Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan.agent.gen keeps coming back after removal/Quarantine. Svchost.exe Trojan.


  • This topic is locked This topic is locked
18 replies to this topic

#1 Doyler86

Doyler86

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 30 March 2013 - 04:11 PM

Hi as the topic says trojan.agent.gen and svchost.exe is constantly detected by malware bytes and my other malware scanners after every restart, it's affecting my computer performance badly, especially my graphics card (it runs at 96%+ gpu load making games unplayable) I can stop that issue from happening by reinstalling my video drivers, after i install them i get the message svchost.exe has stopped working from windows, so i click on the option to close it, and my gpu load goes back to normal. Some malware/spyware scanners can remove them, but like i said once i restart my pc they just re-install themselves and i'm back at square 1.. I've tried literally Everything to remove them but they just laugh at any attempt at permanent removal. If someone can help me out here I would be hugely gratefull. thanks.

By the way if you need me to post any new information about the problem please let me know.

Attached File  dds.txt   27.64KB   4 downloadsAttached File  attach.txt   17.77KB   1 downloads



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:43 AM

Posted 30 March 2013 - 05:16 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue!
  • Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download
  • a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    • Because of this, you must reply within 3 days
    failure to reply will result in the topic being closed!
  • I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.
    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.
  • ____________________________________________________

    OTL Custom Scan

    We need to run an OTL Custom Scan
    • Please download OTL from one of the following mirrors:
    • Save it to your desktop.
    • Double click on the otlicon.png icon on your desktop.
    • Click the "Scan All Users" checkbox.
    • Copy and Paste the following code into the customscanfix.png textbox.

      msconfig
      safebootminimal
      activex
      drivers32
      netsvcs
      CreateRestorePoint
      "%WinDir%\$NtUninstallKB*$." /30
      C:\Program Files\Common Files\ComObjects\*.* /s
      %systemroot%\*. /mp /s
      %systemroot%\*. /rp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\system32\drivers\*.sys /lockedfiles
      %systemroot%\System32\config\*.sav
      %systemroot%\system32\drivers\*.sys /90
      %SYSTEMDRIVE%\*.exe
      %systemdrive%\$Recycle.Bin|@;true;true;true /fp
      /md5start
      volsnap.sys
      atapi.sys
      explorer.exe
      winlogon.exe
      wininit.exe
      svchost.exe
      tdx.sys
      afd.sys
      netbt.sys
      services.exe
      /md5stop
      hklm\software\clients\startmenuinternet|command /rs
      hklm\software\clients\startmenuinternet|command /64 /rs
      HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s

    • Push the qscan.png button.
    • A report will open. Copy and Paste that report in your next reply.
    • NEXT:



      Running aswMBR.exe
    Download aswMBR.exe ( 1.8mb ) to your desktop.
    Double click the aswMBR.exe to run it Click the "Scan" button to start scan

    aswMBRScan.gif

    On completion of the scan click save log, save it to your desktop and post in your next reply

    aswMBRsavelog.gif



    NEXT:



    Please make sure you include the following items in your next post:

    1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
    2. OTL.txt & Extras.txt log files.
    3. aswMBR.txt log file.
    4. An update on how your computer is currently running.

    It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 Doyler86

Doyler86
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 30 March 2013 - 06:01 PM

Hi SweetTech! thank you for the fast reply :)

1. I should let you know i did re-install the video drivers this morning in order to stop the enourmous use of resources the svchost.exe trojan is having on it ( i don't want it to damage the card from overheating running at 99% usage ) but if you need me to restart and scan it when it's having that effect on my system, let me know.

 

2. post is apparently too long so i need to attach these :(


Attached File  OTL.Txt   227.17KB   4 downloads

 

OTL Extras logfile created on: 30/03/2013 22:24:40 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Eoin\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy
 
8.00 Gb Total Physical Memory | 5.94 Gb Available Physical Memory | 74.26% Memory free
16.00 Gb Paging File | 13.55 Gb Available in Paging File | 84.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 389.46 Gb Free Space | 41.81% Space Free | Partition Type: NTFS
Drive I: | 931.51 Gb Total Space | 578.00 Gb Free Space | 62.05% Space Free | Partition Type: NTFS
 
Computer Name: QUORRA | User Name: Eoin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_USERS\S-1-5-21-4060483818-2136790348-731521269-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{056D1A4A-3BEB-46BF-A7C8-A667CA5565F0}" = lport=137 | protocol=17 | dir=in | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{15D91277-A8BF-4E78-B6BF-619E9750447C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1E8D1700-48FB-4806-AEB9-43BDE30C664B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{20DD58AE-ED84-4D78-9BAC-B1AF7A605AE3}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{20E0E27E-C20F-45F1-9D35-2FF03464846C}" = rport=445 | protocol=6 | dir=out | app=system |
"{234DB3B4-DA21-4998-AB8B-59F84A45E5AA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{36BBD6D7-A7C9-4BCF-A7FF-07BE4F53C957}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{3AB4DB0F-BC5E-4565-983F-331457FAFCB3}" = rport=139 | protocol=6 | dir=out | app=system |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{432563B6-DF66-4970-940D-6D5D1A5924BA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{48F302A9-83D1-4949-A33E-D60ACD53AD48}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{593BD77A-7F62-43F1-BE8A-81DCD874EDF2}" = rport=137 | protocol=17 | dir=out | app=system |
"{602F6A1E-23BE-4782-9D18-7D86348ED4DF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{682331C8-D4AE-4F0F-9F4F-D6B00377B4CC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{68FE1602-A8E5-4499-9833-057F704E20A6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{85C45093-6C27-495F-B5E0-86D57C8BE51A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{900AF419-7EAC-42A3-99D5-6C782BDB3D86}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B10EE26D-3A10-4A3F-B5E3-BB9420597EB4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B31A478D-39B3-4032-9F35-8F83389D9E50}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C0F7CCE5-9C89-481E-9D37-A4BD1804E7BC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D3187FBF-3AD4-4AD9-8205-B4C6B6E2EFB2}" = lport=139 | protocol=6 | dir=in | app=system |
"{DC9C00FB-B635-42D5-A8FA-EB657A54F8FE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DD91E97E-0682-4DEE-9E63-AD6ABCD0FA71}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EB66593E-C2B3-4A52-B12B-23CA85CC573A}" = lport=138 | protocol=17 | dir=in | app=system |
"{EEDAA279-AC03-4D9B-9FBD-6E0BEBB29499}" = rport=138 | protocol=17 | dir=out | app=system |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FB427B62-990D-4F19-A648-E4B1EF7B03FB}" = lport=445 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{007F646D-7740-42A8-9B05-B20B651BDF0D}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{02611D5C-01B7-4454-B036-113D5D82F914}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{045E5F2D-4603-48EE-B231-269910AAF7EA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{05281A65-E107-48EC-BA43-165BCCDEC1F5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{061FF039-2A06-4B44-9AE5-769133A36B15}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war dark crusade\darkcrusade.exe |
"{06883A36-AC10-4193-B2D9-2F3C7674AB09}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sine mora\sinemora.exe |
"{073CA528-1C59-47A3-8015-C5D3601189AC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wargame european escalation\wargame.exe |
"{0B410376-6055-4569-83A7-35A64E44347C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{0D7C30B8-1028-42DB-BE70-8F415DE45260}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{0D9F991F-640D-438D-A326-1C6161839E30}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{0FE4A899-B5A0-4F41-B57D-699C4DC93993}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fear ultimate shooter edition\fear.exe |
"{110D0DE6-E92F-4864-8D2B-6DF0AA88A200}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\waves\binaries\win32\waves.exe |
"{1172F3DF-7142-410F-BB8D-9693CBC3E852}" = dir=in | app=c:\program files (x86)\apowersoft\video download capture\apowersoftsrv.dll |
"{119B443E-71B5-466E-A438-9FA0CD0366D3}" = protocol=17 | dir=in | app=c:\users\eoin\documents\vuze downloads\world of warcraft 3.3.5a (no install)\launcher.exe |
"{127EF681-6B6B-4A06-87BB-18D7BDABAD95}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{15320B5B-7541-4DAB-BCC2-BE95E8458BD8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\knights of the old republic ii\swkotor2.exe |
"{183656B0-0748-484C-BD99-C165F4F04A75}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |
"{1D2DB4E3-6BD4-4797-B9AA-9B88BA7C956D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\toki tori\tokitori.exe |
"{1E3E8BFB-9055-4440-AB29-B88F2A3843A9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\indie game the movie\igtm.exe |
"{1F74AFAB-D0A5-47A2-9617-C705297F909E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1FF4D67B-CEEA-4772-A44F-7815F17586ED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\configure.exe |
"{20481398-21F3-4401-96B7-61B0CA99FFC9}" = protocol=17 | dir=in | app=c:\users\eoin\documents\vuze downloads\world of warcraft 3.3.5a (no install)-1\launcher.patch.exe |
"{209964A7-473A-4D1E-A220-9C94D89FACC3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{20BCD694-FF5C-4A62-B8A1-27E2C6F1C3D6}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{210D41BA-94C4-43D7-9075-D47312DB9189}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{230AB956-A497-468F-AEFD-3BC29191D95A}" = protocol=6 | dir=out | app=system |
"{2420CE4E-0A2D-44FD-8F37-D0F2B4390D55}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\zenoclash\zenoclash.exe |
"{24635737-C752-4D85-B57A-ACF793819A17}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe |
"{252B5759-957C-4DDE-A84E-285D59DC9149}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |
"{2C318894-EF90-4B31-9ECE-573337E6E437}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thepolynomial\polynomial.exe |
"{2C46F8AE-3FEB-412A-9F50-63A9812A3EF5}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{2C546969-D5CB-4AF6-81D9-263480155589}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{2D8DD573-9FF2-4354-8B9C-10ACDFAA1881}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2DFECF46-8E02-4E32-8D3E-FD4ECB303449}" = protocol=17 | dir=in | app=c:\users\eoin\documents\vuze downloads\world of warcraft 3.3.5a (no install)\launcher.patch.exe |
"{2EE4C548-7E68-4ED5-87C6-26B740B70AA5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{2FEFBD01-FFE0-4DCF-990A-3AE06F80F05F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{3081945A-8314-4A94-A17C-D51E3B417C7D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{30F34B62-FF8B-4E8F-90DD-3EDCA35B91A3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thirty_flights_of_loving\tfol.exe |
"{3100A266-FC96-416F-95A3-AA9CC874D7A6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2launcher.exe |
"{328B82B0-8B17-4BB0-B882-B9B192365C2A}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{335A6C32-6C20-4D7A-A0C5-2DE46DCAC770}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{364E4248-F5B0-4DF9-9B55-D3A4125CD741}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{377086AF-1198-4364-980B-5D81541CA290}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war soulstorm\soulstorm.exe |
"{39EA5279-4041-4729-9E9D-67BDB7C4FEA3}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{3B1F8134-2C47-439B-8B55-AC60F9C6FA87}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\beathazard.exe |
"{3C55441B-1D3E-429D-9FA9-C354D534B7F1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon future soldier\future soldier.exe |
"{3D741BFD-6AFA-4FA5-9236-0FEEE0CEB98C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe |
"{3D8EF5C3-657D-4FE5-B2CB-9152DDC400B4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2launcher.exe |
"{3FFDAFAE-182E-45F0-BE93-1B28D0FCA090}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{40E1D9BC-F9B1-4B9A-88AA-EF55E88F44F8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3_unrestricted.exe |
"{4205301F-FD24-4345-B5DB-C821BA58CF08}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sleepingdogs\hkship.exe |
"{426DFA98-5FF0-4423-BAB0-18A903C9BA2D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the longest journey\game.exe |
"{45AD60AD-A691-46F8-83BE-522E2B24E7FB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{46C35111-657B-4D1C-9596-2CF431845A75}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4ACF3E97-B01F-41AB-B3D9-A110EDEC75ED}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\veoh_giraffic.exe |
"{4B3F75A8-05EC-4427-97E3-07D7570CF1F0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3.exe |
"{4F418AB2-2F7A-4B7D-B1A6-7CB24A54974F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{566791E4-E26F-46D5-9513-101C5E039465}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{57B4DC01-D9F6-4AAB-A940-8AD107C8D701}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |
"{589D671E-6D99-4F3B-AE16-95EEF4A62BDD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rainbow six vegas 2\binaries\r6vegas2_game.exe |
"{5D2146D9-9275-45DC-BD13-B1EAFCF6B6CC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\splintercell chaos theory\system\splintercell3.exe |
"{5D7E907E-E664-4C58-890C-CB519055B245}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{5E4DA2E1-C73A-4923-AAFA-B8551DC7E229}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{60219B04-DC69-4FFC-9BB1-85D567B7CE2A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe |
"{612E7253-5DD2-489D-9E10-E65E27AE797F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe |
"{61A1588D-3AA9-4ADF-88B6-74F34B0AF637}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\zenoclash\zenoclash.exe |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{622962B5-6149-455B-B6B1-30CCCA1634F1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{62903064-2648-4032-9B76-16CEE724FB3B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"{62A3A96F-23BD-497C-9035-AA29CD21ABEA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6327357F-1A6B-461C-8349-0A9CBD5E6DA6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{644C7A7E-5328-4FB9-BF3A-BFF631CC7EBC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe |
"{64785D29-2931-4DD6-BCD8-B63DECFE4678}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6671BCB9-418E-4B94-B9BC-53E8BF9B57DA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dangerous high school girls in trouble\prog\brigiton.exe |
"{6809BF4E-6AE1-4DB4-80FB-63583CEA96D6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{694B15FE-1774-4539-A188-54CB8B168AB6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\psychonauts\psychonauts.exe |
"{699AF35C-6B59-407E-A8F6-6B085D32753D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nancy drew curse of blackmoor manor\game.exe |
"{6C3BC074-7025-4DB2-BF84-16A0F371DB11}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{6ED4BB35-2A2F-4D3A-9325-700B8DE41503}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{6FE2B171-ADFE-4C36-BD9B-2614248E042A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders\darksiderspc.exe |
"{7145B6B2-89C5-4613-8722-601F0CA13CEF}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{72FAD30A-2496-4FA1-9D5E-85A210753633}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon future soldier\future soldier.exe |
"{73C93698-97E2-4CF3-8D22-B9917DF35CBC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war dark crusade\darkcrusade.exe |
"{759D7E06-AE3A-4912-B11F-B07A728EE2ED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders\darksiderspc.exe |
"{75F70324-825A-4A2E-90C8-922C6A996586}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{76B91689-44D5-477C-8368-B0C64F8C36E3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis\bin32\crysis.exe |
"{77307F7B-B09D-4816-88CD-271AB9A3BDEC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\knights of the old republic ii\swkotor2.exe |
"{79D84F65-87A5-475B-A603-EB7FAF057904}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7C2C708B-BACC-4A98-9191-1E81273929CA}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{7E903C93-057F-45FC-90F4-4F280D8E814E}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{7F1F6C5F-0BE5-46DF-80CE-3C4AC07A07E7}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{80EAA7C2-950D-40A7-B76C-F05BDE8D23FE}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{81928259-651F-43E5-9C00-85A30C879DF0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{819810D9-2BBA-42F5-A584-438AE08EFBCC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{81A12373-6D89-4071-B628-6171956F9C44}" = protocol=6 | dir=in | app=c:\users\eoin\documents\vuze downloads\world of warcraft 3.3.5a (no install)-1\launcher.patch.exe |
"{82193AA3-7866-4123-9FC9-C874A7B903BE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{82695F53-4068-49B2-B010-5AED962A25BD}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{82E41197-8BB5-487E-815D-62270E65335B}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{836455B2-7D47-44E2-8E74-2C363CF16292}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8438EBFE-CC59-4FBB-AC9C-83E4F0529EE8}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{85C90196-5434-42BC-91D3-9BE8B742D8C3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\psychonauts\psychonauts.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{868E86B1-84B2-4078-8A44-DCCFC1AD17D7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{86CEF8D8-9766-4900-9C71-03C1B37E5AC6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\sdklauncher.exe |
"{89BE8E74-CF90-4A09-87B3-CEC718A8947D}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{89FDB4A6-D50C-4644-B2A9-9A042E15A28B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thepolynomial\polynomial.exe |
"{8C93699F-5206-4F11-97CF-BB81EC03BA5B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{8E4A43A5-3164-4F95-838C-4AAF07B7681B}" = protocol=6 | dir=in | app=c:\users\eoin\documents\vuze downloads\world of warcraft 3.3.5a (no install)\wow-x.x.x.x-4.0.0.12911-downloader.exe |
"{8EE527C3-205E-4BDC-B727-F44522E3D50F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9301492F-305B-4041-ADC2-484FE108EDB6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3.exe |
"{93961AE5-E55E-4B1E-944B-93EE2574EB0C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\splinter cell - double agent\scdalauncher.exe |
"{94630FCA-669B-41BD-953E-03959E302FD9}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{96358F9B-C3EB-4A9F-9D09-3F46FFE52BD2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{96995C7D-2955-4545-8408-D26D1C88903F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{96E5197F-2D14-4A32-A812-CBCCED6C63A3}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{9837A435-0A4C-4FFF-B3CB-434C4BB1B80E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3_unrestricted.exe |
"{9937208D-9F7E-42BF-9D29-CCB1CF77A88C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
"{9AFE3405-70B3-423E-A388-69B6C98B0DD6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe |
"{9CA36C74-69CF-4EC5-94BD-038930DF1155}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe |
"{9D126678-2522-4BD2-AA29-12CA8C135D38}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe |
"{A035AA07-6EA1-48DB-801C-88F58CBB1532}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{A092419A-A104-46B5-A199-518D0A45BC0A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\toki tori\tokitori.exe |
"{A1E94F4A-5205-42FC-8FFA-B5FF9D689F00}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A699356E-1E40-4217-9C08-A314F9E77B06}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\waves\binaries\win32\waves.exe |
"{A7CCA092-D5D5-4613-B5D7-7AA2DEAAD1C0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\splinter cell\system\splintercell.exe |
"{A8DD853D-E980-4007-890C-52AC3FD08AC4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\configure.exe |
"{AA3ADCEE-12C9-4FBF-B653-2AC874657206}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AAD10CAB-FBE3-4B53-8316-8EF525DB09B6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AFDD7876-9D06-4E24-A4E9-8ECFE40EE104}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis\bin32\crysis.exe |
"{B0788E46-8A7E-4123-851D-AF8ACD897556}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{B148869C-F245-49A1-B124-F98897026AC2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\splinter cell\system\splintercell.exe |
"{B3E8D35D-F9BC-4D9A-9C96-2B24FA2D396A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |
"{B4596EED-EF43-4185-95F4-CCB98B01F08E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{B4AEE009-4CDA-4B9D-B24E-CA3B50E77F7A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\euro truck simulator 2\bin\win_x86\eurotrucks2.exe |
"{B93C641F-6DA5-4C40-AEF4-6C701ABE68B1}" = dir=in | app=c:\program files (x86)\apowersoft\video download capture\videodownloadcapture.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{BD914F1D-9D44-489A-9246-0A60F3DA988D}" = protocol=6 | dir=in | app=c:\users\eoin\desktop\bf3\battlefield 3™\bf3.exe |
"{BEB1AAF4-4A90-4505-AE13-902A55A201C8}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{C1645AB5-3FFF-41AB-BBF5-6069ACB2D5B3}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C2D5C0D7-22A8-47F6-87B7-F518FF49932A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{C347B7FB-C237-4EB9-93D7-E84572F03708}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\indie game the movie\igtm.exe |
"{C3F62E6D-86BE-460F-AAF3-7F6A49B16743}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\veoh_girafficwatchdog.exe |
"{C43581E8-4C0B-4964-9D73-43274E660BF2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\runme.exe |
"{C51A7A1C-4002-447E-9F39-6B224C63B69C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe |
"{C5E50A7B-5096-4720-B0BA-8E490A095097}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"{C6CB3C50-F547-4ABB-B96D-90FD55651A80}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{C7AED212-62D0-4066-BC11-A95E631C9073}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{C8432B1B-BACB-46CD-95FB-8D0F917E2F53}" = protocol=17 | dir=in | app=c:\users\eoin\documents\vuze downloads\world of warcraft 3.3.5a (no install)\wow-x.x.x.x-4.0.0.12911-downloader.exe |
"{CD376170-86EA-4991-81CB-DF961DB3477E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{CDDECCE1-D01E-45F1-A7AB-E31095F7B7E0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\splinter cell - double agent\scdalauncher.exe |
"{CE417EC0-BA10-4B1B-A64F-8775834E41B9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\sdklauncher.exe |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CEFF73BE-F042-44EB-ADC9-A168D50E5BFF}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{D069B8BB-FE60-444D-9855-FDA2717F8B1F}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D455BAE8-ECDB-408C-A8E3-CD03A0BBDD4C}" = protocol=6 | dir=in | app=c:\users\eoin\documents\vuze downloads\world of warcraft 3.3.5a (no install)-1\launcher.exe |
"{D4CAC269-F5E2-4140-A5ED-1F74A5A7BB4E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sine mora\sinemora.exe |
"{D590AD54-055F-4104-947C-48FC0D443A5D}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{D5EFBCE9-E42A-4257-8E81-754CE9A553D9}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{D609D28B-A530-4B9E-8203-CE3ABB106708}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wargame european escalation\wargame.exe |
"{D649B085-0562-40C0-AEC1-E9C1A14B2155}" = dir=in | app=c:\program files (x86)\apowersoft\video download capture\video-download-capture.exe |
"{D6B08C16-BF88-4CEB-A07F-1203A3674C0D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D73429C1-6812-4F37-A795-11524320658F}" = protocol=17 | dir=in | app=c:\users\eoin\documents\vuze downloads\world of warcraft 3.3.5a (no install)-1\launcher.exe |
"{D8B89903-AB5F-48CD-B5DF-A8B5B858F0CE}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{D8F8C619-F975-4445-ACC1-CC20DFAC6985}" = dir=in | app=c:\program files (x86)\apowersoft\video download capture\apowersoftdump.dll |
"{D97A0286-5245-4A98-9BE7-C763DCEC8606}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DA8A931E-F206-422F-AB24-29EA108A2A1D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rainbow six vegas 2\binaries\r6vegas2_game.exe |
"{DAA88935-618A-49E6-B021-86E171DBEC57}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\runme.exe |
"{DACF66FB-9077-42AE-A82A-1202145C8C1B}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\veoh_giraffic.exe |
"{DB480FC4-1F7B-4CF9-9C85-6BC039F6CB87}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DBBF4214-0DC3-4AC2-B2CA-D6E584F69A05}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{DD8B52BD-8A3C-4330-ACE2-86FFF247F200}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
"{DE7FA9CE-DF41-46A9-A461-AB76C637629B}" = protocol=17 | dir=in | app=c:\users\eoin\desktop\bf3\battlefield 3™\bf3.exe |
"{DEB02ED4-229E-40AD-9F53-A7BAC68DCE76}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{DED54E92-677B-4754-A059-C1597AEDCEF4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DEFB619D-D754-4009-B9AD-CEDACEF0A3D9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dangerous high school girls in trouble\prog\brigiton.exe |
"{DF6BC23E-7967-4ACD-8BDE-D5540C2CA3B0}" = protocol=6 | dir=in | app=c:\users\eoin\documents\vuze downloads\world of warcraft 3.3.5a (no install)\launcher.exe |
"{E164D27C-9AC4-4A38-8606-2017316F56E3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\splintercell chaos theory\system\splintercell3.exe |
"{E2A3068E-D087-41A4-8448-B45973C6D1DC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crusader kings ii\ck2game.exe |
"{E316F85B-5F7C-43B1-9997-BEBD9F297045}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{E44A8887-6A17-4E0A-B0D1-87789C8B4E4F}" = protocol=6 | dir=in | app=c:\users\eoin\documents\vuze downloads\world of warcraft 3.3.5a (no install)\launcher.patch.exe |
"{E5BBD667-209B-41E4-8720-C8457ECD76B5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E687C3FF-F9CD-4C5D-9433-E6CCA1FE343C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |
"{E69650B2-E5B6-4720-B60E-5A844E3CBD35}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe |
"{E8655DA3-92F6-4796-9395-92FC87F4AB99}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E8FBFD57-75E1-488C-9B76-A14F85DE73EB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war soulstorm\soulstorm.exe |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E9C93279-C1DE-4779-BA87-E9A329CE77E8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thirty_flights_of_loving\tfol.exe |
"{E9DBF373-4A63-4742-AB25-5ADB2774024D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crusader kings ii\ck2game.exe |
"{EA609E26-4787-437B-8ED1-752A3DDEAEE9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the longest journey\game.exe |
"{EA79A7B0-C060-4A0F-8E36-B70241AAA46A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EC693CCD-D90B-48A0-8949-59DA96B05663}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fear ultimate shooter edition\fear.exe |
"{ECAC4074-ECDD-4B70-91C6-9BB078DC502C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{EF7505E3-AC8B-4B6E-B7AE-B825808B0B71}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\euro truck simulator 2\bin\win_x86\eurotrucks2.exe |
"{EF7BDA86-E7AE-471A-A2A9-2A7BAC3B93B4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\beathazard.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EFC909D8-996F-45DD-84F0-F591BC59B800}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{F0DC1801-632B-4F10-8DCC-1D3886E8B996}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{F2292E48-E0C0-4CEA-BEDD-3E7200280C79}" = dir=in | app=c:\users\eoin\appdata\local\microsoft\skydrive\skydrive.exe |
"{F26369A9-8DE9-44C8-9A9A-3C7856E69BBF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nancy drew curse of blackmoor manor\game.exe |
"{F2B5DCEF-0981-4237-8A3D-62AAF874D2C2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe |
"{F51895D0-DE6B-48C7-A3FB-1FC5E26A0A44}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sleepingdogs\hkship.exe |
"{F6107BB2-F941-493F-AD79-5DE94B156592}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\veoh_girafficwatchdog.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F97BB673-8E47-415A-A8F5-9300C5673BDD}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{FB080504-F6DA-46B9-87DD-9D2BF456F27E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{FCBD545A-5130-48D9-AB0A-18DF10CCB7BF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe |
"{FD03BBD1-E592-4294-9453-513409E0582F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"TCP Query User{04629811-472C-4BB2-9D47-7DF9C2712CD9}C:\games\dowar2r\dow2.exe" = protocol=6 | dir=in | app=c:\games\dowar2r\dow2.exe |
"TCP Query User{15E9EED7-DE1A-43AD-A5FE-F09F038FC972}C:\program files (x86)\activision\call of duty - black ops\blackops.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - black ops\blackops.exe |
"TCP Query User{3158700D-A4EA-4D8F-98EA-4F409EDDC38C}C:\program files (x86)\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18092\sc2.exe |
"TCP Query User{5FCCFDBB-EFAB-4762-94C1-F237AAE6B54D}C:\users\eoin\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\eoin\appdata\roaming\spotify\spotify.exe |
"TCP Query User{743C2971-9679-46B3-B8A8-AFBBB53B7656}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"TCP Query User{9CF257A1-70A5-411F-8C93-466083C2BA4C}C:\program files (x86)\activision\call of duty - black ops\blackops.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - black ops\blackops.exe |
"TCP Query User{9F9B23F0-67E1-4BF3-8F9A-423C48C7AF75}C:\program files (x86)\modern\call of duty - world at war\codwaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\modern\call of duty - world at war\codwaw.exe |
"TCP Query User{BD34DE2C-4A4E-468B-A1E4-45F74CBD8B80}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe |
"UDP Query User{03DF2A00-A2FC-4E72-9C0F-20362CC0327A}C:\program files (x86)\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18092\sc2.exe |
"UDP Query User{2DBFFBAD-4699-4D9C-BE62-556DF03E813F}C:\program files (x86)\modern\call of duty - world at war\codwaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\modern\call of duty - world at war\codwaw.exe |
"UDP Query User{8D421038-4037-47EA-A2BB-9C03BAEFB8E9}C:\games\dowar2r\dow2.exe" = protocol=17 | dir=in | app=c:\games\dowar2r\dow2.exe |
"UDP Query User{9588A83A-BF97-4C24-ADE5-ADFDAF74AF25}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"UDP Query User{BA26A7A0-813C-419C-8392-A67FA461A038}C:\users\eoin\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\eoin\appdata\roaming\spotify\spotify.exe |
"UDP Query User{BF8DBBD9-67FF-4B50-A86D-24DE4C50537F}C:\program files (x86)\activision\call of duty - black ops\blackops.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - black ops\blackops.exe |
"UDP Query User{E123AF4C-114F-4DBA-9339-5B54F74B62B3}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe |
"UDP Query User{E78C574E-1CB8-4417-AB6F-BDC5064F3082}C:\program files (x86)\activision\call of duty - black ops\blackops.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - black ops\blackops.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0407893F-352C-B182-E04A-A8C3333DA29B}" = AMD Drag and Drop Transcoding
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E8670B8-3965-4930-ADA6-570348B67153}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{13D558FE-A863-402C-B115-160007277033}" = Microsoft SQL Server 2012 Express LocalDB
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{3145731D-C578-70ED-899F-7A670D2A6662}" = AMD Fuel
"{338CE2A1-7BD6-AC18-0069-4A90F7C3D836}" = AMD Steady Video Plug-In
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{36E619BC-A234-4EC3-849B-779A7C865A45}" = Microsoft SQL Server 2012 Data-Tier App Framework
"{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
"{4701DEDE-1888-49E0-BAE5-857875924CA2}" = Microsoft SQL Server System CLR Types (x64)
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{49D665A2-4C2A-476E-9AB8-FCC425F526FC}" = Microsoft SQL Server 2012 Native Client
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{78909610-D229-459C-A936-25D92283D3FD}" = Microsoft SQL Server Compact 4.0 SP1 x64 ENU
"{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}" = IIS 8.0 Express
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}" = Microsoft SQL Server 2012 Command Line Utilities
"{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb" = IIS Express Application Compatibility Database for x64
"{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}" = Microsoft Web Deploy 3.0
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}" = Microsoft SQL Server 2012 Transact-SQL Compiler Service
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{E2B8249D-895C-4685-8C83-00F3B1A13028}" = Microsoft Web Platform Installer 4.0
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F1949145-EB64-4DE7-9D81-E6D27937146C}" = Microsoft System CLR Types for SQL Server 2012 (x64)
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"{FA0A244E-F3C2-4589-B42A-3D522DE79A42}" = Microsoft SQL Server 2012 Management Objects  (x64)
"{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb" = IIS Express Application Compatibility Database for x86
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.57.1
"Logitech Gaming Software" = Logitech Gaming Software 8.40
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"WinRAR archiver" = WinRAR 4.00 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1" = Live Update 5
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A04086B-0B71-43C3-95EF-FDFC4C18D161}" = SILKYPIX Developer Studio 3.1 SE
"{0A1A1D48-DB23-443A-BC7B-49255D138020}" = Entity Framework Designer for Visual Studio 2012 - enu
"{0A3A9522-EFA2-4C56-9138-101692C2A130}" = System Requirements Lab
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}" = Microsoft Silverlight 4 SDK
"{1948E039-EC79-4591-951D-9867A8C14C90}" = Microsoft .NET Framework 4.5 SDK
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3607FA40-1D0F-4294-B034-6054349E1613}" = Windows Live Messenger
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3A523AF9-D32F-4C85-8388-0335731F3405}" = WCF RIA Services V1.0 SP2
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{49110532-D289-4BFF-807C-45B782E66A7C}" = Photo Common
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{532F6E8A-AF97-41C3-915F-39F718EC07D1}" = ASUS GPU Tweak
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5454085C-129F-416C-9C0B-8B1000058301}" = BioShock 2
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}" = Microsoft .NET Framework 4.5 Multi-Targeting Pack
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = AMD VISION Engine Control Center
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{63824BC0-B747-43F3-9863-1066D64AD919}" = Photo Gallery
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6CEA775F-E70A-4D72-A3B4-1EB3A5AD4B5C}" = Windows Live Essentials
"{6D6D43E5-218C-4B05-92D3-2240810F4760}" = Microsoft SQL Server 2012 T-SQL Language Service
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6e8f74e0-43bd-4dce-8477-6ff6828acc07}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{790E9425-8570-493F-9AE7-81AFC9E46930}" = Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00)
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7B0C5EF6-DE4C-4E20-8889-C17604FFE5CD}" = Windows Live Family Safety
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88F84936-8445-438D-A5E5-E3DA61A22A30}" = Windows Live Family Safety
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E6E8CBB-8E58-493C-943F-4664F5F2FEDB}" = Movie Maker
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{8F4D359D-99E3-4158-8BD4-7F9512E67391}" = Windows Live Writer Resources
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9169C939-ED01-446A-BD0C-29873BAF4E48}" = Prerequisites for SSDT
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.0 HD Edition
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{9971EC43-AB05-48B9-9BA2-5DBE0A42191B}" = Windows Live Writer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}" = Microsoft SQL Server System CLR Types
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}" = Microsoft SQL Server 2012 Management Objects
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}" = Microsoft ASP.NET MVC 3
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E1FBB3D4-ADB0-4949-B101-855DA061C735}" = Microsoft Silverlight 5 SDK
"{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}" = Microsoft System CLR Types for SQL Server 2012
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4C33F5B-1B2F-466E-957E-B274F08151A0}" = Microsoft Web Deploy dbSqlPackage Provider - enu
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{EECD7B96-1416-4D3A-B12D-0D2512120C36}" = EasyViewer
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F21F0424-B2FF-40BF-A984-9E0D7FB4C97E}" = Windows Live UX Platform Language Pack
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F2409431-8B8C-4256-A97E-9138EBA34DC9}" = Windows Live Mail
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{FA804794-2CCB-4301-954F-2C2894698876}" = Microsoft SQL Server Data Tools - enu (11.1.20627.00)
"{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}" = Microsoft SQL Server 2012 Data-Tier App Framework
"{FC54FD8D-789C-406D-BB88-F7C4421B7E83}_is1" = VideoGenie
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FC9F924E-9472-45F1-980D-8267E47AA054}" = Poke
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FEB375AB-6EEC-3929-8FAF-188ED81DD8B5}" = Microsoft Help Viewer 2.0
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"Browser Defender_is1" = Browser Defender 3.0
"Call of Duty Black Ops II Update 3 3.0.1" = Call of Duty Black Ops II Update 3 3.0.1
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"CDisplayEx_is1" = CDisplayEx 1.8
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ControlCenter_is1" = ControlCenter
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX Setup
"ESET Online Scanner" = ESET Online Scanner v3
"Evaer Video Recorder for Skype" = Evaer Video Recorder for Skype 1.2.9.87
"Final Fantasy VII_is1" = Final Fantasy VII - Ultima Edition
"Fraps" = Fraps (remove only)
"Giraffic" = Veoh Giraffic Video Accelerator
"Google Chrome" = Google Chrome
"Hitman Absolution_is1" = Hitman Absolution
"InstallShield_{0A04086B-0B71-43C3-95EF-FDFC4C18D161}" = SILKYPIX Developer Studio 3.1 SE
"InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}" = ASUS GPU Tweak
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{EECD7B96-1416-4D3A-B12D-0D2512120C36}" = EasyViewer
"IrfanView" = IrfanView (remove only)
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft Help Viewer 2.0" = Microsoft Help Viewer 2.0
"Mozilla Firefox 17.0.1 (x86 en-GB)" = Mozilla Firefox 17.0.1 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Opera 12.02.1578" = Opera 12.02
"PunkBusterSvc" = PunkBuster Services
"Registry Mechanic_is1" = PC Tools Registry Mechanic 11.1
"Rockstar Games Social Club" = Rockstar Games Social Club
"Sapphire TRIXX" = Sapphire TRIXX
"SpeedFan" = SpeedFan (remove only)
"Spyware Doctor" = Spyware Doctor with AntiVirus 8.0
"Steam App 107600" = Waves
"Steam App 108800" = Crysis 2 Maximum Edition
"Steam App 13560" = Tom Clancy's Splinter Cell
"Steam App 13570" = Tom Clancy's Splinter Cell: Chaos Theory
"Steam App 13580" = Tom Clancy's Splinter Cell: Double Agent
"Steam App 15120" = Tom Clancy's Rainbow Six: Vegas 2
"Steam App 15620" = Warhammer® 40,000™: Dawn of War® II
"Steam App 17300" = Crysis
"Steam App 19840" = Tom Clancy's Rainbow Six 3: Athena Sword
"Steam App 19900" = Far Cry 2
"Steam App 201790" = Orcs Must Die! 2
"Steam App 203770" = Crusader Kings II
"Steam App 206440" = To the Moon
"Steam App 207080" = Indie Game: The Movie
"Steam App 208580" = Star Wars: Knights of the Old Republic II
"Steam App 212630" = Tom Clancy's Ghost Recon Future Soldier
"Steam App 214700" = Thirty Flights of Loving
"Steam App 214970" = Intrusion 2
"Steam App 220240" = Far Cry® 3
"Steam App 231350" = 3DMark Demo
"Steam App 26800" = Braid
"Steam App 27400" = Dangerous High School Girls in Trouble!
"Steam App 31830" = Nancy Drew: Curse of Blackmoor Manor
"Steam App 32370" = Star Wars: Knights of the Old Republic
"Steam App 33220" = Tom Clancy's Splinter Cell: Conviction
"Steam App 34440" = Sid Meier's Civilization IV
"Steam App 34450" = Sid Meier's Civilization IV: Warlords
"Steam App 34460" = Sid Meier's Civilization IV: Beyond the Sword
"Steam App 34470" = Sid Meier's Civilization IV: Colonization
"Steam App 3590" = Plants vs. Zombies: Game of the Year
"Steam App 41070" = Serious Sam 3: BFE
"Steam App 43110" = Metro 2033
"Steam App 44320" = DiRT 3
"Steam App 4580" = Warhammer 40,000: Dawn of War – Dark Crusade
"Steam App 50620" = Darksiders
"Steam App 56400" = Warhammer® 40,000™: Dawn of War® II – Retribution™
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 58610" = Wargame: European Escalation
"Steam App 6310" = The Longest Journey
"Steam App 6860" = Hitman: Blood Money
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 745" = Counter-Strike: Global Offensive - SDK
"Steam App 8870" = BioShock Infinite
"Steam App 91310" = Dead Island
"Steam App 9450" = Warhammer 40,000: Dawn of War – Soulstorm
"TechPowerUp GPU-Z" = TechPowerUp GPU-Z
"Unigine Heaven Benchmark (Basic Edition)_is1" = Heaven Benchmark version 4.0
"Uplay" = Uplay
"VLC media player" = VLC media player 2.0.5
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"xvid" = Xvid MPEG-4 Video Codec
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4060483818-2136790348-731521269-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive
"Spotify" = Spotify
"Third Age - Total War 2.0 (Part1of2)" = Third Age - Total War 2.0 (Part1of2)
"Third Age - Total War 2.0 (Part2of2)" = Third Age - Total War 2.0 (Part2of2)
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Detector Plug-in
"WinDirStat" = WinDirStat 1.1.2
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30/03/2013 01:32:24 | Computer Name = Quorra | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2012
 
