Acer Laptop\AppData\Roaming\SoftGrid Client
[2010/06/12 17:21:05 | 000,000,000 | ---D | M] -- C:\Users\Niall Acer Laptop\AppData\Roaming\WebcamMax
[2010/07/05 14:09:56 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/08/30 09:49:31 | 000,000,496 | ---- | M] () -- C:\Windows\Tasks\SDMsgUpdate (TE).job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:820563D3
< End of report >


#14 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:04:27 AM

Posted 30 August 2010 - 10:12 AM

Hi there,

I'm not seeing any more problems, how is the computer running on your end?

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#15 NiallH

NiallH
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:27 AM

Posted 02 September 2010 - 04:12 AM

Looks great, thanks for all your help smile.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users