Error - 30/03/2013 01:32:24 | Computer Name = Quorra | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2012
 
Error - 30/03/2013 14:51:40 | Computer Name = Quorra | Source = VSS | ID = 18
Description =
 
Error - 30/03/2013 14:51:40 | Computer Name = Quorra | Source = VSS | ID = 8193
Description =
 
Error - 30/03/2013 14:51:40 | Computer Name = Quorra | Source = System Restore | ID = 8193
Description =
 
Error - 30/03/2013 15:17:27 | Computer Name = Quorra | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 0.0.0.0, time stamp:
 0x508663c0  Faulting module name: amdocl.dll, version: 10.0.1084.4, time stamp: 0x50d225d5
Exception
 code: 0xc0000005  Fault offset: 0x0041518e  Faulting process id: 0x72c  Faulting application
 start time: 0x01ce2d7929ef5e6c  Faulting application path: C:\Users\Eoin\AppData\Local\Temp\svchost.exe
Faulting
 module path: C:\Windows\system32\amdocl.dll  Report Id: 75433182-996e-11e2-9443-6c626d50af93
 
Error - 30/03/2013 16:41:51 | Computer Name = Quorra | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Eoin\Desktop\esetsmartinstaller_enu.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components
are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 30/03/2013 16:42:04 | Computer Name = Quorra | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Eoin\Desktop\esetsmartinstaller_enu.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components
are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 30/03/2013 16:42:07 | Computer Name = Quorra | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Eoin\Desktop\esetsmartinstaller_enu.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components
are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 30/03/2013 17:14:34 | Computer Name = Quorra | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 0.0.0.0, time stamp:
 0x508663c0  Faulting module name: amdocl.dll, version: 10.0.1084.4, time stamp: 0x50d225d5
Exception
 code: 0xc0000005  Fault offset: 0x0041518e  Faulting process id: 0x1664  Faulting application
 start time: 0x01ce2d8868613c82  Faulting application path: C:\Users\Eoin\AppData\Local\Temp\svchost.exe
Faulting
 module path: C:\Windows\system32\amdocl.dll  Report Id: d19f09b0-997e-11e2-ad08-6c626d50af93
 
[ System Events ]
Error - 30/03/2013 15:00:06 | Computer Name = Quorra | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\system32\drivers\SBREdrv.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
 for a compatible version of the driver.
 
Error - 30/03/2013 15:01:41 | Computer Name = Quorra | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   SBRE
 
Error - 30/03/2013 15:18:12 | Computer Name = Quorra | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the AMD
 External Events Utility service to connect.
 
Error - 30/03/2013 15:18:12 | Computer Name = Quorra | Source = Service Control Manager | ID = 7000
Description = The AMD External Events Utility service failed to start due to the
 following error:   %%1053
 
Error - 30/03/2013 16:33:57 | Computer Name = Quorra | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\system32\drivers\SBREdrv.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
 for a compatible version of the driver.
 
Error - 30/03/2013 16:35:33 | Computer Name = Quorra | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   SBRE
 
Error - 30/03/2013 16:49:56 | Computer Name = Quorra | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\system32\drivers\SBREdrv.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
 for a compatible version of the driver.
 
Error - 30/03/2013 16:51:26 | Computer Name = Quorra | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   SBRE
 
Error - 30/03/2013 17:15:24 | Computer Name = Quorra | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the AMD
 External Events Utility service to connect.
 
Error - 30/03/2013 17:15:24 | Computer Name = Quorra | Source = Service Control Manager | ID = 7000
Description = The AMD External Events Utility service failed to start due to the
 following error:   %%1053
 
 
< End of report >
 


3.

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-03-30 22:49:53
-----------------------------
22:49:53.858    OS Version: Windows x64 6.1.7601 Service Pack 1
22:49:53.858    Number of processors: 4 586 0x403
22:49:53.858    ComputerName: QUORRA  UserName: Eoin
22:49:55.606    Initialize success
22:50:09.205    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-4
22:50:09.205    Disk 0 Vendor: WDC_WD1002FAEX-00Y9A0 05.01D05 Size: 953869MB BusType: 3
22:50:09.267    Disk 0 MBR read successfully
22:50:09.267    Disk 0 MBR scan
22:50:09.267    Disk 0 Windows 7 default MBR code
22:50:09.283    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
22:50:09.283    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       953767 MB offset 206848
22:50:09.283    Disk 0 scanning C:\Windows\system32\drivers
22:50:13.791    Service scanning
22:50:23.401    Modules scanning
22:50:23.401    Disk 0 trace - called modules:
22:50:23.416    ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
22:50:23.416    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007c5f790]
22:50:23.416    3 CLASSPNP.SYS[fffff88001aea43f] -> nt!IofCallDriver -> [0xfffffa8007a9eb30]
22:50:23.916    5 PCTCore64.sys[fffff880011738a4] -> nt!IofCallDriver -> [0xfffffa800762b520]
22:50:23.916    7 ACPI.sys[fffff88000f867a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-4[0xfffffa8006c9b680]
22:50:23.916    Scan finished successfully
22:51:53.257    Disk 0 MBR has been saved successfully to "C:\Users\Eoin\Desktop\MBR.dat"
22:51:53.273    The log file has been saved successfully to "C:\Users\Eoin\Desktop\aswMBR.txt"


4. There is no obvious signs after i reinstall the video drivers like i said in my first post, but if i was to do a scan with some other maleware scanners they would detect the trojan.agent.exe or svchost.exe and attempt to remove the, and of course fail. I haven't done that though.
 


 

Attached Files


Edited by Doyler86, 30 March 2013 - 06:03 PM.


#4 Doyler86

Doyler86
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 30 March 2013 - 06:04 PM

ignore the attach.txt file at the end it was a mistake : /



#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:43 AM

Posted 30 March 2013 - 07:09 PM

Okay. Thanks for those log files.

I see ComboFix was previously run.

Can you please post that log file for me to review?

It can be found in your C:\ drive and will be named ComboFix.txt

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#6 Doyler86

Doyler86
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 30 March 2013 - 07:36 PM

ComboFix 13-03-30.01 - Eoin 30/03/2013  18:52:22.2.4 - x64 NETWORK
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.353.1033.18.8191.6126 [GMT 0:00]
Running from: c:\users\Eoin\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-02-28 to 2013-03-30  )))))))))))))))))))))))))))))))
.
.
2013-03-30 18:56 . 2013-03-30 18:56    --------    d-----w-    c:\users\Guest\AppData\Local\temp
2013-03-30 18:56 . 2013-03-30 18:56    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-03-30 15:19 . 2011-07-01 15:36    149456    ----a-w-    c:\windows\SGDetectionTool.dll
2013-03-30 15:19 . 2011-07-01 15:36    767952    ----a-w-    c:\windows\BDTSupport.dll
2013-03-30 15:19 . 2011-07-01 15:36    2029520    ----a-w-    c:\windows\PCTBDCore.dll
2013-03-30 15:19 . 2011-07-01 15:36    1533904    ----a-w-    c:\windows\PCTBDRes.dll
2013-03-30 15:07 . 2011-07-11 09:05    337048    ----a-w-    c:\windows\system32\drivers\pctgntdi64.sys
2013-03-30 15:07 . 2011-07-11 09:05    143896    ----a-w-    c:\windows\system32\drivers\pctwfpfilter64.sys
2013-03-30 15:07 . 2010-07-16 14:53    816016    ----a-w-    c:\windows\system32\drivers\pctEFA64.sys
2013-03-30 15:07 . 2010-06-29 10:35    452872    ----a-w-    c:\windows\system32\drivers\pctDS64.sys
2013-03-30 15:07 . 2011-07-11 12:02    282440    ----a-w-    c:\windows\system32\drivers\PCTCore64.sys
2013-03-30 15:07 . 2011-03-10 09:08    279344    ----a-w-    c:\windows\system32\drivers\PCTSD64.sys
2013-03-30 00:40 . 2013-03-30 00:40    --------    d-----w-    c:\users\Eoin\AppData\Roaming\Product_RM
2013-03-25 20:23 . 2013-03-25 20:23    --------    d-sh--w-    c:\programdata\DSS
2013-03-25 20:22 . 2011-03-19 15:16    1417216    ----a-w-    c:\windows\SysWow64\rapture3d_oal.dll
2013-03-25 20:22 . 2010-09-22 13:12    19087360    ----a-w-    c:\windows\SysWow64\mkl_blueripple.dll
2013-03-25 20:22 . 2013-03-25 20:22    --------    d-----w-    c:\program files (x86)\BRS
2013-03-25 20:22 . 2013-03-25 20:22    109080    ----a-w-    c:\windows\SysWow64\OpenAL32.dll
2013-03-24 18:09 . 2013-03-24 18:18    --------    d-----w-    C:\Casino
2013-03-21 02:28 . 2012-11-23 03:13    68608    ----a-w-    c:\windows\system32\taskhost.exe
2013-03-20 15:51 . 2013-03-20 15:51    --------    d-----w-    c:\windows\system32\SPReview
2013-03-20 15:49 . 2013-03-20 15:49    --------    d-----w-    c:\windows\system32\EventProviders
2013-03-19 12:59 . 2013-02-12 04:12    19968    ----a-w-    c:\windows\system32\drivers\usb8023.sys
2013-03-17 21:10 . 2013-03-17 21:10    281688    ----a-w-    c:\windows\SysWow64\PnkBstrB.exe
2013-03-17 21:10 . 2013-03-17 21:10    281688    ----a-w-    c:\windows\SysWow64\PnkBstrB.xtr
2013-03-17 21:02 . 2013-03-17 21:02    76888    ----a-w-    c:\windows\SysWow64\PnkBstrA.exe
2013-03-16 21:57 . 2013-03-24 18:15    73432    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-16 21:57 . 2013-03-24 18:15    693976    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-14 19:17 . 2013-03-30 02:24    --------    d-----w-    c:\users\Eoin\AppData\Local\Spotify
2013-03-14 19:16 . 2013-03-30 02:27    --------    d-----w-    c:\users\Eoin\AppData\Roaming\Spotify
2013-03-13 17:57 . 2013-03-13 17:57    --------    d-----w-    c:\program files (x86)\SQUARE ENIX
2013-03-13 03:01 . 2013-02-02 06:51    887808    ----a-w-    c:\program files\Internet Explorer\iedvtool.dll
2013-03-13 03:01 . 2013-02-02 03:32    678912    ----a-w-    c:\program files (x86)\Internet Explorer\iedvtool.dll
2013-03-13 03:01 . 2013-02-02 07:31    17815040    ----a-w-    c:\windows\system32\mshtml.dll
2013-03-13 03:01 . 2013-02-02 06:58    10925568    ----a-w-    c:\windows\system32\ieframe.dll
2013-03-12 14:42 . 2013-03-12 14:42    --------    d-----w-    c:\programdata\ATI
2013-03-12 14:42 . 2013-03-12 14:42    --------    d-----w-    c:\program files (x86)\AMD AVT
2013-03-12 14:42 . 2013-03-12 14:42    --------    d-----w-    c:\program files (x86)\AMD APP
2013-03-11 00:23 . 2013-03-11 00:23    --------    d-----w-    c:\program files\AMD
2013-03-11 00:23 . 2013-03-11 00:23    --------    d-----w-    c:\program files\Common Files\ATI Technologies
2013-03-11 00:23 . 2013-03-11 00:23    --------    d-----w-    c:\program files (x86)\Common Files\ATI Technologies
2013-03-11 00:21 . 2013-03-11 00:21    --------    d-----w-    c:\program files (x86)\ATI Technologies
2013-03-11 00:21 . 2013-03-12 14:41    --------    d-----w-    c:\program files\ATI Technologies
2013-03-11 00:07 . 2010-02-23 07:46    23680    ----a-w-    c:\windows\system32\drivers\IOMap64.sys
2013-03-10 23:43 . 2013-03-10 23:43    --------    d-----w-    c:\users\Eoin\AppData\Local\Futuremark
2013-03-10 23:41 . 2013-03-10 23:41    --------    d-----w-    c:\program files\Futuremark
2013-03-10 22:58 . 2013-03-13 17:54    --------    d-----w-    c:\program files (x86)\ASUS
2013-03-10 22:02 . 2013-03-10 22:02    --------    d-----w-    c:\program files\ATI
2013-03-09 20:27 . 2013-03-09 20:27    95648    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-04 21:10 . 2013-03-04 21:27    --------    d-----w-    c:\program files (x86)\Call of Duty Black Ops II Update 3
2013-03-02 23:36 . 2012-11-09 05:45    750592    ----a-w-    c:\windows\system32\win32spl.dll
2013-03-02 23:36 . 2012-11-09 04:43    492032    ----a-w-    c:\windows\SysWow64\win32spl.dll
2013-03-02 23:36 . 2012-11-01 05:43    2002432    ----a-w-    c:\windows\system32\msxml6.dll
2013-03-02 23:36 . 2012-11-01 05:43    1882624    ----a-w-    c:\windows\system32\msxml3.dll
2013-03-02 23:36 . 2012-11-01 04:47    1389568    ----a-w-    c:\windows\SysWow64\msxml6.dll
2013-03-02 23:36 . 2012-11-01 04:47    1236992    ----a-w-    c:\windows\SysWow64\msxml3.dll
2013-03-02 23:36 . 2012-11-20 05:48    307200    ----a-w-    c:\windows\system32\ncrypt.dll
2013-03-02 23:36 . 2012-11-20 04:51    220160    ----a-w-    c:\windows\SysWow64\ncrypt.dll
2013-03-02 23:36 . 2012-11-22 05:44    800768    ----a-w-    c:\windows\system32\usp10.dll
2013-03-02 23:36 . 2012-11-22 04:45    626688    ----a-w-    c:\windows\SysWow64\usp10.dll
2013-03-02 16:51 . 2013-03-27 10:19    --------    d-----w-    c:\program files (x86)\SpeedFan
2013-03-01 21:05 . 2013-03-01 21:05    --------    d-----w-    c:\program files (x86)\GameSpy
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-25 20:22 . 2011-03-22 23:32    122904    ----a-w-    c:\windows\system32\OpenAL32.dll
2013-03-20 16:00 . 2009-07-14 02:36    175616    ----a-w-    c:\windows\system32\msclmd.dll
2013-03-20 16:00 . 2009-07-14 02:36    152576    ----a-w-    c:\windows\SysWow64\msclmd.dll
2013-03-13 03:02 . 2011-03-17 18:05    72013344    ----a-w-    c:\windows\system32\MRT.exe
2013-03-09 20:27 . 2012-07-04 22:02    861088    ----a-w-    c:\windows\SysWow64\npdeployJava1.dll
2013-03-09 20:27 . 2011-03-17 17:36    782240    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-03-08 01:06 . 2012-12-13 12:13    18960    ----a-w-    c:\windows\system32\drivers\LNonPnP.sys
2013-02-28 17:22 . 2013-02-28 17:22    20832    ----a-w-    c:\windows\system32\drivers\ddcdrv.sys
2013-02-28 17:22 . 2013-02-28 17:22    155528    ----a-w-    c:\windows\system32\DDCHELPER.dll
2013-02-19 03:05 . 2013-02-18 16:14    2549120    ----a-w-    c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
2013-02-12 05:45 . 2013-03-21 02:29    135168    ----a-w-    c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-21 02:29    350208    ----a-w-    c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-21 02:29    308736    ----a-w-    c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-21 02:29    111104    ----a-w-    c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-21 02:29    474112    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-21 02:29    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-02-06 13:55 . 2013-02-06 13:55    21712    ----a-w-    c:\windows\SysWow64\drivers\DrvAgent64.SYS
2013-02-01 01:05 . 2013-02-01 01:05    283200    ----a-w-    c:\windows\system32\drivers\dtsoftbus01.sys
2013-02-01 00:55 . 2011-10-11 12:06    564824    ----a-w-    c:\windows\system32\drivers\sptd.sys
2013-01-17 01:28 . 2011-03-17 17:16    273840    ------w-    c:\windows\system32\MpSigStub.exe
2013-01-05 05:53 . 2013-02-13 03:53    5553512    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-13 03:53    3967848    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 03:53    3913064    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46 . 2013-02-13 03:52    215040    ----a-w-    c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-13 03:52    5120    ----a-w-    c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-13 03:52    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-13 03:53    3153408    ----a-w-    c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-13 03:52    25600    ----a-w-    c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-13 03:52    7680    ----a-w-    c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-13 03:52    2048    ----a-w-    c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-13 03:52    14336    ----a-w-    c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-13 03:52    1913192    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-13 03:52    288088    ----a-w-    c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-02-06 21:39    222712    ----a-w-    c:\users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-02-06 21:39    222712    ----a-w-    c:\users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-02-06 21:39    222712    ----a-w-    c:\users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-12-18 38112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Adobe"="c:\users\Eoin\AppData\Roaming\Adobe\color.vbe" [2013-01-19 15361]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-08-21 105120]
"PCTools FGuard"="c:\program files (x86)\PC Tools Security\BDT\FGuard.exe" [2011-07-01 247760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2011-03-10 279344]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-04-12 93360]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
R2 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe [2012-01-17 55296]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2011-07-01 337872]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
R2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2012-07-02 2232504]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-08-30 8704]
R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-08-21 794272]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
R2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\windows\system32\drivers\DDCDrv.sys [2013-02-28 20832]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2012-10-08 31968]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]
R3 cpuz130;cpuz130;c:\users\Eoin\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
R3 DABlackFltr;DeathAdder Black Edition Mouse;c:\windows\system32\drivers\DABlack.sys [2010-11-29 23040]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-12-17 137488]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2011-09-29 27136]
R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2010-10-22 14136]
R3 NTIOLib_1_0_6;NTIOLib_1_0_6;c:\program files (x86)\Setup Files\Ms7640v1F0\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;c:\msi\MSI SUITE\NTIOLib_X64.sys [x]
R3 NTIOLib_1_1_S;NTIOLib_1_1_S;c:\msi\MSI SUITE\Super-Charger\NTIOLib_X64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 rzdaendpt;Razer DeathAdder end point;c:\windows\system32\DRIVERS\rzdaendpt.sys [2012-10-25 25600]
R3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2011-03-31 126464]
R3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys [2012-10-25 113664]
R3 rzvkeyboard;Razer Virtual Keyboard Driver;c:\windows\system32\DRIVERS\rzvkeyboard.sys [2012-10-25 23040]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2011-02-18 371472]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 UCOREW64;UCOREW64;c:\program files (x86)\Setup Files\Ms7640v1F0\UCOREW64.SYS [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [2010-10-01 13312]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-05 1255736]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2011-07-11 282440]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2010-06-29 452872]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2010-07-16 816016]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-02-01 283200]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [2012-10-02 66360]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
S4 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [x]
S4 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - SymIM
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-14 00:50    1629648    ----a-w-    c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-16 18:15]
.
2013-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-11 00:20]
.
2013-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-11 00:20]
.
2013-03-30 c:\windows\Tasks\RMAutoUpdate.job
- c:\program files (x86)\PC Tools\PC Tools Registry Mechanic\SULauncher.exe [2013-03-30 14:44]
.
2013-03-30 c:\windows\Tasks\RMSchedule.job
- c:\program files (x86)\PC Tools\PC Tools Registry Mechanic\RegMech.exe [2013-03-30 14:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-02-06 21:39    261624    ----a-w-    c:\users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-02-06 21:39    261624    ----a-w-    c:\users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-02-06 21:39    261624    ----a-w-    c:\users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-11-29 13261456]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-11-29 7406392]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.privitize.com/?aff=7
mStart Page = hxxp://search.privitize.com/?aff=7
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 89.101.160.5 89.101.160.4
FF - ProfilePath - c:\users\Eoin\AppData\Roaming\Mozilla\Firefox\Profiles\wn9wlpzb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://search.privitize.com/?aff=7&q=
FF - ExtSQL: 2013-02-19 00:07; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Eoin\AppData\Roaming\Mozilla\Firefox\Profiles\wn9wlpzb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-03-30 15:19; {cb84136f-9c44-433a-9048-c5cd9df1dc16}; c:\program files (x86)\PC Tools Security\BDT\Firefox
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (value not set)
AddRemove-Final Fantasy VII - c:\program files (x86)\Final Fantasy VII\Uninst.isu
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4060483818-2136790348-731521269-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Locales\e*n**è«W*Þ ]
@Allowed: (Read) (RestrictedCode)
@SACL=(02 0001)
"LP_LastUpdateTime"="0"
"LP_LastCheckTime"=dword:50c8c000
.
[HKEY_USERS\S-1-5-21-4060483818-2136790348-731521269-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-4060483818-2136790348-731521269-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-4060483818-2136790348-731521269-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:43,d8,bc,42,f8,c5,6d,38,7e,61,85,49,cc,57,41,18,11,36,6e,4e,b8,47,2c,
   d9,30,06,c7,d6,6d,90,3a,33,0c,f7,64,72,04,d2,75,d9,d0,58,96,bf,da,6b,76,f0,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-4060483818-2136790348-731521269-1000\Software\SecuROM\License information*]
"datasecu"=hex:11,61,e6,2b,f6,57,fb,43,df,b6,d6,e5,1c,3c,52,d3,20,17,28,bd,67,
   22,35,8f,54,cf,a4,af,98,b8,f8,37,c4,5e,eb,d0,0a,48,bc,06,84,3c,af,61,03,e3,\
"rkeysecu"=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-30  18:58:23
ComboFix-quarantined-files.txt  2013-03-30 18:58
ComboFix2.txt  2013-03-28 17:16
.
Pre-Run: 418,796,265,472 bytes free
Post-Run: 418,719,600,640 bytes free
.
- - End Of File - - 0F7260D5E477FA997FC962BF711BB9D7
 

 

it is a few days old i think but there it is.



#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:43 AM

Posted 31 March 2013 - 08:10 AM

Hi!

Please delete the current copy of ComboFix from your desktop and download a fresh copy from one of the links below.

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#8 Doyler86

Doyler86
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 31 March 2013 - 11:09 AM

Hi I decided to run a scan with combo fix after a fresh restart when the problem is at it's worst
using all my gpu resources etc. and another scan after i re-install video drivers and get the message svchost.exe has stopped working
and my system goes back to normal gpu usage. ( i didn't do anything other than re-install the video drivers )
If i shouldn't of done that and want me to scan again let me know.

 

1. first scan after restart

 

ComboFix 13-03-31.01 - Eoin 31/03/2013  16:36:51.3.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.353.1033.18.8191.6056 [GMT 1:00]
Running from: c:\users\Eoin\Desktop\ComboFix.exe
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-02-28 to 2013-03-31  )))))))))))))))))))))))))))))))
.
.
2013-03-31 15:47 . 2013-03-31 15:47    --------    d-----w-    c:\users\Guest\AppData\Local\temp
2013-03-31 15:47 . 2013-03-31 15:47    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-03-30 20:42 . 2013-03-30 20:42    --------    d-----w-    c:\program files (x86)\ESET
2013-03-30 15:19 . 2011-07-01 15:36    149456    ----a-w-    c:\windows\SGDetectionTool.dll
2013-03-30 15:19 . 2011-07-01 15:36    767952    ----a-w-    c:\windows\BDTSupport.dll
2013-03-30 15:19 . 2011-07-01 15:36    2029520    ----a-w-    c:\windows\PCTBDCore.dll
2013-03-30 15:19 . 2011-07-01 15:36    1533904    ----a-w-    c:\windows\PCTBDRes.dll
2013-03-30 15:07 . 2011-07-11 09:05    337048    ----a-w-    c:\windows\system32\drivers\pctgntdi64.sys
2013-03-30 15:07 . 2011-07-11 09:05    143896    ----a-w-    c:\windows\system32\drivers\pctwfpfilter64.sys
2013-03-30 15:07 . 2010-07-16 14:53    816016    ----a-w-    c:\windows\system32\drivers\pctEFA64.sys
2013-03-30 15:07 . 2010-06-29 10:35    452872    ----a-w-    c:\windows\system32\drivers\pctDS64.sys
2013-03-30 15:07 . 2011-07-11 12:02    282440    ----a-w-    c:\windows\system32\drivers\PCTCore64.sys
2013-03-30 15:07 . 2011-03-10 09:08    279344    ----a-w-    c:\windows\system32\drivers\PCTSD64.sys
2013-03-30 00:40 . 2013-03-30 00:40    --------    d-----w-    c:\users\Eoin\AppData\Roaming\Product_RM
2013-03-25 20:23 . 2013-03-25 20:23    --------    d-sh--w-    c:\programdata\DSS
2013-03-25 20:22 . 2011-03-19 15:16    1417216    ----a-w-    c:\windows\SysWow64\rapture3d_oal.dll
2013-03-25 20:22 . 2010-09-22 13:12    19087360    ----a-w-    c:\windows\SysWow64\mkl_blueripple.dll
2013-03-25 20:22 . 2013-03-25 20:22    --------    d-----w-    c:\program files (x86)\BRS
2013-03-25 20:22 . 2013-03-25 20:22    109080    ----a-w-    c:\windows\SysWow64\OpenAL32.dll
2013-03-24 18:09 . 2013-03-24 18:18    --------    d-----w-    C:\Casino
2013-03-21 02:28 . 2012-11-23 03:13    68608    ----a-w-    c:\windows\system32\taskhost.exe
2013-03-20 15:51 . 2013-03-20 15:51    --------    d-----w-    c:\windows\system32\SPReview
2013-03-20 15:49 . 2013-03-20 15:49    --------    d-----w-    c:\windows\system32\EventProviders
2013-03-19 12:59 . 2013-02-12 04:12    19968    ----a-w-    c:\windows\system32\drivers\usb8023.sys
2013-03-17 21:10 . 2013-03-17 21:10    281688    ----a-w-    c:\windows\SysWow64\PnkBstrB.exe
2013-03-17 21:10 . 2013-03-17 21:10    281688    ----a-w-    c:\windows\SysWow64\PnkBstrB.xtr
2013-03-17 21:02 . 2013-03-17 21:02    76888    ----a-w-    c:\windows\SysWow64\PnkBstrA.exe
2013-03-16 21:57 . 2013-03-24 18:15    73432    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-16 21:57 . 2013-03-24 18:15    693976    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-14 19:17 . 2013-03-30 21:34    --------    d-----w-    c:\users\Eoin\AppData\Local\Spotify
2013-03-14 19:16 . 2013-03-30 21:44    --------    d-----w-    c:\users\Eoin\AppData\Roaming\Spotify
2013-03-13 17:57 . 2013-03-13 17:57    --------    d-----w-    c:\program files (x86)\SQUARE ENIX
2013-03-13 03:01 . 2013-02-02 06:51    887808    ----a-w-    c:\program files\Internet Explorer\iedvtool.dll
2013-03-13 03:01 . 2013-02-02 03:32    678912    ----a-w-    c:\program files (x86)\Internet Explorer\iedvtool.dll
2013-03-13 03:01 . 2013-02-02 07:31    17815040    ----a-w-    c:\windows\system32\mshtml.dll
2013-03-13 03:01 . 2013-02-02 06:58    10925568    ----a-w-    c:\windows\system32\ieframe.dll
2013-03-12 14:42 . 2013-03-12 14:42    --------    d-----w-    c:\programdata\ATI
2013-03-12 14:42 . 2013-03-12 14:42    --------    d-----w-    c:\program files (x86)\AMD AVT
2013-03-12 14:42 . 2013-03-12 14:42    --------    d-----w-    c:\program files (x86)\AMD APP
2013-03-11 00:23 . 2013-03-11 00:23    --------    d-----w-    c:\program files\AMD
2013-03-11 00:23 . 2013-03-11 00:23    --------    d-----w-    c:\program files\Common Files\ATI Technologies
2013-03-11 00:23 . 2013-03-11 00:23    --------    d-----w-    c:\program files (x86)\Common Files\ATI Technologies
2013-03-11 00:21 . 2013-03-11 00:21    --------    d-----w-    c:\program files (x86)\ATI Technologies
2013-03-11 00:21 . 2013-03-12 14:41    --------    d-----w-    c:\program files\ATI Technologies
2013-03-11 00:07 . 2010-02-23 07:46    23680    ----a-w-    c:\windows\system32\drivers\IOMap64.sys
2013-03-10 23:43 . 2013-03-10 23:43    --------    d-----w-    c:\users\Eoin\AppData\Local\Futuremark
2013-03-10 23:41 . 2013-03-10 23:41    --------    d-----w-    c:\program files\Futuremark
2013-03-10 22:58 . 2013-03-13 17:54    --------    d-----w-    c:\program files (x86)\ASUS
2013-03-10 22:02 . 2013-03-10 22:02    --------    d-----w-    c:\program files\ATI
2013-03-09 20:27 . 2013-03-09 20:27    95648    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-04 21:10 . 2013-03-04 21:27    --------    d-----w-    c:\program files (x86)\Call of Duty Black Ops II Update 3
2013-03-02 23:36 . 2012-11-09 05:45    750592    ----a-w-    c:\windows\system32\win32spl.dll
2013-03-02 23:36 . 2012-11-09 04:43    492032    ----a-w-    c:\windows\SysWow64\win32spl.dll
2013-03-02 23:36 . 2012-11-01 05:43    2002432    ----a-w-    c:\windows\system32\msxml6.dll
2013-03-02 23:36 . 2012-11-01 05:43    1882624    ----a-w-    c:\windows\system32\msxml3.dll
2013-03-02 23:36 . 2012-11-01 04:47    1389568    ----a-w-    c:\windows\SysWow64\msxml6.dll
2013-03-02 23:36 . 2012-11-01 04:47    1236992    ----a-w-    c:\windows\SysWow64\msxml3.dll
2013-03-02 23:36 . 2012-11-20 05:48    307200    ----a-w-    c:\windows\system32\ncrypt.dll
2013-03-02 23:36 . 2012-11-20 04:51    220160    ----a-w-    c:\windows\SysWow64\ncrypt.dll
2013-03-02 23:36 . 2012-11-22 05:44    800768    ----a-w-    c:\windows\system32\usp10.dll
2013-03-02 23:36 . 2012-11-22 04:45    626688    ----a-w-    c:\windows\SysWow64\usp10.dll
2013-03-02 16:51 . 2013-03-27 10:19    --------    d-----w-    c:\program files (x86)\SpeedFan
2013-03-01 21:05 . 2013-03-01 21:05    --------    d-----w-    c:\program files (x86)\GameSpy
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-25 20:22 . 2011-03-22 23:32    122904    ----a-w-    c:\windows\system32\OpenAL32.dll
2013-03-20 16:00 . 2009-07-14 02:36    175616    ----a-w-    c:\windows\system32\msclmd.dll
2013-03-20 16:00 . 2009-07-14 02:36    152576    ----a-w-    c:\windows\SysWow64\msclmd.dll
2013-03-13 03:02 . 2011-03-17 18:05    72013344    ----a-w-    c:\windows\system32\MRT.exe
2013-03-09 20:27 . 2012-07-04 22:02    861088    ----a-w-    c:\windows\SysWow64\npdeployJava1.dll
2013-03-09 20:27 . 2011-03-17 17:36    782240    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-03-08 01:06 . 2012-12-13 12:13    18960    ----a-w-    c:\windows\system32\drivers\LNonPnP.sys
2013-02-28 17:22 . 2013-02-28 17:22    20832    ----a-w-    c:\windows\system32\drivers\ddcdrv.sys
2013-02-28 17:22 . 2013-02-28 17:22    155528    ----a-w-    c:\windows\system32\DDCHELPER.dll
2013-02-19 03:05 . 2013-02-18 16:14    2549120    ----a-w-    c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
2013-02-12 05:45 . 2013-03-21 02:29    135168    ----a-w-    c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-21 02:29    350208    ----a-w-    c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-21 02:29    308736    ----a-w-    c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-21 02:29    111104    ----a-w-    c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-21 02:29    474112    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-21 02:29    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-02-06 13:55 . 2013-02-06 13:55    21712    ----a-w-    c:\windows\SysWow64\drivers\DrvAgent64.SYS
2013-02-01 01:05 . 2013-02-01 01:05    283200    ----a-w-    c:\windows\system32\drivers\dtsoftbus01.sys
2013-02-01 00:55 . 2011-10-11 12:06    564824    ----a-w-    c:\windows\system32\drivers\sptd.sys
2013-01-17 01:28 . 2011-03-17 17:16    273840    ------w-    c:\windows\system32\MpSigStub.exe
2013-01-05 05:53 . 2013-02-13 03:53    5553512    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-13 03:53    3967848    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 03:53    3913064    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46 . 2013-02-13 03:52    215040    ----a-w-    c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-13 03:52    5120    ----a-w-    c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-13 03:52    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-13 03:53    3153408    ----a-w-    c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-13 03:52    25600    ----a-w-    c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-13 03:52    7680    ----a-w-    c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-13 03:52    2048    ----a-w-    c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-13 03:52    14336    ----a-w-    c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-13 03:52    1913192    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-13 03:52    288088    ----a-w-    c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-02-06 21:39    222712    ----a-w-    c:\users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-02-06 21:39    222712    ----a-w-    c:\users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-02-06 21:39    222712    ----a-w-    c:\users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Eoin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-03-25 1104280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-12-18 38112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Adobe"="c:\users\Eoin\AppData\Roaming\Adobe\color.vbe" [2013-01-19 15361]
"PCTools FGuard"="c:\program files (x86)\PC Tools Security\BDT\FGuard.exe" [2011-07-01 247760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-04-12 93360]
R2 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe [2012-01-17 55296]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2012-10-08 31968]
R3 cpuz130;cpuz130;c:\users\Eoin\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
R3 DABlackFltr;DeathAdder Black Edition Mouse;c:\windows\system32\drivers\DABlack.sys [2010-11-29 23040]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-12-17 137488]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [x]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2011-09-29 27136]
R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2010-10-22 14136]
R3 NTIOLib_1_0_6;NTIOLib_1_0_6;c:\program files (x86)\Setup Files\Ms7640v1F0\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;c:\msi\MSI SUITE\NTIOLib_X64.sys [x]
R3 NTIOLib_1_1_S;NTIOLib_1_1_S;c:\msi\MSI SUITE\Super-Charger\NTIOLib_X64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 rzdaendpt;Razer DeathAdder end point;c:\windows\system32\DRIVERS\rzdaendpt.sys [2012-10-25 25600]
R3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2011-03-31 126464]
R3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys [2012-10-25 113664]
R3 rzvkeyboard;Razer Virtual Keyboard Driver;c:\windows\system32\DRIVERS\rzvkeyboard.sys [2012-10-25 23040]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2011-02-18 371472]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 UCOREW64;UCOREW64;c:\program files (x86)\Setup Files\Ms7640v1F0\UCOREW64.SYS [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-05 1255736]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2011-07-11 282440]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2010-06-29 452872]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2010-07-16 816016]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-02-01 283200]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2011-03-10 279344]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2011-07-01 337872]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2012-07-02 2232504]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-08-30 8704]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-08-21 794272]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\windows\system32\drivers\DDCDrv.sys [2013-02-28 20832]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [2012-10-02 66360]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [2010-10-01 13312]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - TRIXX
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-14 00:50    1629648    ----a-w-    c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-16 18:15]
.
2013-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-11 00:20]
.
2013-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-11 00:20]
.
2013-03-31 c:\windows\Tasks\RMAutoUpdate.job
- c:\program files (x86)\PC Tools\PC Tools Registry Mechanic\SULauncher.exe [2013-03-30 14:44]
.
2013-03-30 c:\windows\Tasks\RMSchedule.job
- c:\program files (x86)\PC Tools\PC Tools Registry Mechanic\RegMech.exe [2013-03-30 14:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-02-06 21:39    261624    ----a-w-    c:\users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-02-06 21:39    261624    ----a-w-    c:\users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-02-06 21:39    261624    ----a-w-    c:\users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-11-29 13261456]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-11-29 7406392]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.privitize.com/?aff=7
mStart Page = hxxp://search.privitize.com/?aff=7
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 89.101.160.5 89.101.160.4
FF - ProfilePath - c:\users\Eoin\AppData\Roaming\Mozilla\Firefox\Profiles\wn9wlpzb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://search.privitize.com/?aff=7&q=
FF - ExtSQL: 2013-02-19 00:07; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Eoin\AppData\Roaming\Mozilla\Firefox\Profiles\wn9wlpzb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-03-30 15:19; {cb84136f-9c44-433a-9048-c5cd9df1dc16}; c:\program files (x86)\PC Tools Security\BDT\Firefox
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (value not set)
AddRemove-Final Fantasy VII - c:\program files (x86)\Final Fantasy VII\Uninst.isu
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4060483818-2136790348-731521269-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Locales\e*n**è«W*Þ ]
@Allowed: (Read) (RestrictedCode)
@SACL=(02 0001)
"LP_LastUpdateTime"="0"
"LP_LastCheckTime"=dword:50c8c000
.
[HKEY_USERS\S-1-5-21-4060483818-2136790348-731521269-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-4060483818-2136790348-731521269-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-4060483818-2136790348-731521269-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:43,d8,bc,42,f8,c5,6d,38,7e,61,85,49,cc,57,41,18,11,36,6e,4e,b8,47,2c,
   d9,30,06,c7,d6,6d,90,3a,33,0c,f7,64,72,04,d2,75,d9,d0,58,96,bf,da,6b,76,f0,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-4060483818-2136790348-731521269-1000\Software\SecuROM\License information*]
"datasecu"=hex:11,61,e6,2b,f6,57,fb,43,df,b6,d6,e5,1c,3c,52,d3,20,17,28,bd,67,
   22,35,8f,54,cf,a4,af,98,b8,f8,37,c4,5e,eb,d0,0a,48,bc,06,84,3c,af,61,03,e3,\
"rkeysecu"=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-31  16:49:39
ComboFix-quarantined-files.txt  2013-03-31 15:49
.
Pre-Run: 427,352,387,584 bytes free
Post-Run: 426,926,567,424 bytes free
.
- - End Of File - - 64C421B9BE26370A693DE70E9B2114A5
 

 

2. 2nd scan after i re-install video drivers.

 

ComboFix 13-03-31.01 - Eoin 31/03/2013  16:55:16.4.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.353.1033.18.8191.5708 [GMT 1:00]
Running from: c:\users\Eoin\Desktop\ComboFix.exe
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-02-28 to 2013-03-31  )))))))))))))))))))))))))))))))
.
.
2013-03-31 16:02 . 2013-03-31 16:02    --------    d-----w-    c:\users\Guest\AppData\Local\temp
2013-03-31 16:02 . 2013-03-31 16:02    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-03-30 20:42 . 2013-03-30 20:42    --------    d-----w-    c:\program files (x86)\ESET
2013-03-30 15:19 . 2011-07-01 15:36    149456    ----a-w-    c:\windows\SGDetectionTool.dll
2013-03-30 15:19 . 2011-07-01 15:36    767952    ----a-w-    c:\windows\BDTSupport.dll
2013-03-30 15:19 . 2011-07-01 15:36    2029520    ----a-w-    c:\windows\PCTBDCore.dll
2013-03-30 15:19 . 2011-07-01 15:36    1533904    ----a-w-    c:\windows\PCTBDRes.dll
2013-03-30 15:07 . 2011-07-11 09:05    337048    ----a-w-    c:\windows\system32\drivers\pctgntdi64.sys
2013-03-30 15:07 . 2011-07-11 09:05    143896    ----a-w-    c:\windows\system32\drivers\pctwfpfilter64.sys
2013-03-30 15:07 . 2010-07-16 14:53    816016    ----a-w-    c:\windows\system32\drivers\pctEFA64.sys
2013-03-30 15:07 . 2010-06-29 10:35    452872    ----a-w-    c:\windows\system32\drivers\pctDS64.sys
2013-03-30 15:07 . 2011-07-11 12:02    282440    ----a-w-    c:\windows\system32\drivers\PCTCore64.sys
2013-03-30 15:07 . 2011-03-10 09:08    279344    ----a-w-    c:\windows\system32\drivers\PCTSD64.sys
2013-03-30 00:40 . 2013-03-30 00:40    --------    d-----w-    c:\users\Eoin\AppData\Roaming\Product_RM
2013-03-25 20:23 . 2013-03-25 20:23    --------    d-sh--w-    c:\programdata\DSS
2013-03-25 20:22 . 2011-03-19 15:16    1417216    ----a-w-    c:\windows\SysWow64\rapture3d_oal.dll
2013-03-25 20:22 . 2010-09-22 13:12    19087360    ----a-w-    c:\windows\SysWow64\mkl_blueripple.dll
2013-03-25 20:22 . 2013-03-25 20:22    --------    d-----w-    c:\program files (x86)\BRS
2013-03-25 20:22 . 2013-03-25 20:22    109080    ----a-w-    c:\windows\SysWow64\OpenAL32.dll
2013-03-24 18:09 . 2013-03-24 18:18    --------    d-----w-    C:\Casino
2013-03-21 02:28 . 2012-11-23 03:13    68608    ----a-w-    c:\windows\system32\taskhost.exe
2013-03-20 15:51 . 2013-03-20 15:51    --------    d-----w-    c:\windows\system32\SPReview
2013-03-20 15:49 . 2013-03-20 15:49    --------    d-----w-    c:\windows\system32\EventProviders
2013-03-19 12:59 . 2013-02-12 04:12    19968    ----a-w-    c:\windows\system32\drivers\usb8023.sys
2013-03-17 21:10 . 2013-03-17 21:10    281688    ----a-w-    c:\windows\SysWow64\PnkBstrB.exe
2013-03-17 21:10 . 2013-03-17 21:10    281688    ----a-w-    c:\windows\SysWow64\PnkBstrB.xtr
2013-03-17 21:02 . 2013-03-17 21:02    76888    ----a-w-    c:\windows\SysWow64\PnkBstrA.exe
2013-03-16 21:57 . 2013-03-24 18:15    73432    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-16 21:57 . 2013-03-24 18:15    693976    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-14 19:17 . 2013-03-30 21:34    --------    d-----w-    c:\users\Eoin\AppData\Local\Spotify
2013-03-14 19:16 . 2013-03-30 21:44    --------    d-----w-    c:\users\Eoin\AppData\Roaming\Spotify
2013-03-13 17:57 . 2013-03-13 17:57    --------    d-----w-    c:\program files (x86)\SQUARE ENIX
2013-03-13 03:01 . 2013-02-02 06:51    887808    ----a-w-    c:\program files\Internet Explorer\iedvtool.dll
2013-03-13 03:01 . 2013-02-02 03:32    678912    ----a-w-    c:\program files (x86)\Internet Explorer\iedvtool.dll
2013-03-13 03:01 . 2013-02-02 07:31    17815040    ----a-w-    c:\windows\system32\mshtml.dll
2013-03-13 03:01 . 2013-02-02 06:58    10925568    ----a-w-    c:\windows\system32\ieframe.dll
2013-03-12 14:42 . 2013-03-12 14:42    --------    d-----w-    c:\programdata\ATI
2013-03-12 14:42 . 2013-03-12 14:42    --------    d-----w-    c:\program files (x86)\AMD AVT
2013-03-12 14:42 . 2013-03-12 14:42    --------    d-----w-    c:\program files (x86)\AMD APP
2013-03-11 00:23 . 2013-03-11 00:23    --------    d-----w-    c:\program files\AMD
2013-03-11 00:23 . 2013-03-11 00:23    --------    d-----w-    c:\program files\Common Files\ATI Technologies
2013-03-11 00:23 . 2013-03-11 00:23    --------    d-----w-    c:\program files (x86)\Common Files\ATI Technologies
2013-03-11 00:21 . 2013-03-11 00:21    --------    d-----w-    c:\program files (x86)\ATI Technologies
2013-03-11 00:21 . 2013-03-12 14:41    --------    d-----w-    c:\program files\ATI Technologies
2013-03-11 00:07 . 2010-02-23 07:46    23680    ----a-w-    c:\windows\system32\drivers\IOMap64.sys
2013-03-10 23:43 . 2013-03-10 23:43    --------    d-----w-    c:\users\Eoin\AppData\Local\Futuremark
2013-03-10 23:41 . 2013-03-10 23:41    --------    d-----w-    c:\program files\Futuremark
2013-03-10 22:58 . 2013-03-13 17:54    --------    d-----w-    c:\program files (x86)\ASUS
2013-03-10 22:02 . 2013-03-10 22:02    --------    d-----w-    c:\program files\ATI
2013-03-09 20:27 . 2013-03-09 20:27    95648    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-04 21:10 . 2013-03-04 21:27    --------    d-----w-    c:\program files (x86)\Call of Duty Black Ops II Update 3
2013-03-02 23:36 . 2012-11-09 05:45    750592    ----a-w-    c:\windows\system32\win32spl.dll
2013-03-02 23:36 . 2012-11-09 04:43    492032    ----a-w-    c:\windows\SysWow64\win32spl.dll
2013-03-02 23:36 . 2012-11-01 05:43    2002432    ----a-w-    c:\windows\system32\msxml6.dll
2013-03-02 23:36 . 2012-11-01 05:43    1882624    ----a-w-    c:\windows\system32\msxml3.dll
2013-03-02 23:36 . 2012-11-01 04:47    1389568    ----a-w-    c:\windows\SysWow64\msxml6.dll
2013-03-02 23:36 . 2012-11-01 04:47    1236992    ----a-w-    c:\windows\SysWow64\msxml3.dll
2013-03-02 23:36 . 2012-11-20 05:48    307200    ----a-w-    c:\windows\system32\ncrypt.dll
2013-03-02 23:36 . 2012-11-20 04:51    220160    ----a-w-    c:\windows\SysWow64\ncrypt.dll
2013-03-02 23:36 . 2012-11-22 05:44    800768    ----a-w-    c:\windows\system32\usp10.dll
2013-03-02 23:36 . 2012-11-22 04:45    626688    ----a-w-    c:\windows\SysWow64\usp10.dll
2013-03-02 16:51 . 2013-03-27 10:19    --------    d-----w-    c:\program files (x86)\SpeedFan
2013-03-01 21:05 . 2013-03-01 21:05    --------    d-----w-    c:\program files (x86)\GameSpy
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-25 20:22 . 2011-03-22 23:32    122904    ----a-w-    c:\windows\system32\OpenAL32.dll
2013-03-20 16:00 . 2009-07-14 02:36    175616    ----a-w-    c:\windows\system32\msclmd.dll
2013-03-20 16:00 . 2009-07-14 02:36    152576    ----a-w-    c:\windows\SysWow64\msclmd.dll
2013-03-13 03:02 . 2011-03-17 18:05    72013344    ----a-w-    c:\windows\system32\MRT.exe
2013-03-09 20:27 . 2012-07-04 22:02    861088    ----a-w-    c:\windows\SysWow64\npdeployJava1.dll
2013-03-09 20:27 . 2011-03-17 17:36    782240    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-03-08 01:06 . 2012-12-13 12:13    18960    ----a-w-    c:\windows\system32\drivers\LNonPnP.sys
2013-02-28 17:22 . 2013-02-28 17:22    20832    ----a-w-    c:\windows\system32\drivers\ddcdrv.sys
2013-02-28 17:22 . 2013-02-28 17:22    155528    ----a-w-    c:\windows\system32\DDCHELPER.dll
2013-02-19 03:05 . 2013-02-18 16:14    2549120    ----a-w-    c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
2013-02-12 05:45 . 2013-03-21 02:29    135168    ----a-w-    c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-21 02:29    350208    ----a-w-    c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-21 02:29    308736    ----a-w-    c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-21 02:29    111104    ----a-w-    c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-21 02:29    474112    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-21 02:29    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-02-06 13:55 . 2013-02-06 13:55    21712    ----a-w-    c:\windows\SysWow64\drivers\DrvAgent64.SYS
2013-02-01 01:05 . 2013-02-01 01:05    283200    ----a-w-    c:\windows\system32\drivers\dtsoftbus01.sys
2013-02-01 00:55 . 2011-10-11 12:06    564824    ----a-w-    c:\windows\system32\drivers\sptd.sys
2013-01-17 01:28 . 2011-03-17 17:16    273840    ------w-    c:\windows\system32\MpSigStub.exe
2013-01-05 05:53 . 2013-02-13 03:53    5553512    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-13 03:53    3967848    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 03:53    3913064    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46 . 2013-02-13 03:52    215040    ----a-w-    c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-13 03:52    5120    ----a-w-    c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-13 03:52    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-13 03:53    3153408    ----a-w-    c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-13 03:52    25600    ----a-w-    c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-13 03:52    7680    ----a-w-    c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-13 03:52    2048    ----a-w-    c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-13 03:52    14336    ----a-w-    c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-13 03:52    1913192    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-13 03:52    288088    ----a-w-    c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-02-06 21:39    222712    ----a-w-    c:\users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-02-06 21:39    222712    ----a-w-    c:\users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-02-06 21:39    222712    ----a-w-    c:\users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Eoin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-03-25 1104280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-12-18 38112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Adobe"="c:\users\Eoin\AppData\Roaming\Adobe\color.vbe" [2013-01-19 15361]
"PCTools FGuard"="c:\program files (x86)\PC Tools Security\BDT\FGuard.exe" [2011-07-01 247760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-04-12 93360]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]
R2 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe [2012-01-17 55296]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2012-10-08 31968]
R3 cpuz130;cpuz130;c:\users\Eoin\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
R3 DABlackFltr;DeathAdder Black Edition Mouse;c:\windows\system32\drivers\DABlack.sys [2010-11-29 23040]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-12-17 137488]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [x]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2011-09-29 27136]
R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2010-10-22 14136]
R3 NTIOLib_1_0_6;NTIOLib_1_0_6;c:\program files (x86)\Setup Files\Ms7640v1F0\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;c:\msi\MSI SUITE\NTIOLib_X64.sys [x]
R3 NTIOLib_1_1_S;NTIOLib_1_1_S;c:\msi\MSI SUITE\Super-Charger\NTIOLib_X64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 rzdaendpt;Razer DeathAdder end point;c:\windows\system32\DRIVERS\rzdaendpt.sys [2012-10-25 25600]
R3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2011-03-31 126464]
R3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys [2012-10-25 113664]
R3 rzvkeyboard;Razer Virtual Keyboard Driver;c:\windows\system32\DRIVERS\rzvkeyboard.sys [2012-10-25 23040]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2011-02-18 371472]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 UCOREW64;UCOREW64;c:\program files (x86)\Setup Files\Ms7640v1F0\UCOREW64.SYS [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-05 1255736]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2011-07-11 282440]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2010-06-29 452872]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2010-07-16 816016]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-02-01 283200]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2011-03-10 279344]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2011-07-01 337872]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2012-07-02 2232504]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-08-30 8704]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-08-21 794272]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\windows\system32\drivers\DDCDrv.sys [2013-02-28 20832]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [2012-10-02 66360]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [2010-10-01 13312]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - TRIXX
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-14 00:50    1629648    ----a-w-    c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-16 18:15]
.
2013-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-11 00:20]
.
2013-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-11 00:20]
.
2013-03-31 c:\windows\Tasks\RMAutoUpdate.job
- c:\program files (x86)\PC Tools\PC Tools Registry Mechanic\SULauncher.exe [2013-03-30 14:44]
.
2013-03-30 c:\windows\Tasks\RMSchedule.job
- c:\program files (x86)\PC Tools\PC Tools Registry Mechanic\RegMech.exe [2013-03-30 14:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
(value not set) [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-02-06 21:39    261624    ----a-w-    c:\users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-02-06 21:39    261624    ----a-w-    c:\users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-02-06 21:39    261624    ----a-w-    c:\users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-11-29 13261456]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-11-29 7406392]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.privitize.com/?aff=7
mStart Page = hxxp://search.privitize.com/?aff=7
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 89.101.160.5 89.101.160.4
FF - ProfilePath - c:\users\Eoin\AppData\Roaming\Mozilla\Firefox\Profiles\wn9wlpzb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://search.privitize.com/?aff=7&q=
FF - ExtSQL: 2013-02-19 00:07; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Eoin\AppData\Roaming\Mozilla\Firefox\Profiles\wn9wlpzb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-03-30 15:19; {cb84136f-9c44-433a-9048-c5cd9df1dc16}; c:\program files (x86)\PC Tools Security\BDT\Firefox
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Final Fantasy VII - c:\program files (x86)\Final Fantasy VII\Uninst.isu
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4060483818-2136790348-731521269-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Locales\e*n**è«W*Þ ]
@Allowed: (Read) (RestrictedCode)
@SACL=(02 0001)
"LP_LastUpdateTime"="0"
"LP_LastCheckTime"=dword:50c8c000
.
[HKEY_USERS\S-1-5-21-4060483818-2136790348-731521269-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-4060483818-2136790348-731521269-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-4060483818-2136790348-731521269-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:43,d8,bc,42,f8,c5,6d,38,7e,61,85,49,cc,57,41,18,11,36,6e,4e,b8,47,2c,
   d9,30,06,c7,d6,6d,90,3a,33,0c,f7,64,72,04,d2,75,d9,d0,58,96,bf,da,6b,76,f0,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-4060483818-2136790348-731521269-1000\Software\SecuROM\License information*]
"datasecu"=hex:11,61,e6,2b,f6,57,fb,43,df,b6,d6,e5,1c,3c,52,d3,20,17,28,bd,67,
   22,35,8f,54,cf,a4,af,98,b8,f8,37,c4,5e,eb,d0,0a,48,bc,06,84,3c,af,61,03,e3,\
"rkeysecu"=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-31  17:04:49
ComboFix-quarantined-files.txt  2013-03-31 16:04
.
Pre-Run: 426,958,786,560 bytes free
Post-Run: 426,651,840,512 bytes free
.
- - End Of File - - 840FAA01FFF4028C3AA47D840035B0E8
 



#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:43 AM

Posted 31 March 2013 - 01:03 PM

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

  • Copy/paste the text inside the Codebox below into notepad:

    Here's how to do that:
    Click Start > Run type Notepad click OK.
    This will open an empty notepad file:

    Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')
    KillAll::
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe"=-
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
    Suspect::
    c:\users\Eoin\AppData\Roaming\Adobe\color.vbe
    
    Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

    Save this file to your desktop, Save this as "CFScript"

    Here's how to do that:

    1.Click File;
    2.Click Save As... Change the directory to your desktop;
    3.Change the Save as type to "All Files";
    4.Type in the file name: CFScript
    5.Click Save ...

    CFScriptB-4.gif
    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you.
    • Copy and paste the contents of the log in your next reply.
    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


    NEXT:



    Malwarebytes' Anti-Malware

    I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:
    • Open Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Check for Updates
    • After the update have been completed, Select the Scanner tab.
    • Select Perform quick scan, then click on Scan
    • Leave the default options as it is and click on Start Scan
    • When done, you will be prompted. Click OK, then click on Show Results
    • Checked (ticked) all items and click on Remove Selected
    • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
    Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



    NEXT:



    ESET Online Scanner
    I'd like us to scan your machine with ESET Online Scan

    Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    • Click the esetOnline.png button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
    • Check esetAcceptTerms.png
    • Click the esetStart.png button.
    • Accept any security warnings from your browser.
    • Check esetScanArchives.png
    • Make sure that the option "Remove found threats" is Unchecked
    • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
      • Enable Anti-Stealth technology
    • Push the Start button.
    • ESET will then download updates for itself, install itself, and begin
      scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push esetListThreats.png
    • Push esetExport.png, and save the file to your desktop using a unique name, such as
      ESETScan. Include the contents of this report in your next reply.
    • Push the esetBack.png button.
    • Push esetFinish.png
    NEXT:



    Security Check
    Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 Doyler86

Doyler86
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 31 March 2013 - 06:10 PM

Hi again, sorry for the late reply but the scans took a LONG time.

just gonna mention that when i ran combofix i heard a beep noise then i got the message "combofix needs to submit malware files for further analysis, please ensure you are connected to the internet"

then i got the log as usual, also malware bytes didnt detect anything when i ran the scan. and i couldn't open notepad or other programs, but when i restarted my system everything was normal again.

 

1. combofix

 

ComboFix 13-03-31.01 - Eoin 31/03/2013  19:11:45.5.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.353.1033.18.8191.5760 [GMT 1:00]
Running from: c:\users\Eoin\Desktop\ComboFix.exe
Command switches used :: c:\users\Eoin\Desktop\CFScript.txt
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
.
(((((((((((((((((((((((((   Files Created from 2013-02-28 to 2013-03-31  )))))))))))))))))))))))))))))))
.
.
2013-03-31 18:18 . 2013-03-31 18:18    --------    d-----w-    c:\users\Guest\AppData\Local\temp
2013-03-31 18:18 . 2013-03-31 18:18    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-03-30 20:42 . 2013-03-30 20:42    --------    d-----w-    c:\program files (x86)\ESET
2013-03-30 15:19 . 2011-07-01 15:36    149456    ----a-w-    c:\windows\SGDetectionTool.dll
2013-03-30 15:19 . 2011-07-01 15:36    767952    ----a-w-    c:\windows\BDTSupport.dll
2013-03-30 15:19 . 2011-07-01 15:36    2029520    ----a-w-    c:\windows\PCTBDCore.dll
2013-03-30 15:19 . 2011-07-01 15:36    1533904    ----a-w-    c:\windows\PCTBDRes.dll
2013-03-30 15:07 . 2011-07-11 09:05    337048    ----a-w-    c:\windows\system32\drivers\pctgntdi64.sys
2013-03-30 15:07 . 2011-07-11 09:05    143896    ----a-w-    c:\windows\system32\drivers\pctwfpfilter64.sys
2013-03-30 15:07 . 2010-07-16 14:53    816016    ----a-w-    c:\windows\system32\drivers\pctEFA64.sys
2013-03-30 15:07 . 2010-06-29 10:35    452872    ----a-w-    c:\windows\system32\drivers\pctDS64.sys
2013-03-30 15:07 . 2011-07-11 12:02    282440    ----a-w-    c:\windows\system32\drivers\PCTCore64.sys
2013-03-30 15:07 . 2011-03-10 09:08    279344    ----a-w-    c:\windows\system32\drivers\PCTSD64.sys
2013-03-30 00:40 . 2013-03-30 00:40    --------    d-----w-    c:\users\Eoin\AppData\Roaming\Product_RM
2013-03-25 20:23 . 2013-03-25 20:23    --------    d-sh--w-    c:\programdata\DSS
2013-03-25 20:22 . 2011-03-19 15:16    1417216    ----a-w-    c:\windows\SysWow64\rapture3d_oal.dll
2013-03-25 20:22 . 2010-09-22 13:12    19087360    ----a-w-    c:\windows\SysWow64\mkl_blueripple.dll
2013-03-25 20:22 . 2013-03-25 20:22    --------    d-----w-    c:\program files (x86)\BRS
2013-03-25 20:22 . 2013-03-25 20:22    109080    ----a-w-    c:\windows\SysWow64\OpenAL32.dll
2013-03-24 18:09 . 2013-03-24 18:18    --------    d-----w-    C:\Casino
2013-03-21 02:28 . 2012-11-23 03:13    68608    ----a-w-    c:\windows\system32\taskhost.exe
2013-03-20 15:51 . 2013-03-20 15:51    --------    d-----w-    c:\windows\system32\SPReview
2013-03-20 15:49 . 2013-03-20 15:49    --------    d-----w-    c:\windows\system32\EventProviders
2013-03-19 12:59 . 2013-02-12 04:12    19968    ----a-w-    c:\windows\system32\drivers\usb8023.sys
2013-03-17 21:10 . 2013-03-17 21:10    281688    ----a-w-    c:\windows\SysWow64\PnkBstrB.exe
2013-03-17 21:10 . 2013-03-17 21:10    281688    ----a-w-    c:\windows\SysWow64\PnkBstrB.xtr
2013-03-17 21:02 . 2013-03-17 21:02    76888    ----a-w-    c:\windows\SysWow64\PnkBstrA.exe
2013-03-16 21:57 . 2013-03-24 18:15    73432    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-16 21:57 . 2013-03-24 18:15    693976    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-14 19:17 . 2013-03-30 21:34    --------    d-----w-    c:\users\Eoin\AppData\Local\Spotify
2013-03-14 19:16 . 2013-03-30 21:44    --------    d-----w-    c:\users\Eoin\AppData\Roaming\Spotify
2013-03-13 17:57 . 2013-03-13 17:57    --------    d-----w-    c:\program files (x86)\SQUARE ENIX
2013-03-13 03:01 . 2013-02-02 06:51    887808    ----a-w-    c:\program files\Internet Explorer\iedvtool.dll
2013-03-13 03:01 . 2013-02-02 03:32    678912    ----a-w-    c:\program files (x86)\Internet Explorer\iedvtool.dll
2013-03-13 03:01 . 2013-02-02 07:31    17815040    ----a-w-    c:\windows\system32\mshtml.dll
2013-03-13 03:01 . 2013-02-02 06:58    10925568    ----a-w-    c:\windows\system32\ieframe.dll
2013-03-12 14:42 . 2013-03-12 14:42    --------    d-----w-    c:\programdata\ATI
2013-03-12 14:42 . 2013-03-12 14:42    --------    d-----w-    c:\program files (x86)\AMD AVT
2013-03-12 14:42 . 2013-03-12 14:42    --------    d-----w-    c:\program files (x86)\AMD APP
2013-03-11 00:23 . 2013-03-11 00:23    --------    d-----w-    c:\program files\AMD
2013-03-11 00:23 . 2013-03-11 00:23    --------    d-----w-    c:\program files\Common Files\ATI Technologies
2013-03-11 00:23 . 2013-03-11 00:23    --------    d-----w-    c:\program files (x86)\Common Files\ATI Technologies
2013-03-11 00:21 . 2013-03-11 00:21    --------    d-----w-    c:\program files (x86)\ATI Technologies
2013-03-11 00:21 . 2013-03-12 14:41    --------    d-----w-    c:\program files\ATI Technologies
2013-03-11 00:07 . 2010-02-23 07:46    23680    ----a-w-    c:\windows\system32\drivers\IOMap64.sys
2013-03-10 23:43 . 2013-03-10 23:43    --------    d-----w-    c:\users\Eoin\AppData\Local\Futuremark
2013-03-10 23:41 . 2013-03-10 23:41    --------    d-----w-    c:\program files\Futuremark
2013-03-10 22:58 . 2013-03-13 17:54    --------    d-----w-    c:\program files (x86)\ASUS
2013-03-10 22:02 . 2013-03-10 22:02    --------    d-----w-    c:\program files\ATI
2013-03-09 20:27 . 2013-03-09 20:27    95648    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-04 21:10 . 2013-03-04 21:27    --------    d-----w-    c:\program files (x86)\Call of Duty Black Ops II Update 3
2013-03-02 23:36 . 2012-11-09 05:45    750592    ----a-w-    c:\windows\system32\win32spl.dll
2013-03-02 23:36 . 2012-11-09 04:43    492032    ----a-w-    c:\windows\SysWow64\win32spl.dll
2013-03-02 23:36 . 2012-11-01 05:43    2002432    ----a-w-    c:\windows\system32\msxml6.dll
2013-03-02 23:36 . 2012-11-01 05:43    1882624    ----a-w-    c:\windows\system32\msxml3.dll
2013-03-02 23:36 . 2012-11-01 04:47    1389568    ----a-w-    c:\windows\SysWow64\msxml6.dll
2013-03-02 23:36 . 2012-11-01 04:47    1236992    ----a-w-    c:\windows\SysWow64\msxml3.dll
2013-03-02 23:36 . 2012-11-20 05:48    307200    ----a-w-    c:\windows\system32\ncrypt.dll
2013-03-02 23:36 . 2012-11-20 04:51    220160    ----a-w-    c:\windows\SysWow64\ncrypt.dll
2013-03-02 23:36 . 2012-11-22 05:44    800768    ----a-w-    c:\windows\system32\usp10.dll
2013-03-02 23:36 . 2012-11-22 04:45    626688    ----a-w-    c:\windows\SysWow64\usp10.dll
2013-03-02 16:51 . 2013-03-27 10:19    --------    d-----w-    c:\program files (x86)\SpeedFan
2013-03-01 21:05 . 2013-03-01 21:05    --------    d-----w-    c:\program files (x86)\GameSpy
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-25 20:22 . 2011-03-22 23:32    122904    ----a-w-    c:\windows\system32\OpenAL32.dll
2013-03-20 16:00 . 2009-07-14 02:36    175616    ----a-w-    c:\windows\system32\msclmd.dll
2013-03-20 16:00 . 2009-07-14 02:36    152576    ----a-w-    c:\windows\SysWow64\msclmd.dll
2013-03-13 03:02 . 2011-03-17 18:05    72013344    ----a-w-    c:\windows\system32\MRT.exe
2013-03-09 20:27 . 2012-07-04 22:02    861088    ----a-w-    c:\windows\SysWow64\npdeployJava1.dll
2013-03-09 20:27 . 2011-03-17 17:36    782240    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-03-08 01:06 . 2012-12-13 12:13    18960    ----a-w-    c:\windows\system32\drivers\LNonPnP.sys
2013-02-28 17:22 . 2013-02-28 17:22    20832    ----a-w-    c:\windows\system32\drivers\ddcdrv.sys
2013-02-28 17:22 . 2013-02-28 17:22    155528    ----a-w-    c:\windows\system32\DDCHELPER.dll
2013-02-19 03:05 . 2013-02-18 16:14    2549120    ----a-w-    c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
2013-02-12 05:45 . 2013-03-21 02:29    135168    ----a-w-    c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-21 02:29    350208    ----a-w-    c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-21 02:29    308736    ----a-w-    c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-21 02:29    111104    ----a-w-    c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-21 02:29    474112    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-21 02:29    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-02-06 13:55 . 2013-02-06 13:55    21712    ----a-w-    c:\windows\SysWow64\drivers\DrvAgent64.SYS
2013-02-01 01:05 . 2013-02-01 01:05    283200    ----a-w-    c:\windows\system32\drivers\dtsoftbus01.sys
2013-02-01 00:55 . 2011-10-11 12:06    564824    ----a-w-    c:\windows\system32\drivers\sptd.sys
2013-01-17 01:28 . 2011-03-17 17:16    273840    ------w-    c:\windows\system32\MpSigStub.exe
2013-01-05 05:53 . 2013-02-13 03:53    5553512    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-13 03:53    3967848    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 03:53    3913064    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46 . 2013-02-13 03:52    215040    ----a-w-    c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-13 03:52    5120    ----a-w-    c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-13 03:52    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-13 03:53    3153408    ----a-w-    c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-13 03:52    25600    ----a-w-    c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-13 03:52    7680    ----a-w-    c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-13 03:52    2048    ----a-w-    c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-13 03:52    14336    ----a-w-    c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-13 03:52    1913192    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-13 03:52    288088    ----a-w-    c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-02-06 21:39    222712    ----a-w-    c:\users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-02-06 21:39    222712    ----a-w-    c:\users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-02-06 21:39    222712    ----a-w-    c:\users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Eoin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-03-25 1104280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-12-18 38112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"PCTools FGuard"="c:\program files (x86)\PC Tools Security\BDT\FGuard.exe" [2011-07-01 247760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-04-12 93360]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2012-10-08 31968]
R3 cpuz130;cpuz130;c:\users\Eoin\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
R3 DABlackFltr;DeathAdder Black Edition Mouse;c:\windows\system32\drivers\DABlack.sys [2010-11-29 23040]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-12-17 137488]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [x]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2011-09-29 27136]
R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2010-10-22 14136]
R3 NTIOLib_1_0_6;NTIOLib_1_0_6;c:\program files (x86)\Setup Files\Ms7640v1F0\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;c:\msi\MSI SUITE\NTIOLib_X64.sys [x]
R3 NTIOLib_1_1_S;NTIOLib_1_1_S;c:\msi\MSI SUITE\Super-Charger\NTIOLib_X64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 rzdaendpt;Razer DeathAdder end point;c:\windows\system32\DRIVERS\rzdaendpt.sys [2012-10-25 25600]
R3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2011-03-31 126464]
R3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys [2012-10-25 113664]
R3 rzvkeyboard;Razer Virtual Keyboard Driver;c:\windows\system32\DRIVERS\rzvkeyboard.sys [2012-10-25 23040]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2011-02-18 371472]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 UCOREW64;UCOREW64;c:\program files (x86)\Setup Files\Ms7640v1F0\UCOREW64.SYS [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-05 1255736]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2011-07-11 282440]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2010-06-29 452872]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2010-07-16 816016]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-02-01 283200]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2011-03-10 279344]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe [2012-01-17 55296]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2011-07-01 337872]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2012-07-02 2232504]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-08-30 8704]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-08-21 794272]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\windows\system32\drivers\DDCDrv.sys [2013-02-28 20832]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [2012-10-02 66360]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 TRIXX;TRIXX;c:\users\Eoin\AppData\Local\Temp\TRIXX.sys [x]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [2010-10-01 13312]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - TRIXX
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-14 00:50    1629648    ----a-w-    c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-16 18:15]
.
2013-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-11 00:20]
.
2013-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-11 00:20]
.
2013-03-31 c:\windows\Tasks\RMAutoUpdate.job
- c:\program files (x86)\PC Tools\PC Tools Registry Mechanic\SULauncher.exe [2013-03-30 14:44]
.
2013-03-31 c:\windows\Tasks\RMSchedule.job
- c:\program files (x86)\PC Tools\PC Tools Registry Mechanic\RegMech.exe [2013-03-30 14:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-02-06 21:39    261624    ----a-w-    c:\users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-02-06 21:39    261624    ----a-w-    c:\users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-02-06 21:39    261624    ----a-w-    c:\users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-11-29 13261456]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-11-29 7406392]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.privitize.com/?aff=7
mStart Page = hxxp://search.privitize.com/?aff=7
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 89.101.160.5 89.101.160.4
FF - ProfilePath - c:\users\Eoin\AppData\Roaming\Mozilla\Firefox\Profiles\wn9wlpzb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://search.privitize.com/?aff=7&q=
FF - ExtSQL: 2013-02-19 00:07; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Eoin\AppData\Roaming\Mozilla\Firefox\Profiles\wn9wlpzb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-03-30 15:19; {cb84136f-9c44-433a-9048-c5cd9df1dc16}; c:\program files (x86)\PC Tools Security\BDT\Firefox
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Final Fantasy VII - c:\program files (x86)\Final Fantasy VII\Uninst.isu
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4060483818-2136790348-731521269-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Locales\e*n**è«W*Þ ]
@Allowed: (Read) (RestrictedCode)
@SACL=(02 0001)
"LP_LastUpdateTime"="0"
"LP_LastCheckTime"=dword:50c8c000
.
[HKEY_USERS\S-1-5-21-4060483818-2136790348-731521269-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-4060483818-2136790348-731521269-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-4060483818-2136790348-731521269-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:43,d8,bc,42,f8,c5,6d,38,7e,61,85,49,cc,57,41,18,11,36,6e,4e,b8,47,2c,
   d9,30,06,c7,d6,6d,90,3a,33,0c,f7,64,72,04,d2,75,d9,d0,58,96,bf,da,6b,76,f0,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-4060483818-2136790348-731521269-1000\Software\SecuROM\License information*]
"datasecu"=hex:11,61,e6,2b,f6,57,fb,43,df,b6,d6,e5,1c,3c,52,d3,20,17,28,bd,67,
   22,35,8f,54,cf,a4,af,98,b8,f8,37,c4,5e,eb,d0,0a,48,bc,06,84,3c,af,61,03,e3,\
"rkeysecu"=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\bgsvcgen.exe
c:\program files (x86)\Giraffic\Veoh_Giraffic.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2013-03-31  19:25:46 - machine was rebooted
ComboFix-quarantined-files.txt  2013-03-31 18:25
ComboFix2.txt  2013-03-31 16:04
.
Pre-Run: 426,086,121,472 bytes free
Post-Run: 425,998,106,624 bytes free
.
- - End Of File - - 29F2029B5B59A3534F244736E556301D
Upload was successful
 

 

2. malwarebytes

 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.31.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Eoin :: QUORRA [administrator]

31/03/2013 19:33:08
mbam-log-2013-03-31 (19-33-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 243977
Time elapsed: 3 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

3. eset scan ( took almost 4 hours )

 

C:\Program Files (x86)\EA\Bulletstorm\Binaries\Win32\xlive.dll    a variant of Win32/Packed.VMProtect.AAD trojan
C:\Qoobox\Quarantine\[4]-Submit_2013-03-31_19.11.21.zip    VBS/Agent.NGJ trojan
C:\Users\Eoin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\7995f9f0-6f383f48    a variant of Java/TrojanDownloader.OpenStream.NCU trojan
C:\Users\Eoin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\4bae2371-361bc7a7    probably a variant of Java/Exploit.CVE-2012-0507.FA trojan
C:\Users\Eoin\AppData\Roaming\Adobe\color.vbe    VBS/Agent.NGJ trojan
C:\Users\Eoin\Desktop\HTC Pics\xxx-1.apk    Android/TrojanSMS.Agent.CY trojan
C:\Users\Eoin\Desktop\HTC Pics\xxx.apk    Android/TrojanSMS.Agent.CY trojan
I:\Fable.III-SKIDROW\sr-fable3.iso    a variant of Win32/Packed.VMProtect.AAA trojan
 

 

4. system checkup scan

 

 Results of screen317's Security Check version 0.99.61  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Spyware Doctor with AntiVirus   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Spyware Doctor with AntiVirus 8.0
 Malwarebytes Anti-Malware version 1.70.0.1100  
 Java 7 Update 17  
 Adobe Flash Player 11.6.602.180  
 Adobe Reader 10.1.6 Adobe Reader out of Date!  
 Mozilla Firefox 17.0.1 Firefox out of Date!  
 Google Chrome 25.0.1364.152  
 Google Chrome 25.0.1364.172  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 



#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:43 AM

Posted 01 April 2013 - 05:54 PM

Hi!

My apologizes, I should have made you aware of that when I provided you with the ComboFix script instructions, that it would be submitting a file to me for analysis.

Do you recognize the following file?

I:\Fable.III-SKIDROW\sr-fable3.iso a variant of Win32/Packed.VMProtect.AAA trojan

Did it come from a reliable source?

---------


Please do the following:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :reg
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va009 /s
    :service
    X6va009
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop entitled SystemLook.txt

    -------------


    VirusTotal File Scan
    Please go to: VirusTotal

    virustotal2-SWI.png
    • Click the Browse button and search for the following file: C:\Users\Eoin\Desktop\HTC Pics\xxx-1.apk
    • Click Open
    • Then click Send File
    • Please be patient while the file is scanned.
    • Once the scan results appear, please provide them in your next reply.
    If it says already scanned -- click "reanalyze now"

    Please repeat the above process for the following files below:

    C:\Users\Eoin\Desktop\HTC Pics\xxx.apk
    C:\Program Files (x86)\EA\Bulletstorm\Binaries\Win32\xlive.dll


    Please post the results in your next reply

    -----------


    OTL Fix

    We need to run an OTL Fix

    Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.
  • Please reopen otlicon.png on your desktop.
  • Copy and Paste the following code into the customscanfix.png textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    
    :Reg
    
    :Files
    C:\Qoobox\Quarantine\[4]-Submit_2013-03-31_19.11.21.zip
    C:\Users\Eoin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\7995f9f0-6f383f48
    C:\Users\Eoin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\4bae2371-361bc7a7
    C:\Users\Eoin\AppData\Roaming\Adobe\color.vbe
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push runfix.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
  • NEXT:



    How are things with your computer behaving?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#12 Doyler86

Doyler86
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 01 April 2013 - 06:37 PM

Hi as for the file you mentioned at the begining it is on my external HD i can delete if you think it's causing problems.

Also it's kinda scary how many infections have been found especially the ones i got on my HTC phone.

Oh and the GPU usage seems stable again now :) I'm going to reboot and check. if it has gone back to the way it was befor ei will let you know.

 

C:\Users\Eoin\Desktop\HTC Pics\xxx-1.apk

Antivirus Result Update Agnitum - 20130401 AhnLab-V3 Android-Trojan/FakeInst 20130401 AntiVir Android/FakeInst.BD 20130401 Antiy-AVL Trojan/AndroidOS.Opfake 20130401 Avast Android:SMSAgent-V [Trj] 20130402 AVG Android_dc.JV 20130402 BitDefender Android.Trojan.FakeInst.BD 20130402 ByteHero - 20130322 CAT-QuickHeal Android.Fakeinst.Q 20130401 ClamAV - 20130401 Commtouch AndroidOS/FakeInst.L 20130401 Comodo UnclassifiedMalware 20130401 DrWeb Android.SmsSend.359.origin 20130402 Emsisoft Android.Trojan.FakeInst.BD ( B) 20130402 eSafe - 20130328 ESET-NOD32 Android/TrojanSMS.Agent.CY 20130401 F-Prot AndroidOS/FakeInst.L 20130401 F-Secure Trojan:Android/Fakeinst.M 20130402 Fortinet Android/OpFake.A!tr.dial 20130401 GData Android.Trojan.FakeInst.BD 20130402 Ikarus Virus.Android_dc 20130401 Jiangmin - 20130331 K7AntiVirus - 20130401 Kaspersky HEUR:Trojan-SMS.AndroidOS.Opfake.a 20130401 Kingsoft Android.Troj.FakeInst.BD.v.(kcloud) 20130401 Malwarebytes - 20130402 McAfee - 20130402 McAfee-GW-Edition - 20130402 Microsoft - 20130402 MicroWorld-eScan Android.Trojan.FakeInst.BD 20130402 NANO-Antivirus - 20130401 Norman - 20130401 nProtect - 20130401 Panda - 20130401 PCTools - 20130401 Rising - 20130328 Sophos Andr/Opfake-J 20130402 SUPERAntiSpyware - 20130402 Symantec - 20130401 TheHacker - 20130401 TotalDefense AndroidOS/MalAndroid 20130401 TrendMicro AndroidOS_FAKE.CDE 20130401 TrendMicro-HouseCall TROJ_GEN.FCBHZIH 20130402 VBA32 Trojan-SMS.AndroidOS.Opfake.a 20130330 VIPRE Trojan.AndroidOS.OpFake.j 20130402 ViRobot - 20130401

 

 


C:\Users\Eoin\Desktop\HTC Pics\xxx.apk

 

Antivirus Result Update Agnitum - 20130401 AhnLab-V3 Android-Trojan/FakeInst 20130401 AntiVir Android/FakeInst.BD 20130401 Antiy-AVL Trojan/AndroidOS.Opfake 20130401 Avast Android:SMSAgent-V [Trj] 20130402 AVG Android_dc.JV 20130402 BitDefender Android.Trojan.FakeInst.BD 20130402 ByteHero - 20130322 CAT-QuickHeal Android.Fakeinst.Q 20130401 ClamAV - 20130401 Commtouch AndroidOS/FakeInst.L 20130401 Comodo UnclassifiedMalware 20130401 DrWeb Android.SmsSend.359.origin 20130402 Emsisoft Android.Trojan.FakeInst.BD ( B) 20130402 eSafe - 20130328 ESET-NOD32 Android/TrojanSMS.Agent.CY 20130401 F-Prot AndroidOS/FakeInst.L 20130401 F-Secure Trojan:Android/Fakeinst.M 20130402 Fortinet Android/OpFake.A!tr.dial 20130401 GData Android.Trojan.FakeInst.BD 20130402 Ikarus Virus.Android_dc 20130401 Jiangmin - 20130331 K7AntiVirus - 20130401 Kaspersky HEUR:Trojan-SMS.AndroidOS.Opfake.a 20130401 Kingsoft Android.Troj.FakeInst.BD.v.(kcloud) 20130401 Malwarebytes - 20130402 McAfee - 20130402 McAfee-GW-Edition - 20130402 Microsoft - 20130402 MicroWorld-eScan - 20130402 NANO-Antivirus - 20130401 Norman - 20130401 nProtect - 20130401 Panda - 20130401 PCTools - 20130401 Rising - 20130328 Sophos Andr/Opfake-J 20130402 SUPERAntiSpyware - 20130402 Symantec - 20130401 TheHacker - 20130401 TotalDefense AndroidOS/MalAndroid 20130401 TrendMicro AndroidOS_FAKE.CDE 20130401 TrendMicro-HouseCall TROJ_GEN.FCBHZIH 20130402 VBA32 Trojan-SMS.AndroidOS.Opfake.a 20130330 VIPRE Trojan.AndroidOS.OpFake.j 20130402 ViRobot - 20130401

 

C:\Program Files (x86)\EA\Bulletstorm\Binaries\Win32\xlive.dll

 

Antivirus Result Update Agnitum Trojan.Packed!3E00eXxuWgQ 20130401 AhnLab-V3 - 20130401 AntiVir - 20130401 Antiy-AVL - 20130401 Avast - 20130402 AVG - 20130402 BitDefender - 20130402 ByteHero - 20130322 CAT-QuickHeal - 20130401 ClamAV - 20130401 Commtouch - 20130401 Comodo UnclassifiedMalware 20130401 DrWeb - 20130402 Emsisoft Packed.Win32.VMProtect.AAD (A) 20130402 eSafe - 20130328 ESET-NOD32 a variant of Win32/Packed.VMProtect.AAD 20130401 F-Prot - 20130401 F-Secure - 20130402 Fortinet - 20130401 GData - 20130402 Ikarus - 20130401 Jiangmin - 20130331 K7AntiVirus - 20130401 Kaspersky - 20130401 Kingsoft - 20130401 Malwarebytes - 20130402 McAfee Artemis!92AD87AD9411 20130402 McAfee-GW-Edition Artemis!92AD87AD9411 20130402 Microsoft - 20130402 MicroWorld-eScan - 20130402 NANO-Antivirus - 20130401 Norman Suspicious_Gen4.CNBXY 20130401 nProtect - 20130401 Panda Trj/Thed.W 20130401 PCTools - 20130401 Rising - 20130328 Sophos Mal/Generic-S 20130402 SUPERAntiSpyware - 20130402 Symantec - 20130402 TheHacker - 20130401 TotalDefense - 20130401 TrendMicro - 20130402 TrendMicro-HouseCall - 20130402 VBA32 - 20130330 VIPRE - 20130402 ViRobot - 20130401

 

 

If i did those scans wrong let me know and i will do them again.

 

All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
C:\Qoobox\Quarantine\[4]-Submit_2013-03-31_19.11.21.zip moved successfully.
C:\Users\Eoin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\7995f9f0-6f383f48 moved successfully.
C:\Users\Eoin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\4bae2371-361bc7a7 moved successfully.
C:\Users\Eoin\AppData\Roaming\Adobe\color.vbe moved successfully.
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\Windows\system32\drivers\etc\hosts
C:\Users\Eoin\Desktop\cmd.bat deleted successfully.
C:\Users\Eoin\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Eoin\Desktop\cmd.bat deleted successfully.
C:\Users\Eoin\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Eoin
->Temp folder emptied: 6409304 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 5276919 bytes
->FireFox cache emptied: 1548332838 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 21040 bytes
 
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 23398526 bytes
->Flash cache emptied: 42450 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 401408 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1,511.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Eoin
->Flash cache emptied: 0 bytes
 
User: Guest
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
 
[EMPTYJAVA]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Eoin
->Java cache emptied: 0 bytes
 
User: Guest
->Java cache emptied: 0 bytes
 
User: Public
 
Total Java Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04022013_002148

Files\Folders moved on Reboot...
C:\Users\Eoin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 


Edited by Doyler86, 01 April 2013 - 06:44 PM.


#13 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:43 AM

Posted 02 April 2013 - 12:38 PM

Hi!

Do you have a subscription to Spyware Doctor

I'm going to remove those 3 files that I asked you to scan with VirusTotal. They look to be infected.

I don't think you'll be able to submit this file below:

I:\Fable.III-SKIDROW\sr-fable3.iso a variant of Win32/Packed.VMProtect.AAA trojan

Due to the file size of it.

It's showing as being detected by ESET. If it didn't come from a source that you can be sure is clean, I'd definitely remove it then. I'll leave the decision up to you on what you want to do with that file.

____________________________________________________

From the looks of your SecurityCheck log, I can see that we have some outdated programs that need to be updated.

Lets address those programs that need updating now!

-----

Your version of Firefox is outdated. I also suggest that you update that to the latest version.


Java Outdated

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
  • Microsoft: ëUnprecedented Wave of Java Exploitationí
  • Drive-by Trojan preying on out-of-date Java installations
  • Ghosts of Java Haunt Users
  • Please follow these steps to remove older version Java components and update:
    • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
    • Look for "Java Platform, Standard Edition".
    • Click the "Download JRE" button to the right.
    • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • From the list, select your OS and Platform:
      • 32-bit Select: Windows x86 Offline.
      • 64-bit Select: Windows x64.
    • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    Go to StartBtn.gif > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-7u11-windows-i586-s.exe (or jre-7u11-windows-x64.exe for 64-bit) to install the newest version.
    • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
    • When the Java Setup - Welcome window opens, click the Install > button.
    • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
    • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
    Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
    To disable the JQS service if you don't want to use it:
    • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
    • Click Ok and reboot your computer.
    NEXT



    Update Adobe Reader
    Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy
    • Go to Start > Control Panel > Add/Remove Programs
    • Remove ALL instances of Adobe Reader
    • Re-boot your computer as required.
    • Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader
    Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.



    NEXT:



    OTL Fix

    We need to run an OTL Fix
    • Please reopen otlicon.png on your desktop.
    • Copy and Paste the following code into the customscanfix.png textbox.
      :Services
      :OTL
      
      :Reg
      
      :Files
      C:\Users\Eoin\Desktop\HTC Pics\xxx-1.apk
      C:\Users\Eoin\Desktop\HTC Pics\xxx.apk
      C:\Program Files (x86)\EA\Bulletstorm\Binaries\Win32\xlive.dll
      echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
      ipconfig /flushdns /c
      :Commands
      [purity]
      [resethosts]
      [CreateRestorePoint]
      [emptytemp]
      [EMPTYFLASH]
      
    • Push runfix.png
    • OTL may ask to reboot the machine. Please do so if asked.
    • Click the OK button.
    • A report will open. Copy and Paste that report in your next reply.
    • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
    NEXT:



    OTL Custom Scan

    We need to run an OTL Custom Scan
    • Please reopen otlicon.png on your desktop.
    • Copy and Paste the following code into the customscanfix.png textbox.


      netsvcs
      drivers32
      hklm\software\clients\startmenuinternet|command /rs
      %systemroot%\*. /rp /s
      %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
      %systemdrive%\$Recycle.Bin|@;true;true;true
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

    • Push the qscan.png button.
    • A report will open. Copy and Paste that report in your next reply.
    NEXT:



    What outstanding issues (if any) are you still experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#14 Doyler86

Doyler86
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 02 April 2013 - 01:49 PM

Hi again! There doesn't seem to be any issues that with my system that I can tell at the moment.

Thanks for the link to foxit reader by the way!

By the way I hope you don't mind me asking but what was it that was on my system and why could i not remove it? and how did it just "re-install" itself if i did try to remove it.

I'm a geek with reading about stuff abd learning about things like this! even point me in the direction of where can i find out more, Thanks.

 

 

 

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
C:\Users\Eoin\Desktop\HTC Pics\xxx-1.apk moved successfully.
C:\Users\Eoin\Desktop\HTC Pics\xxx.apk moved successfully.
C:\Program Files (x86)\EA\Bulletstorm\Binaries\Win32\xlive.dll moved successfully.
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\Windows\system32\drivers\etc\Hosts
C:\Users\Eoin\Desktop\cmd.bat deleted successfully.
C:\Users\Eoin\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Eoin\Desktop\cmd.bat deleted successfully.
C:\Users\Eoin\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Eoin
->Temp folder emptied: 71711 bytes
->Temporary Internet Files folder emptied: 762063 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 18334488 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 1916 bytes
 
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4574 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 8111697920 bytes
 
Total Files Cleaned = 7,754.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Eoin
->Flash cache emptied: 0 bytes
 
User: Guest
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04022013_193104

Files\Folders moved on Reboot...
C:\Users\Eoin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

 

OTL logfile created on: 02/04/2013 19:36:35 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Eoin\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy
 
8.00 Gb Total Physical Memory | 6.20 Gb Available Physical Memory | 77.57% Memory free
16.00 Gb Paging File | 13.87 Gb Available in Paging File | 86.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 387.41 Gb Free Space | 41.59% Space Free | Partition Type: NTFS
Drive I: | 931.51 Gb Total Space | 577.11 Gb Free Space | 61.95% Space Free | Partition Type: NTFS
 
Computer Name: QUORRA | User Name: Eoin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/04/02 19:11:18 | 001,104,280 | ---- | M] (Spotify Ltd) -- C:\Users\Eoin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/03/30 23:23:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Eoin\Desktop\OTL.exe
PRC - [2013/03/17 22:02:18 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013/02/07 10:38:24 | 005,534,016 | ---- | M] () -- C:\Program Files (x86)\Sapphire TRIXX\TRIXX.exe
PRC - [2012/12/13 15:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/12/05 02:06:30 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/08/21 15:43:58 | 000,794,272 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2012/07/02 16:25:14 | 002,232,504 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
PRC - [2012/07/02 16:24:54 | 003,790,504 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe
PRC - [2012/01/18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2012/01/17 12:24:10 | 000,055,296 | ---- | M] () -- C:\Windows\SysWOW64\ASGT.exe
PRC - [2011/11/11 15:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/07/01 16:36:48 | 000,247,760 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
PRC - [2011/07/01 16:36:44 | 000,337,872 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2010/11/17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2007/06/15 13:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\SysWOW64\bgsvcgen.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/02/07 10:38:24 | 005,534,016 | ---- | M] () -- C:\Program Files (x86)\Sapphire TRIXX\TRIXX.exe
MOD - [2012/12/05 02:06:30 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/11/11 15:08:18 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/11/11 15:08:18 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/11/11 15:08:18 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/11/11 15:08:18 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/11/11 15:08:06 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012/12/19 20:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/12/19 16:32:12 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/03/29 20:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/03/24 19:15:37 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/17 22:02:18 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/17 16:46:50 | 000,137,488 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2012/12/13 15:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/12/05 02:06:30 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/30 18:23:26 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012/08/21 15:43:58 | 000,794,272 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2012/07/09 01:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/07/02 16:25:14 | 002,232,504 | ---- | M] (Giraffic) [Auto | Running] -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)
SRV - [2012/01/18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2012/01/17 12:24:10 | 000,055,296 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ASGT.exe -- (ASGT)
SRV - [2011/07/01 16:36:44 | 000,337,872 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2011/04/06 17:53:36 | 001,117,144 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2011/02/18 12:14:04 | 000,371,472 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/06/15 13:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/02/28 18:22:20 | 000,020,832 | ---- | M] (Nicomsoft Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ddcdrv.sys -- (WinI2C-DDC)
DRV:64bit: - [2013/02/01 02:05:13 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/12/19 21:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/12/19 20:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/11/06 12:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/10/25 03:18:36 | 000,025,600 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rzdaendpt.sys -- (rzdaendpt)
DRV:64bit: - [2012/10/25 03:18:32 | 000,023,040 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rzvkeyboard.sys -- (rzvkeyboard)
DRV:64bit: - [2012/10/25 03:18:26 | 000,113,664 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
DRV:64bit: - [2012/10/08 20:52:52 | 000,031,968 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice)
DRV:64bit: - [2012/10/02 23:26:46 | 000,066,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2012/09/28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/12 16:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/04/09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2012/04/09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.0)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 07:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/09/29 08:04:22 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2011/07/11 13:02:34 | 000,282,440 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/12 18:39:28 | 000,093,360 | ---- | M] (Sunbelt Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\SBREDrv.sys -- (SBRE)
DRV:64bit: - [2011/03/31 15:01:50 | 000,126,464 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 10:08:22 | 000,279,344 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PCTSD64.sys -- (PCTSD)
DRV:64bit: - [2011/02/10 14:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 14:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/29 19:22:16 | 000,023,040 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DABlack.sys -- (DABlackFltr)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/09 15:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/10/01 01:16:34 | 000,013,312 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VKbms.sys -- (VKbms)
DRV:64bit: - [2010/09/07 11:37:26 | 000,121,432 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2010/07/16 15:53:32 | 000,816,016 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2010/06/29 11:35:34 | 000,452,872 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/11/24 02:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/24 02:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/11/12 22:42:18 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2009/08/21 09:52:09 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/10 14:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATITool64.sys -- (ATITool)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/03/09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.privitize.com/?aff=7
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{13DD2268-265C-45F7-A5A4-BE2A92B21230}: "URL" = ${SEARCH_URL}{searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.privitize.com/?aff=7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-IE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6B C2 62 D1 81 83 CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {13DD2268-265C-45F7-A5A4-BE2A92B21230}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{13DD2268-265C-45F7-A5A4-BE2A92B21230}: "URL" = http://search.privitize.com/?aff=7&q={searchTerms}
IE - HKCU\..\SearchScopes\{892B73C1-9636-4028-88E9-C9962C71026A}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Privitize VPN"
FF - prefs.js..browser.search.defaultenginename: "Privitize VPN"
FF - prefs.js..browser.search.order.1: "Privitize VPN"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "http://search.privitize.com/?aff=7&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Eoin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/28 16:55:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools Security\BDT\Firefox\ [2013/03/30 16:19:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/05 02:06:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/04/02 19:24:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/05 02:06:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/04/02 19:24:13 | 000,000,000 | ---D | M]
 
[2011/03/17 18:15:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eoin\AppData\Roaming\Mozilla\Extensions
[2013/03/04 22:33:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eoin\AppData\Roaming\Mozilla\Firefox\Profiles\wn9wlpzb.default\extensions
[2012/12/23 19:31:03 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\Eoin\AppData\Roaming\Mozilla\Firefox\Profiles\wn9wlpzb.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2012/12/12 16:39:23 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Eoin\AppData\Roaming\Mozilla\Firefox\Profiles\wn9wlpzb.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012/08/03 01:43:47 | 000,000,000 | ---D | M] (YTshowRating) -- C:\Users\Eoin\AppData\Roaming\Mozilla\Firefox\Profiles\wn9wlpzb.default\extensions\jid1-m7xzZLMj29zzjA@jetpack
[2013/02/19 01:07:00 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Eoin\AppData\Roaming\Mozilla\Firefox\Profiles\wn9wlpzb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/11/07 19:41:40 | 000,002,089 | ---- | M] () -- C:\Users\Eoin\AppData\Roaming\Mozilla\Firefox\Profiles\wn9wlpzb.default\searchplugins\Startpins.xml
[2012/12/05 02:06:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/12/20 04:24:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/12/05 02:06:30 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/07/11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/12/05 02:06:30 | 000,001,738 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/08/29 22:32:00 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/12/05 02:06:30 | 000,001,148 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/12/05 02:06:30 | 000,001,379 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/10/12 02:11:24 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/12/05 02:06:30 | 000,001,334 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Privitize VPN (Enabled)
CHR - default_search_provider: search_url = http://search.privitize.com/?aff=7&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://search.privitize.com/?aff=7
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: registryAccess (Enabled) = C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaodnbkkemkkaekocofmphoadofkdh\7.14.1.0_0\background/registryAccess.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Eoin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Skype Click to Call = C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/04/02 19:31:04 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" File not found
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Eoin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKLM..\RunOnce\Setup: [Registering MS MPEG4 ActiveX filter...] C:\Windows\SysWOW64\MPG4ds32.ax (Microcrap Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.101.160.5 89.101.160.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C42AB6B3-63F2-4266-BD29-FAB5B945D081}: DhcpNameServer = 89.101.160.5 89.101.160.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD81CA8D-07AF-4F93-A0B3-260C424F8F9E}: DhcpNameServer = 89.101.160.5 89.101.160.4
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/22 02:34:49 | 000,000,000 | R--D | M] - I:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)
Drivers32: vidc.MP42 - C:\Windows\SysWow64\MPG4c32.dll (Microsoft Corporation)
Drivers32: vidc.MP43 - C:\Windows\SysWow64\MPG4c32.dll (Microsoft Corporation)
Drivers32: vidc.MPG4 - C:\Windows\SysWow64\MPG4c32.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/04/02 19:30:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2013/04/02 19:30:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2013/04/02 19:25:51 | 016,461,048 | ---- | C] (Foxit Corporation                                           ) -- C:\Users\Eoin\Desktop\FoxitReader545.0124_enu_Setup.exe
[2013/04/02 19:21:34 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/04/02 19:20:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/04/02 00:21:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/01 18:45:16 | 000,000,000 | ---D | C] -- C:\Users\Eoin\Desktop\World of Warcraft 3.3.5a (no install)
[2013/03/31 19:20:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/03/31 19:18:47 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/03/31 16:34:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/03/31 16:34:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/03/31 16:34:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/03/31 16:34:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/31 16:32:28 | 005,045,447 | R--- | C] (Swearware) -- C:\Users\Eoin\Desktop\ComboFix.exe
[2013/03/31 01:52:48 | 000,000,000 | ---D | C] -- C:\Users\Eoin\Documents\intrusion2
[2013/03/30 23:43:53 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Eoin\Desktop\aswMBR.exe
[2013/03/30 23:23:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Eoin\Desktop\OTL.exe
[2013/03/30 21:42:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/03/30 21:41:32 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Eoin\Desktop\esetsmartinstaller_enu.exe
[2013/03/30 21:40:24 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Eoin\Desktop\tdsskiller.exe
[2013/03/30 20:37:03 | 000,000,000 | ---D | C] -- C:\Users\Eoin\Desktop\mbar
[2013/03/30 16:19:06 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2013/03/30 16:19:05 | 002,029,520 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2013/03/30 16:19:05 | 001,533,904 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2013/03/30 16:08:21 | 000,690,312 | ---- | C] (CNET Download.com) -- C:\Users\Eoin\Desktop\cbsidlm-cbsi5_3_0_96-True_Sword-ORG-86771.exe
[2013/03/30 16:07:56 | 000,816,016 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2013/03/30 16:07:56 | 000,452,872 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys
[2013/03/30 16:07:56 | 000,337,048 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2013/03/30 16:07:56 | 000,143,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2013/03/30 16:07:53 | 000,282,440 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2013/03/30 16:07:52 | 000,279,344 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2013/03/30 16:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2013/03/30 16:07:51 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2013/03/30 16:07:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2013/03/30 01:42:56 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox210.ocx
[2013/03/30 01:42:56 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox10.ocx
[2013/03/30 01:42:56 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBoxVB12.ocx
[2013/03/30 01:42:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Registry Mechanic
[2013/03/30 01:42:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2013/03/30 01:42:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2013/03/30 01:40:10 | 000,000,000 | ---D | C] -- C:\Users\Eoin\AppData\Roaming\Product_RM
[2013/03/30 01:40:10 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2013/03/28 18:34:48 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Eoin\Desktop\dds.scr
[2013/03/28 18:34:28 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Eoin\Desktop\HijackThis.exe
[2013/03/28 17:58:18 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/03/25 22:55:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/03/25 21:23:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS
[2013/03/25 21:22:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound
[2013/03/25 21:22:09 | 001,417,216 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\SysWow64\rapture3d_oal.dll
[2013/03/25 21:22:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BRS
[2013/03/24 19:09:09 | 000,000,000 | ---D | C] -- C:\Casino
[2013/03/20 16:51:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2013/03/20 16:49:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2013/03/17 22:02:13 | 000,000,000 | ---D | C] -- C:\Users\Eoin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2013/03/14 22:33:23 | 000,000,000 | ---D | C] -- C:\Users\Eoin\Desktop\HollyWould_X
[2013/03/14 20:17:08 | 000,000,000 | ---D | C] -- C:\Users\Eoin\AppData\Local\Spotify
[2013/03/14 20:16:36 | 000,000,000 | ---D | C] -- C:\Users\Eoin\AppData\Roaming\Spotify
[2013/03/13 18:57:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SQUARE ENIX
[2013/03/12 15:46:24 | 000,000,000 | ---D | C] -- C:\Users\Eoin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sapphire TRIXX
[2013/03/12 15:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013/03/12 15:42:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2013/03/12 15:42:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2013/03/12 15:41:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2013/03/11 01:23:21 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2013/03/11 01:23:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2013/03/11 01:23:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2013/03/11 01:21:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2013/03/11 01:21:16 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2013/03/11 01:07:38 | 000,023,680 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\drivers\IOMap64.sys
[2013/03/11 00:43:34 | 000,000,000 | ---D | C] -- C:\Users\Eoin\Documents\3DMark 11
[2013/03/11 00:43:24 | 000,000,000 | ---D | C] -- C:\Users\Eoin\AppData\Local\Futuremark
[2013/03/11 00:41:46 | 000,000,000 | ---D | C] -- C:\Program Files\Futuremark
[2013/03/10 23:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
[2013/03/10 23:58:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
[2013/03/10 23:58:03 | 000,000,000 | ---D | C] -- C:\Users\Eoin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUS
[2013/03/10 23:02:31 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2013/03/10 21:17:16 | 012,936,704 | ---- | C] (Phyxion.net) -- C:\Users\Eoin\Desktop\Driver Sweeper.exe
[2013/03/09 00:58:01 | 000,000,000 | ---D | C] -- C:\Users\Eoin\Documents\SimCity 4
[2013/03/07 00:50:43 | 000,000,000 | ---D | C] -- C:\Users\Eoin\Documents\Hitman Blood Money
[2013/03/04 22:10:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Call of Duty Black Ops II Update 3
 
========== Files - Modified Within 30 Days ==========
 
[2013/04/02 19:33:53 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/02 19:33:45 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\RMAutoUpdate.job
[2013/04/02 19:33:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/02 19:32:43 | 2146,836,479 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/02 19:31:04 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/04/02 19:30:18 | 000,001,150 | ---- | M] () -- C:\Users\Eoin\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2013/04/02 19:30:17 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013/04/02 19:29:36 | 016,461,048 | ---- | M] (Foxit Corporation                                           ) -- C:\Users\Eoin\Desktop\FoxitReader545.0124_enu_Setup.exe
[2013/04/02 19:25:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/02 19:22:25 | 000,020,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/02 19:22:25 | 000,020,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/02 19:19:55 | 001,331,970 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/02 19:19:55 | 000,674,352 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/02 19:19:55 | 000,424,766 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2013/04/02 19:19:55 | 000,129,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/02 19:19:55 | 000,129,458 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2013/04/02 19:00:06 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2013/04/02 18:51:34 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/02 00:06:00 | 000,139,264 | ---- | M] () -- C:\Users\Eoin\Desktop\SystemLook.exe
[2013/04/01 19:38:49 | 000,196,851 | ---- | M] () -- C:\Users\Eoin\Desktop\Wow 2013-04-01 19-38-48-87.jpg
[2013/04/01 19:38:48 | 000,189,471 | ---- | M] () -- C:\Users\Eoin\Desktop\Wow 2013-04-01 19-38-48-39.jpg
[2013/04/01 19:38:46 | 000,189,935 | ---- | M] () -- C:\Users\Eoin\Desktop\Wow 2013-04-01 19-38-46-16.jpg
[2013/04/01 19:38:44 | 000,196,830 | ---- | M] () -- C:\Users\Eoin\Desktop\Wow 2013-04-01 19-38-44-63.jpg
[2013/04/01 19:38:37 | 000,204,275 | ---- | M] () -- C:\Users\Eoin\Desktop\Wow 2013-04-01 19-38-37-33.jpg
[2013/04/01 19:38:35 | 000,180,291 | ---- | M] () -- C:\Users\Eoin\Desktop\Wow 2013-04-01 19-38-35-78.jpg
[2013/04/01 19:38:34 | 000,196,766 | ---- | M] () -- C:\Users\Eoin\Desktop\Wow 2013-04-01 19-38-34-01.jpg
[2013/04/01 19:38:30 | 000,197,772 | ---- | M] () -- C:\Users\Eoin\Desktop\Wow 2013-04-01 19-38-30-21.jpg
[2013/04/01 19:38:22 | 000,198,162 | ---- | M] () -- C:\Users\Eoin\Desktop\Wow 2013-04-01 19-38-22-83.jpg
[2013/04/01 19:38:20 | 000,198,160 | ---- | M] () -- C:\Users\Eoin\Desktop\Wow 2013-04-01 19-38-20-60.jpg
[2013/04/01 19:37:24 | 000,191,613 | ---- | M] () -- C:\Users\Eoin\Desktop\Wow 2013-04-01 19-37-24-25.jpg
[2013/04/01 19:37:23 | 000,191,167 | ---- | M] () -- C:\Users\Eoin\Desktop\Wow 2013-04-01 19-37-23-27.jpg
[2013/04/01 19:37:11 | 000,193,427 | ---- | M] () -- C:\Users\Eoin\Desktop\Wow 2013-04-01 19-37-11-82.jpg
[2013/04/01 19:37:10 | 000,202,892 | ---- | M] () -- C:\Users\Eoin\Desktop\Wow 2013-04-01 19-37-10-25.jpg
[2013/04/01 19:37:07 | 000,192,797 | ---- | M] () -- C:\Users\Eoin\Desktop\Wow 2013-04-01 19-37-07-22.jpg
[2013/04/01 19:37:03 | 000,187,794 | ---- | M] () -- C:\Users\Eoin\Desktop\Wow 2013-04-01 19-37-03-30.jpg
[2013/04/01 19:36:56 | 000,190,948 | ---- | M] () -- C:\Users\Eoin\Desktop\Wow 2013-04-01 19-36-56-08.jpg
[2013/04/01 18:41:56 | 000,000,220 | ---- | M] () -- C:\Users\Eoin\Desktop\Supreme Commander.url
[2013/04/01 18:41:56 | 000,000,220 | ---- | M] () -- C:\Users\Eoin\Desktop\Supreme Commander Forged Alliance.url
[2013/04/01 00:03:25 | 000,890,798 | ---- | M] () -- C:\Users\Eoin\Desktop\SecurityCheck(1).exe
[2013/04/01 00:02:21 | 000,890,798 | ---- | M] () -- C:\Users\Eoin\Desktop\SecurityCheck.exe
[2013/03/31 16:53:19 | 000,305,023 | ---- | M] () -- C:\Users\Eoin\Desktop\Untitled.png
[2013/03/31 16:33:45 | 005,045,447 | R--- | M] (Swearware) -- C:\Users\Eoin\Desktop\ComboFix.exe
[2013/03/30 23:51:53 | 000,000,512 | ---- | M] () -- C:\Users\Eoin\Desktop\MBR.dat
[2013/03/30 23:45:24 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Eoin\Desktop\aswMBR.exe
[2013/03/30 23:23:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Eoin\Desktop\OTL.exe
[2013/03/30 21:49:04 | 000,000,020 | ---- | M] () -- C:\Users\Eoin\defogger_reenable
[2013/03/30 21:48:52 | 000,050,477 | ---- | M] () -- C:\Users\Eoin\Desktop\Defogger.exe
[2013/03/30 21:41:51 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Eoin\Desktop\esetsmartinstaller_enu.exe
[2013/03/30 21:40:30 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Eoin\Desktop\tdsskiller.exe
[2013/03/30 16:09:11 | 002,678,534 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2013/03/30 16:08:49 | 000,690,312 | ---- | M] (CNET Download.com) -- C:\Users\Eoin\Desktop\cbsidlm-cbsi5_3_0_96-True_Sword-ORG-86771.exe
[2013/03/30 16:07:52 | 000,002,082 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2013/03/30 01:42:56 | 000,001,325 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools Registry Mechanic.lnk
[2013/03/28 18:37:08 | 000,377,856 | ---- | M] () -- C:\Users\Eoin\Desktop\50htno7k.exe
[2013/03/28 18:34:56 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Eoin\Desktop\dds.scr
[2013/03/28 18:34:30 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Eoin\Desktop\HijackThis.exe
[2013/03/28 17:40:25 | 000,167,034 | ---- | M] () -- C:\Users\Eoin\Desktop\fileassassin-setup-1.06.exe
[2013/03/28 14:26:43 | 000,037,008 | ---- | M] () -- C:\Users\Eoin\Desktop\269293_588119034550325_782712210_n.jpg
[2013/03/25 22:55:11 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/03/21 04:57:15 | 005,035,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/03/21 04:23:20 | 001,308,226 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/03/17 22:10:09 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013/03/17 22:10:09 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/03/17 22:02:18 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/03/17 22:02:13 | 000,001,201 | ---- | M] () -- C:\Users\Eoin\Desktop\Uplay.lnk
[2013/03/17 03:57:01 | 1277,854,907 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/03/17 03:54:01 | 001,065,984 | ---- | M] () -- C:\Users\Eoin\AppData\Local\file__0.localstorage
[2013/03/14 20:16:55 | 000,001,798 | ---- | M] () -- C:\Users\Eoin\Desktop\Spotify.lnk
[2013/03/11 01:35:55 | 000,000,022 | ---- | M] () -- C:\Windows\GPU-Z.INI
[2013/03/11 00:41:52 | 000,001,809 | ---- | M] () -- C:\Users\Public\Desktop\3DMark 11.lnk
 
========== Files Created - No Company Name ==========
 
[2013/04/02 19:30:18 | 000,001,150 | ---- | C] () -- C:\Users\Eoin\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2013/04/02 19:30:17 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013/04/02 00:05:59 | 000,139,264 | ---- | C] () -- C:\Users\Eoin\Desktop\SystemLook.exe
[2013/04/01 19:38:48 | 000,196,851 | ---- | C] () -- C:\Users\Eoin\Desktop\Wow 2013-04-01 19-38-48-87.jpg
[2013/04/01 19:38:48 | 000,189,471 | ---- | C] () -- C:\Users\Eoin\Desktop\Wow 2013-04-01 19-38-48-39.jpg
[2013/04/01 19:38:46 | 000,189,935 | ---- | C] () -- C:\Users\Eoin\Desktop\Wow 2013-04-01 19-38-46-16.jpg
[2013/04/01 19:38:44 | 000,196,830 | ---- | C] () -- C:\Users\Eoin\Desktop\Wow 2013-04-01 19-38-44-63.jpg
[2013/04/01 19:38:37 | 000,204,275 | ---- | C] () -- C:\Users\Eoin\Desktop\Wow 2013-04-01 19-38-37-33.jpg
[2013/04/01 19:38:35 | 000,180,291 | ---- | C] () -- C:\Users\Eoin\Desktop\Wow 2013-04-01 19-38-35-78.jpg
[2013/04/01 19:38:34 | 000,196,766 | ---- | C] () -- C:\Users\Eoin\Desktop\Wow 2013-04-01 19-38-34-01.jpg
[2013/04/01 19:38:30 | 000,197,772 | ---- | C] () -- C:\Users\Eoin\Desktop\Wow 2013-04-01 19-38-30-21.jpg
[2013/04/01 19:38:22 | 000,198,162 | ---- | C] () -- C:\Users\Eoin\Desktop\Wow 2013-04-01 19-38-22-83.jpg
[2013/04/01 19:38:20 | 000,198,160 | ---- | C] () -- C:\Users\Eoin\Desktop\Wow 2013-04-01 19-38-20-60.jpg
[2013/04/01 19:37:24 | 000,191,613 | ---- | C] () -- C:\Users\Eoin\Desktop\Wow 2013-04-01 19-37-24-25.jpg
[2013/04/01 19:37:23 | 000,191,167 | ---- | C] () -- C:\Users\Eoin\Desktop\Wow 2013-04-01 19-37-23-27.jpg
[2013/04/01 19:37:11 | 000,193,427 | ---- | C] () -- C:\Users\Eoin\Desktop\Wow 2013-04-01 19-37-11-82.jpg
[2013/04/01 19:37:10 | 000,202,892 | ---- | C] () -- C:\Users\Eoin\Desktop\Wow 2013-04-01 19-37-10-25.jpg
[2013/04/01 19:37:07 | 000,192,797 | ---- | C] () -- C:\Users\Eoin\Desktop\Wow 2013-04-01 19-37-07-22.jpg
[2013/04/01 19:37:03 | 000,187,794 | ---- | C] () -- C:\Users\Eoin\Desktop\Wow 2013-04-01 19-37-03-30.jpg
[2013/04/01 19:36:56 | 000,190,948 | ---- | C] () -- C:\Users\Eoin\Desktop\Wow 2013-04-01 19-36-56-08.jpg
[2013/04/01 18:41:56 | 000,000,220 | ---- | C] () -- C:\Users\Eoin\Desktop\Supreme Commander Forged Alliance.url
[2013/04/01 18:41:53 | 000,000,220 | ---- | C] () -- C:\Users\Eoin\Desktop\Supreme Commander.url
[2013/04/01 00:03:19 | 000,890,798 | ---- | C] () -- C:\Users\Eoin\Desktop\SecurityCheck(1).exe
[2013/04/01 00:02:20 | 000,890,798 | ---- | C] () -- C:\Users\Eoin\Desktop\SecurityCheck.exe
[2013/03/31 16:53:19 | 000,305,023 | ---- | C] () -- C:\Users\Eoin\Desktop\Untitled.png
[2013/03/31 16:34:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/03/31 16:34:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/03/31 16:34:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/03/31 16:34:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/03/31 16:34:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/03/30 23:51:53 | 000,000,512 | ---- | C] () -- C:\Users\Eoin\Desktop\MBR.dat
[2013/03/30 21:49:03 | 000,000,020 | ---- | C] () -- C:\Users\Eoin\defogger_reenable
[2013/03/30 21:48:52 | 000,050,477 | ---- | C] () -- C:\Users\Eoin\Desktop\Defogger.exe
[2013/03/30 16:19:06 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2013/03/30 16:19:06 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2013/03/30 16:19:06 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2013/03/30 16:19:05 | 000,002,125 | ---- | C] () -- C:\Windows\UDB.zip
[2013/03/30 16:19:05 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2013/03/30 16:07:58 | 002,678,534 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2013/03/30 16:07:52 | 000,002,082 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2013/03/30 01:45:51 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\RMSchedule.job
[2013/03/30 01:45:51 | 000,000,300 | ---- | C] () -- C:\Windows\tasks\RMAutoUpdate.job
[2013/03/30 01:42:56 | 000,041,632 | ---- | C] () -- C:\Windows\SysNative\CleanMFT64.exe
[2013/03/30 01:42:56 | 000,001,325 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools Registry Mechanic.lnk
[2013/03/28 18:37:07 | 000,377,856 | ---- | C] () -- C:\Users\Eoin\Desktop\50htno7k.exe
[2013/03/28 17:40:25 | 000,167,034 | ---- | C] () -- C:\Users\Eoin\Desktop\fileassassin-setup-1.06.exe
[2013/03/28 14:26:42 | 000,037,008 | ---- | C] () -- C:\Users\Eoin\Desktop\269293_588119034550325_782712210_n.jpg
[2013/03/25 22:55:11 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/03/17 22:10:25 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/03/17 22:10:09 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013/03/17 22:02:18 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/03/17 22:02:10 | 000,001,201 | ---- | C] () -- C:\Users\Eoin\Desktop\Uplay.lnk
[2013/03/16 22:57:22 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/14 20:16:55 | 000,001,784 | ---- | C] () -- C:\Users\Eoin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2013/03/14 20:16:54 | 000,001,798 | ---- | C] () -- C:\Users\Eoin\Desktop\Spotify.lnk
[2013/03/11 01:35:55 | 000,000,022 | ---- | C] () -- C:\Windows\GPU-Z.INI
[2013/03/11 00:41:52 | 000,001,809 | ---- | C] () -- C:\Users\Public\Desktop\3DMark 11.lnk
[2013/02/27 23:41:44 | 001,065,984 | ---- | C] () -- C:\Users\Eoin\AppData\Local\file__0.localstorage
[2013/02/20 19:41:01 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/02/20 19:41:01 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/02/20 19:41:01 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/05/02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2012/01/17 19:03:06 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012/01/17 19:03:06 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2012/01/17 19:03:06 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2012/01/17 19:03:06 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012/01/17 19:03:06 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012/01/17 19:03:06 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012/01/17 19:03:06 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012/01/17 19:03:06 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012/01/17 19:03:06 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012/01/17 19:03:06 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2012/01/17 19:03:06 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012/01/17 19:03:06 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012/01/17 19:03:06 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012/01/17 19:03:06 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012/01/17 19:03:06 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012/01/17 19:03:06 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2012/01/17 19:03:06 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2012/01/17 19:03:06 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012/01/17 19:03:06 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2012/01/17 12:24:10 | 000,055,296 | ---- | C] () -- C:\Windows\SysWow64\ASGT.exe
[2012/01/07 15:22:00 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll
[2012/01/07 15:21:50 | 006,366,094 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-53.dll
[2012/01/07 15:21:50 | 001,007,151 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-53.dll
[2012/01/07 15:21:50 | 000,354,979 | ---- | C] () -- C:\Windows\SysWow64\swscale-lav-2.dll
[2012/01/07 15:21:50 | 000,203,306 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-51.dll
[2012/01/07 15:21:50 | 000,138,727 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-2.dll
[2011/12/19 07:29:40 | 000,644,608 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/12/19 07:27:16 | 000,236,544 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/10/25 16:44:45 | 000,187,932 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/08/08 18:02:01 | 000,000,533 | ---- | C] () -- C:\Windows\eReg.dat
[2011/05/25 15:11:06 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll
[2011/04/20 15:52:40 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2011/04/06 20:24:35 | 000,000,233 | ---- | C] () -- C:\Windows\ACTIVEJP.INI
[2011/03/19 16:10:40 | 000,000,092 | ---- | C] () -- C:\Users\Eoin\AppData\Local\fusioncache.dat
[2011/03/11 13:54:39 | 000,007,606 | ---- | C] () -- C:\Users\Eoin\AppData\Local\resmon.resmoncfg
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/01/05 23:50:53 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\.minecraft
[2013/01/31 01:17:20 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\Apowersoft
[2013/04/01 14:11:57 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\Azureus
[2012/07/25 22:24:23 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\Beat Hazard
[2012/03/29 18:05:44 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\BigHugeEngine
[2011/11/07 00:31:03 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\Bioshock
[2011/11/07 16:56:38 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\Bioshock2
[2013/01/23 17:50:27 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\CDisplayEx
[2011/04/24 16:23:54 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/05/09 19:17:54 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2012/03/22 19:16:07 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\DAEMON Tools Lite
[2012/03/21 14:36:46 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\Day 1 Studios
[2012/11/17 02:15:30 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\Evaer
[2012/08/26 22:23:28 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\Firefly Studios
[2012/07/13 01:19:19 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\fltk.org
[2011/07/17 21:37:47 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\GrabPro
[2011/03/31 16:51:45 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\iPodtoComputer
[2011/11/30 18:04:46 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\IrfanView
[2013/02/12 15:07:24 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\Kalypso Media
[2012/12/12 18:36:13 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\Leadertech
[2012/01/29 22:39:24 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\LolClient
[2012/06/18 23:20:57 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\LolClient2
[2012/03/26 00:28:49 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\ManyCam
[2011/11/23 16:57:20 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\MotioninJoy
[2012/08/26 13:25:04 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\Opera
[2011/07/17 21:49:44 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\Orbit
[2011/10/26 19:44:04 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\Origin
[2013/01/22 01:00:36 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\PDAppFlex
[2011/09/26 17:05:32 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\Petroglyph
[2013/02/19 00:21:45 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\Polynomial
[2013/03/30 01:40:10 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\Product_RM
[2011/07/17 21:37:47 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\ProgSense
[2011/04/18 16:30:38 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\PunkBuster
[2012/03/15 14:37:28 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\Razer
[2013/03/30 02:33:17 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\Registry Mechanic
[2012/11/07 20:07:36 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\RenPy
[2012/03/30 00:58:49 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\Scoregasm
[2012/08/07 10:20:08 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\six-zsync
[2012/06/19 17:51:24 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\Sports Interactive
[2013/04/02 19:12:35 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\Spotify
[2011/12/30 23:16:41 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\System
[2011/10/24 13:28:37 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\SystemRequirementsLab
[2013/02/06 18:15:56 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\TFP
[2011/11/24 19:03:08 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\The Creative Assembly
[2012/04/18 20:29:02 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\The Longest Journey
[2012/03/22 01:51:16 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\The Longest Journey Demo
[2011/07/07 14:34:19 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\Tific
[2012/03/31 12:30:51 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\Trine2
[2013/02/26 19:28:31 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\Tropico 4
[2012/09/16 17:41:36 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\Ubisoft
[2012/04/02 18:10:26 | 000,000,000 | ---D | M] -- C:\Users\Eoin\AppData\Roaming\wargaming.net
[2011/12/30 23:23:43 | 000,000,000 | -HSD | M] -- C:\Users\Eoin\AppData\Roaming\wyUpdate AU
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/12/05 02:06:30 | 000,890,040 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/12/05 02:06:30 | 000,890,040 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/12/05 02:06:30 | 000,890,040 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/12/05 02:06:30 | 000,916,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/12/05 02:06:30 | 000,916,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/12/05 02:06:30 | 000,916,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2013/03/21 23:50:35 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2013/03/21 23:50:35 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/03/21 23:50:35 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2013/03/21 23:50:35 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/06/22 12:44:44 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/06/22 12:44:44 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/06/22 12:44:44 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2013/02/02 05:19:04 | 000,757,296 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2013/02/02 05:19:04 | 000,757,296 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Opera\Opera.exe" /ShowIconsCommand [2012/09/19 20:13:06 | 000,874,896 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Opera\Opera.exe" /HideIconsCommand [2012/09/19 20:13:06 | 000,874,896 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Opera\Opera.exe" /ReInstallBrowser [2012/09/19 20:13:06 | 000,874,896 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files (x86)\Opera\Opera.exe" [2012/09/19 20:13:06 | 000,874,896 | ---- | M] (Opera Software)
 
< %systemroot%\*. /rp /s >
 
< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >
[2013/03/16 22:25:52 | 000,270,195 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists
[2013/03/30 19:46:40 | 000,000,004 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
[2012/03/12 14:06:56 | 000,441,089 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\en-US-2-1.bdic
[2013/03/09 22:14:18 | 000,440,949 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\en-US-2-4.bdic
[2011/12/28 17:14:26 | 000,000,000 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\First Run
[2013/03/30 19:46:40 | 000,025,596 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Local State
[2013/03/16 23:21:04 | 010,664,172 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom
[2013/03/16 23:21:04 | 001,514,266 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom Prefix Set
[2013/03/30 19:46:22 | 000,006,144 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies
[2013/03/30 19:46:22 | 000,004,640 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies-journal
[2013/03/16 23:21:04 | 000,134,512 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Safe Browsing Csd Whitelist
[2013/03/16 23:21:01 | 001,739,588 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Safe Browsing Download
[2013/03/16 23:21:04 | 000,019,192 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Safe Browsing Download Whitelist
[2012/11/07 22:59:06 | 000,000,055 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Service State
[1 C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\*.tmp files -> C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\*.tmp -> ]
[2013/03/30 19:43:33 | 000,000,512 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Archived History-journal
[2012/11/15 00:31:24 | 000,001,249 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Bookmarks
[2012/11/15 00:31:24 | 000,001,249 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Bookmarks.bak
[2013/03/30 19:46:10 | 000,153,600 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Cookies
[2013/03/30 19:46:10 | 000,016,384 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
[2012/01/30 19:53:19 | 000,007,168 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
[2013/03/30 19:45:50 | 000,083,968 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Favicons
[2013/03/30 19:45:50 | 000,016,384 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal
[2012/07/04 23:03:19 | 000,150,798 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico
[2013/02/02 21:14:03 | 000,208,896 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\History Index 2013-01
[2013/03/28 01:23:11 | 000,061,440 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\History Index 2013-02
[2013/03/30 19:45:50 | 000,454,656 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\History Index 2013-03
[2013/03/30 19:45:50 | 000,016,384 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\History Index 2013-03-journal
[2013/03/30 19:46:40 | 000,016,384 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\History-journal
[2012/01/30 19:53:27 | 000,012,288 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Login Data
[2013/03/30 19:43:42 | 000,000,008 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Managed Mode Settings
[2013/03/28 01:22:43 | 000,056,320 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor
[2013/03/28 01:22:43 | 000,016,384 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor-journal
[2013/03/12 21:39:41 | 000,012,288 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Origin Bound Certs
[2013/03/12 21:39:41 | 000,003,608 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Origin Bound Certs-journal
[2013/03/30 19:46:40 | 000,091,406 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Preferences
[2012/02/11 15:56:22 | 000,013,312 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\QuotaManager
[2012/07/04 23:04:17 | 000,000,180 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\README
[2013/03/30 19:43:33 | 000,000,512 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Shortcuts-journal
[2013/03/30 19:43:49 | 000,274,432 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Top Sites
[2013/03/30 19:43:49 | 000,016,384 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Top Sites-journal
[2013/03/30 19:44:51 | 000,000,279 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
[2013/03/30 19:43:34 | 000,002,568 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
[1 C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\*.tmp files -> C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\*.tmp -> ]
[2012/02/11 15:56:14 | 000,007,168 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db
[2012/11/07 14:08:48 | 000,000,387 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000005.sst
[2012/12/02 00:43:50 | 000,000,196 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000071.sst
[2013/01/04 03:11:20 | 000,000,207 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000090.sst
[2013/03/30 19:43:37 | 000,000,000 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000124.log
[2013/03/30 19:43:37 | 000,000,016 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extension State\CURRENT
[2012/11/07 00:51:26 | 000,000,000 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK
[2013/03/30 19:43:44 | 000,000,148 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
[2013/03/28 01:22:46 | 000,000,148 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old
[2013/03/30 19:43:37 | 000,000,611 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000123
[2012/11/07 00:51:30 | 000,003,524 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\128.png
[2012/11/07 00:51:30 | 000,000,745 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\manifest.json
[2012/11/07 00:51:30 | 000,000,401 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\_locales\ar\messages.json
[2012/11/07 00:51:30 | 000,000,427 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\_locales\bg\messages.json
[2012/11/07 00:51:30 | 000,000,250 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\_locales\ca\messages.json
[2012/11/07 00:51:30 | 000,000,255 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\_locales\cs\messages.json
[2012/11/07 00:51:30 | 000,000,242 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\_locales\da\messages.json
[2012/11/07 00:51:30 | 000,000,226 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\_locales\de\messages.json
[2012/11/07 00:51:30 | 000,000,475 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\_locales\el\messages.json
[2012/11/07 00:51:30 | 000,000,227 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\_locales\en\messages.json
[2012/11/07 00:51:30 | 000,000,240 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\_locales\es\messages.json
[2012/11/07 00:51:30 | 000,000,222 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\_locales\fi\messages.json
[2012/11/07 00:51:30 | 000,000,236 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\_locales\fil\messages.json
[2012/11/07 00:51:30 | 000,000,249 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\_locales\fr\messages.json
[2012/11/07 00:51:30 | 000,000,419 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\_locales\he\messages.json
[2012/11/07 00:51:30 | 000,000,408 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\_locales\hi\messages.json
[2012/11/07 00:51:30 | 000,000,220 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\_locales\hr\messages.json
[2012/11/07 00:51:30 | 000,000,253 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\_locales\hu\messages.json
[2012/11/07 00:51:30 | 000,000,231 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\_locales\id\messages.json
[2012/11/07 00:51:30 | 000,000,224 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\_locales\it\messages.json
[2012/11/07 00:51:30 | 000,000,349 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\_locales\ja\messages.json
[2012/11/07 00:51:30 | 000,000,323 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\_locales\ko\messages.json
[2012/11/07 00:51:30 | 000,000,266 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\_locales\lt\messages.json
[2012/11/07 00:51:30 | 000,000,245 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\_locales\lv\messages.json
[2012/11/07 00:51:30 | 000,000,225 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\_locales\nl\messages.json
[2012/11/07 00:51:29 | 000,000,216 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\_locales\no\messages.json
[2012/11/07 00:51:30 | 000,000,274 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\_locales\pl\messages.json
[2012/11/07 00:51:30 | 000,000,237 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\_locales\pt_BR\messages.json
[2012/11/07 00:51:30 | 000,000,236 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\_locales\pt_PT\messages.json
[2012/11/07 00:51:30 | 000,000,248 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\_locales\ro\messages.json
[2012/11/07 00:51:30 | 000,000,394 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\_locales\ru\messages.json
[2012/11/07 00:51:30 | 000,000,241 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\_locales\sk\messages.json
[2012/11/07 00:51:30 | 000,000,245 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\_locales\sl\messages.json
[2012/11/07 00:51:30 | 000,000,437 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\_locales\sr\messages.json
[2012/11/07 00:51:30 | 000,000,238 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\_locales\sv\messages.json
[2012/11/07 00:51:30 | 000,000,365 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\_locales\th\messages.json
[2012/11/07 00:51:30 | 000,000,255 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\_locales\tr\messages.json
[2012/11/07 00:51:30 | 000,000,442 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\_locales\uk\messages.json
[2012/11/07 00:51:30 | 000,000,310 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\_locales\vi\messages.json
[2012/11/07 00:51:30 | 000,000,257 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\_locales\zh_CN\messages.json
[2012/11/07 00:51:30 | 000,000,269 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\_locales\zh_TW\messages.json
[2012/11/07 00:51:30 | 000,005,369 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\128.png
[2012/11/07 00:51:30 | 000,000,496 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\16.png
[2012/11/07 00:51:30 | 000,001,143 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\32.png
[2012/11/07 00:51:30 | 000,001,858 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\48.png
[2012/11/07 00:51:30 | 000,000,790 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\manifest.json
[2012/11/07 00:51:30 | 000,000,423 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\_locales\ar\messages.json
[2012/11/07 00:51:30 | 000,000,515 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\_locales\bg\messages.json
[2012/11/07 00:51:30 | 000,000,330 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\_locales\ca\messages.json
[2012/11/07 00:51:30 | 000,000,355 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\_locales\cs\messages.json
[2012/11/07 00:51:30 | 000,000,328 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\_locales\da\messages.json
[2012/11/07 00:51:30 | 000,000,307 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\_locales\de\messages.json
[2012/11/07 00:51:30 | 000,000,569 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\_locales\el\messages.json
[2012/11/07 00:51:30 | 000,000,314 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\_locales\en\messages.json
[2012/11/07 00:51:30 | 000,000,314 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\_locales\en_GB\messages.json
[2012/11/07 00:51:30 | 000,000,314 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\_locales\en_US\messages.json
[2012/11/07 00:51:30 | 000,000,340 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\_locales\es\messages.json
[2012/11/07 00:51:30 | 000,000,341 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\_locales\es_419\messages.json
[2012/11/07 00:51:30 | 000,000,314 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\_locales\et\messages.json
[2012/11/07 00:51:30 | 000,000,305 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\_locales\fi\messages.json
[2012/11/07 00:51:30 | 000,000,337 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\_locales\fil\messages.json
[2012/11/07 00:51:30 | 000,000,329 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\_locales\fr\messages.json
[2012/11/07 00:51:30 | 000,000,471 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\_locales\he\messages.json
[2012/11/07 00:51:30 | 000,000,326 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\_locales\hi\messages.json
[2012/11/07 00:51:30 | 000,000,340 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\_locales\hr\messages.json
[2012/11/07 00:51:30 | 000,000,336 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\_locales\hu\messages.json
[2012/11/07 00:51:30 | 000,000,319 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\_locales\id\messages.json
[2012/11/07 00:51:30 | 000,000,324 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\_locales\it\messages.json
[2012/11/07 00:51:30 | 000,000,388 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\_locales\ja\messages.json
[2012/11/07 00:51:30 | 000,000,380 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\_locales\ko\messages.json
[2012/11/07 00:51:30 | 000,000,359 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\_locales\lt\messages.json
[2012/11/07 00:51:30 | 000,000,360 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\_locales\lv\messages.json
[2012/11/07 00:51:30 | 000,000,323 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\_locales\nl\messages.json
[2012/11/07 00:51:29 | 000,000,300 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\_locales\no\messages.json
[2012/11/07 00:51:30 | 000,000,336 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\_locales\pl\messages.json
[2012/11/07 00:51:30 | 000,000,332 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\_locales\pt_BR\messages.json
[2012/11/07 00:51:30 | 000,000,331 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\_locales\pt_PT\messages.json
[2012/11/07 00:51:30 | 000,000,332 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\_locales\ro\messages.json
[2012/11/07 00:51:30 | 000,000,471 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\_locales\ru\messages.json
[2012/11/07 00:51:30 | 000,000,338 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\_locales\sk\messages.json
[2012/11/07 00:51:30 | 000,000,329 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\_locales\sl\messages.json
[2012/11/07 00:51:30 | 000,000,483 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\_locales\sr\messages.json
[2012/11/07 00:51:30 | 000,000,333 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\_locales\sv\messages.json
[2012/11/07 00:51:30 | 000,000,472 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\_locales\th\messages.json
[2012/11/07 00:51:30 | 000,000,330 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\_locales\tr\messages.json
[2012/11/07 00:51:30 | 000,000,501 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\_locales\uk\messages.json
[2012/11/07 00:51:30 | 000,000,363 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\_locales\vi\messages.json
[2012/11/07 00:51:30 | 000,000,346 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\_locales\zh_CN\messages.json
[2012/11/07 00:51:30 | 000,000,346 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\_locales\zh_TW\messages.json
[2012/12/31 01:46:12 | 000,000,241 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\background.html
[2012/12/31 01:46:12 | 000,003,903 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\background.js
[2012/12/31 01:46:12 | 000,001,335 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\background_body.js
[2012/12/31 01:46:12 | 000,001,271 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\call_icon.png
[2012/12/31 01:46:12 | 000,007,484 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\change_sink.js
[2012/12/31 01:46:12 | 000,012,978 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\contentscript.js
[2012/12/31 01:46:12 | 000,014,080 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\document_iterator.js
[2012/12/31 01:46:12 | 000,005,122 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\dropdown_menu_icon_set.png
[2012/12/31 01:46:12 | 000,011,304 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\find_proxy.js
[2012/12/31 01:46:12 | 000,033,313 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\flags.gif
[2012/12/31 01:46:12 | 000,005,123 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\get_html_text.js
[2012/12/31 01:46:12 | 000,003,130 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\global_constants.js
[2012/12/31 01:46:12 | 000,001,429 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\manifest.json
[2012/12/31 01:46:12 | 000,008,890 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\menu_injection_builder.js
[2012/12/31 01:46:12 | 000,017,364 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\menu_injection_handler.js
[2012/12/31 01:46:12 | 000,106,256 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\MSIExecWatcher.exe
[2012/12/31 01:46:12 | 000,002,033 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\name_injection_builder.js
[2012/12/31 01:46:12 | 004,738,832 | ---- | M] (Skype Technologies S.A.) -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\npSkypeChromePlugin.dll
[2012/12/31 01:46:12 | 000,000,705 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\numbers_button_skype_logo.png
[2012/12/31 01:46:12 | 000,001,024 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\numbers_common_active_icon_set.gif
[2012/12/31 01:46:12 | 000,000,977 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\numbers_common_inactive_icon_set.gif
[2012/12/31 01:46:12 | 000,001,134 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\numbers_free_icon_set.gif
[2012/12/31 01:46:12 | 000,009,162 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\number_injection_builder.js
[2012/12/31 01:46:12 | 000,000,680 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\skype.png
[2012/12/31 01:46:12 | 000,001,876 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\skype_name_icon_set.gif
[2012/12/31 01:46:12 | 000,000,134 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\space.gif
[2012/12/31 01:46:12 | 000,010,070 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\string_finder.js
[2011/12/28 17:14:27 | 000,007,917 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\DivXHTML5.128.png
[2011/12/28 17:14:28 | 000,002,289 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\DivXHTML5.48.png
[2011/12/28 17:14:27 | 000,000,629 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\manifest.json
[2011/12/28 17:14:27 | 000,009,543 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\script.js
[2011/12/28 17:14:27 | 000,000,000 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\style.css
[2011/12/28 17:14:28 | 000,000,318 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\_locales\de\messages.json
[2011/12/28 17:14:28 | 000,000,297 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\_locales\en\messages.json
[2011/12/28 17:14:28 | 000,000,319 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\_locales\es\messages.json
[2011/12/28 17:14:28 | 000,000,309 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\_locales\fr\messages.json
[2011/12/28 17:14:28 | 000,000,358 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\_locales\ja\messages.json
[2011/12/28 17:14:28 | 000,000,309 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\_locales\pt_BR\messages.json
[2011/12/28 17:14:28 | 000,000,311 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\_locales\zh_CN\messages.json
[2011/12/28 17:14:28 | 000,000,311 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\_locales\zh_TW\messages.json
[2011/12/28 17:14:27 | 000,000,119 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\images\dummy.png
[2012/11/07 00:51:29 | 000,005,920 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\128.png
[2012/11/07 00:51:29 | 000,000,755 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\manifest.json
[2012/11/07 00:51:29 | 000,000,556 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\ar\messages.json
[2012/11/07 00:51:29 | 000,000,492 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\bg\messages.json
[2012/11/07 00:51:29 | 000,000,262 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\ca\messages.json
[2012/11/07 00:51:29 | 000,000,289 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\cs\messages.json
[2012/11/07 00:51:29 | 000,000,240 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\da\messages.json
[2012/11/07 00:51:29 | 000,000,239 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\de\messages.json
[2012/11/07 00:51:29 | 000,000,624 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\el\messages.json
[2012/11/07 00:51:29 | 000,000,215 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\en\messages.json
[2012/11/07 00:51:29 | 000,000,281 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\es\messages.json
[2012/11/07 00:51:29 | 000,000,284 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\fi\messages.json
[2012/11/07 00:51:29 | 000,000,234 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\fil\messages.json
[2012/11/07 00:51:29 | 000,000,272 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\fr\messages.json
[2012/11/07 00:51:29 | 000,000,391 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\hi\messages.json
[2012/11/07 00:51:29 | 000,000,246 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\hr\messages.json
[2012/11/07 00:51:29 | 000,000,234 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\hu\messages.json
[2012/11/07 00:51:29 | 000,000,242 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\id\messages.json
[2012/11/07 00:51:29 | 000,000,260 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\it\messages.json
[2012/11/07 00:51:29 | 000,000,364 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\ja\messages.json
[2012/11/07 00:51:29 | 000,000,328 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\ko\messages.json
[2012/11/07 00:51:29 | 000,000,269 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\lt\messages.json
[2012/11/07 00:51:29 | 000,000,262 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\lv\messages.json
[2012/11/07 00:51:29 | 000,000,232 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\nl\messages.json
[2012/11/07 00:51:29 | 000,000,210 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\no\messages.json
[2012/11/07 00:51:29 | 000,000,292 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\pl\messages.json
[2012/11/07 00:51:29 | 000,000,230 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\pt_BR\messages.json
[2012/11/07 00:51:29 | 000,000,231 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\pt_PT\messages.json
[2012/11/07 00:51:29 | 000,000,281 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\ro\messages.json
[2012/11/07 00:51:29 | 000,000,482 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\ru\messages.json
[2012/11/07 00:51:29 | 000,000,210 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\se\messages.json
[2012/11/07 00:51:29 | 000,000,238 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\sk\messages.json
[2012/11/07 00:51:29 | 000,000,249 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\sl\messages.json
[2012/11/07 00:51:29 | 000,000,511 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\sr\messages.json
[2012/11/07 00:51:29 | 000,000,471 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\th\messages.json
[2012/11/07 00:51:29 | 000,000,250 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\tr\messages.json
[2012/11/07 00:51:29 | 000,000,536 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\uk\messages.json
[2012/11/07 00:51:29 | 000,000,257 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\vi\messages.json
[2012/11/07 00:51:29 | 000,000,339 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\zh_CN\messages.json
[2012/11/07 00:51:29 | 000,000,321 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\zh_TW\messages.json
[3 C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\*.tmp files -> C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\*.tmp -> ]
[3 C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\*.tmp files -> C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\*.tmp -> ]
[2012/12/31 01:46:14 | 000,003,072 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lifbcibllhkdhoafpjfnlhfpfgnpldfl_0.localstorage
[2012/12/31 01:46:14 | 000,003,608 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lifbcibllhkdhoafpjfnlhfpfgnpldfl_0.localstorage-journal
[2012/08/26 13:19:47 | 000,003,072 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.meebo.com_0.localstorage
[2012/08/26 13:19:47 | 000,003,608 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.meebo.com_0.localstorage-journal
[2012/03/12 13:59:45 | 000,003,072 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pubads.g.doubleclick.net_0.localstorage
[2012/08/26 13:19:57 | 000,003,072 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.majorleaguegaming.com_0.localstorage
[2012/08/26 13:19:57 | 000,003,608 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.majorleaguegaming.com_0.localstorage-journal
[2012/08/26 13:19:57 | 000,709,632 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.meebo.com_0.localstorage
[2012/08/26 13:19:57 | 000,016,384 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.meebo.com_0.localstorage-journal
[2013/03/16 23:23:18 | 000,003,072 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.rte.ie_0.localstorage
[2013/03/16 23:23:18 | 000,003,608 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.rte.ie_0.localstorage-journal
[2013/03/12 21:38:46 | 000,003,072 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.youtube.com_0.localstorage
[2013/03/12 21:38:46 | 000,003,608 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.youtube.com_0.localstorage-journal
[2013/03/16 22:50:58 | 000,005,009 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\0\CertStore.dat
[2013/03/16 22:50:58 | 000,005,009 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\0\CertStore.dat.lkg
[2013/03/16 22:56:01 | 000,001,984 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\0\Flash_Player\gss.dat
[2013/03/16 22:56:02 | 000,001,984 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\0\Flash_Player\gss.lkg
[2013/03/16 22:50:57 | 000,002,640 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\0\Flash_Player\msk.dat
[2013/03/16 22:56:00 | 000,002,640 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\0\Flash_Player\msk.lkg
[2013/03/16 22:50:57 | 000,000,160 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\0\Flash_Player\psk.dat
[2013/03/16 22:56:00 | 000,000,160 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\0\Flash_Player\psk.lkg
[2013/03/16 22:56:14 | 000,001,048 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\0\Flash_Player\0GV0BAnNwj6srOBys36sxNfwiKo=\sss.dat
[2013/03/16 22:56:14 | 000,001,048 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\0\Flash_Player\0GV0BAnNwj6srOBys36sxNfwiKo=\sss.lkg
[2012/08/26 12:59:39 | 000,000,105 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BBLU69UJ\core.mochibot.com\com.mochibot.sol
[2012/12/05 18:20:25 | 000,000,051 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BBLU69UJ\flash.quantserve.com\com.quantserve.sol
[2012/08/26 12:59:44 | 000,000,049 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BBLU69UJ\l#\iveplayer.majorleaguegaming.com\static\auditude.swf\org.flowplayer.sol
[2012/08/26 13:19:52 | 000,000,060 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BBLU69UJ\l#\iveplayer.majorleaguegaming.com\static\player.swf\org.flowplayer.sol
[2013/03/09 21:49:09 | 000,000,194 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BBLU69UJ\macromedia.com\##1CE17D51D3441F96\00000001.sol
[2013/03/30 19:44:03 | 000,000,676 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BBLU69UJ\macromedia.com\support\flashplayer\sys\settings.sol
[2013/03/30 19:44:03 | 000,000,088 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BBLU69UJ\macromedia.com\support\flashplayer\sys\#cdnrep.reimage.com\settings.sol
[2012/12/05 18:20:25 | 000,000,090 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BBLU69UJ\macromedia.com\support\flashplayer\sys\#flash.quantserve.com\settings.sol
[2012/11/04 21:59:48 | 000,000,081 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BBLU69UJ\macromedia.com\support\flashplayer\sys\#s.ytimg.com\settings.sol
[2012/10/18 00:49:06 | 000,000,088 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BBLU69UJ\macromedia.com\support\flashplayer\sys\#www.myfreecams.com\settings.sol
[2012/11/05 02:41:10 | 000,000,086 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BBLU69UJ\macromedia.com\support\flashplayer\sys\#www.playlist.com\settings.sol
[2013/02/02 21:14:03 | 000,000,080 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BBLU69UJ\macromedia.com\support\flashplayer\sys\#www.rte.ie\settings.sol
[2012/12/05 18:20:23 | 000,000,087 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BBLU69UJ\macromedia.com\support\flashplayer\sys\#www-cdn.jtvnw.net\settings.sol
[2012/08/26 13:14:29 | 000,000,062 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BBLU69UJ\s.ytimg.com\soundData.sol
[2013/03/16 22:54:41 | 000,000,275 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BBLU69UJ\s.ytimg.com\videostats.sol
[2012/11/05 01:41:02 | 000,000,136 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BBLU69UJ\www.myfreecams.com\mfc2\flash\MfcVideo.swf\user_data.sol
[2012/12/31 01:49:13 | 000,000,238 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BBLU69UJ\www.myfreecams.com\mfc2\flash\MfcVideo121107.swf\user_data.sol
[2012/10/18 00:59:33 | 000,000,048 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BBLU69UJ\www.myfreecams.com\mfc2\flash\utilities8.swf\uid.sol
[2012/11/08 23:43:33 | 000,000,245 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BBLU69UJ\www.playlist.com\ppl6.sol
[2013/03/16 22:56:18 | 000,000,059 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BBLU69UJ\www.rte.ie\audioVolume.sol
[2013/03/16 22:56:17 | 000,000,044 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BBLU69UJ\www.rte.ie\Mute.sol
[2013/03/09 21:49:09 | 000,000,073 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BBLU69UJ\www.ulsterbankanytimebanking.ie\Brands\RSA_js\rsa_fso.swf\rsa_fso.sol
[2012/12/05 18:20:25 | 000,000,051 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BBLU69UJ\www-cdn.jtvnw.net\com.quantserve.sol
[2012/12/05 18:20:28 | 000,000,093 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BBLU69UJ\www-cdn.jtvnw.net\jtv_pdata.sol
[2012/12/05 18:20:28 | 000,000,120 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BBLU69UJ\www-cdn.jtvnw.net\jtv_rbwatched.sol
[2012/12/05 18:21:26 | 000,000,100 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BBLU69UJ\www-cdn.jtvnw.net\jtv_settings.sol
[2012/08/26 12:59:39 | 000,000,087 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#core.mochibot.com\settings.sol
[2012/08/26 12:59:44 | 000,000,102 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#l#\iveplayer.majorleaguegaming.com\settings.sol
[2013/03/28 01:22:43 | 000,000,145 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000190.sst
[2013/03/30 19:43:36 | 000,571,742 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000192.sst
[2013/03/30 19:46:40 | 000,329,182 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000193.log
[2013/03/30 19:43:36 | 000,000,016 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\CURRENT
[2012/11/07 00:51:31 | 000,000,000 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCK
[2013/03/30 19:43:42 | 000,000,272 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
[2013/03/28 01:22:46 | 000,000,826 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old
[2013/03/30 19:43:36 | 000,000,163 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000191
[2011/12/28 17:14:27 | 000,000,000 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\User StyleSheets\Custom.css
[2013/02/02 21:19:57 | 000,002,053 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.138\manifest.json
[2013/02/02 21:19:57 | 012,459,888 | ---- | M] () -- C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.138\pepflashplayer.dll
 
< %systemdrive%\$Recycle.Bin|@;true;true;true >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\SysWOW64\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\SysWOW64\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 170 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >
 



#15 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:43 AM

Posted 03 April 2013 - 05:24 PM

Hi!

Hi again! There doesn't seem to be any issues that with my system that I can tell at the moment.

Great! So glad to hear that things are running better!

Thanks for the link to foxit reader by the way!

Not a problem! :)

By the way I hope you don't mind me asking but what was it that was on my system and why could i not remove it? and how did it just "re-install" itself if i did try to remove it.

I think the root cause of these problems were those infected files that we removed using OTL.

Please submit this file to VirusTotal, and let me know the results of the file submission.

C:\Users\Eoin\AppData\Local\file__0.localstorage

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users