Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

rootkit? Windows firewall and security centre disabled


  • Please log in to reply

#1
DonalOS

DonalOS

    New Member

  • Member
  • Pip
  • 7 posts
Hi Geeks,
Hope somebody can help.

My PC appears to have picked up a rootkit. I noticed yesterday morning that the firewall was off, and i couldn't enable it.

The Windows Security Centre Service is not on, and i can't switch it on via the control panel??

Results of OTL quick scan below..

Many thanks

D

___________________________
OTL logfile created on: 29/03/2012 09:25:07 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\donal.osullivan\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

16.00 Gb Total Physical Memory | 10.99 Gb Available Physical Memory | 68.71% Memory free
24.79 Gb Paging File | 19.75 Gb Available in Paging File | 79.67% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.52 Gb Total Space | 9.82 Gb Free Space | 13.18% Space Free | Partition Type: NTFS
Drive D: | 241.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 465.76 Gb Total Space | 4.79 Gb Free Space | 1.03% Space Free | Partition Type: NTFS
Drive J: | 6.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 931.51 Gb Total Space | 162.98 Gb Free Space | 17.50% Space Free | Partition Type: NTFS
Drive M: | 465.76 Gb Total Space | 216.42 Gb Free Space | 46.47% Space Free | Partition Type: NTFS
Drive O: | 119.24 Gb Total Space | 31.38 Gb Free Space | 26.32% Space Free | Partition Type: NTFS
Drive S: | 931.51 Gb Total Space | 162.98 Gb Free Space | 17.50% Space Free | Partition Type: NTFS
Drive Z: | 931.51 Gb Total Space | 162.98 Gb Free Space | 17.50% Space Free | Partition Type: NTFS

Computer Name: SHOVE6CORE02 | User Name: donal.osullivan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/29 09:24:53 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\donal.osullivan\Desktop\OTL.exe
PRC - [2012/03/23 11:35:02 | 000,399,512 | ---- | M] (Mozilla Messaging) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2012/03/18 11:15:33 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/02/27 01:15:32 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
PRC - [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/20 22:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/02/15 11:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2011/11/10 10:30:54 | 012,843,360 | ---- | M] (2BrightSparks Pte Ltd) -- C:\Program Files (x86)\2BrightSparks\SyncBackPro\SyncBackPro.exe
PRC - [2011/10/15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/02/14 12:21:27 | 011,249,144 | ---- | M] (Foxit Corporation) -- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe
PRC - [2010/06/03 13:09:42 | 000,393,216 | ---- | M] () -- C:\Program Files (x86)\GenArts\Monsters-AE64\bin\JawsServerAE64.exe
PRC - [2010/06/03 11:13:04 | 001,540,096 | ---- | M] (Reprise Software Inc.) -- C:\Program Files (x86)\GenArts\rlm\rlm.exe
PRC - [2010/03/10 12:51:30 | 002,023,872 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\donal.osullivan\AppData\Local\Adobe\OOBE\PDApp\DWA\Setup.exe
PRC - [2010/03/06 03:57:06 | 000,681,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\donal.osullivan\AppData\Local\Adobe\OOBE\PDApp\core\PDapp.exe
PRC - [2009/12/21 08:00:50 | 000,081,920 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
PRC - [2009/01/12 09:15:52 | 000,071,096 | ---- | M] () -- C:\Windows\SysWOW64\NMSAccessU.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/23 11:35:04 | 001,968,280 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MOD - [2012/03/23 11:35:04 | 000,161,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2012/03/23 11:35:03 | 000,021,144 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2012/03/18 11:15:32 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/02/22 15:32:35 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/08 21:46:02 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2011/10/15 01:54:26 | 000,265,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/03/10 12:51:32 | 000,230,752 | ---- | M] () -- C:\Users\donal.osullivan\AppData\Local\Adobe\OOBE\PDApp\DWA\resources\libraries\patchw32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/06/06 09:28:28 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/05/18 22:40:08 | 002,169,592 | ---- | M] (UltraVNC) [Auto | Running] -- C:\Program Files\UltraVNC\winvnc.exe -- (uvnc_service)
SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/02/22 21:52:54 | 000,086,016 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe -- (mi-raysat_3dsmax2012_64)
SRV:64bit: - [2011/02/14 16:18:45 | 000,136,704 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Chaos Group\V-Ray\RT for 3ds Max 2011 for x64\bin\vrayrtspawner.exe -- (VRayRTSpawner)
SRV:64bit: - [2010/06/03 18:33:28 | 000,751,104 | ---- | M] () [Auto | Running] -- C:\Program Files\GenArts\Monsters-AE64\bin\FlowFinder3MonstersAE64.exe -- (FlowFinder3MonstersAE64)
SRV:64bit: - [2010/03/10 02:38:18 | 000,086,016 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe -- (mi-raysat_3dsmax2011_64)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/03/12 18:39:54 | 000,086,016 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe -- (mi-raysat_3dsmax2010_64)
SRV:64bit: - [2007/08/09 13:59:36 | 001,757,696 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Stopped] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV - [2012/03/27 18:08:44 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll -- (Akamai)
SRV - [2012/01/31 22:30:46 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2012/01/31 22:30:40 | 000,375,176 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/10/15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/09/16 15:10:50 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2011/02/14 15:56:02 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/06/03 13:09:42 | 000,393,216 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GenArts\Monsters-AE64\bin\JawsServerAE64.exe -- (JawsServerAE64)
SRV - [2010/06/03 11:13:04 | 001,540,096 | ---- | M] (Reprise Software Inc.) [Auto | Running] -- C:\Program Files (x86)\GenArts\rlm\rlm.exe -- (RLM-GenArts)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/10 03:10:38 | 000,086,016 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe -- (mi-raysat_3dsmax2011_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/12 18:36:24 | 000,086,016 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe -- (mi-raysat_3dsmax2010_32)
SRV - [2009/01/12 09:15:52 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\NMSAccessU.exe -- (NMSAccess)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/31 22:31:08 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2011/12/19 14:45:22 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011/09/16 15:10:50 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2011/09/16 15:10:24 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2011/07/08 00:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/06/23 09:06:28 | 000,012,904 | ---- | M] (UVNC BVBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mv2.sys -- (mv2)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/06/02 11:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/06/02 11:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/04/13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/10 14:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/10 14:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/09 16:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/07/15 09:44:20 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2010/07/15 09:44:20 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2010/04/12 09:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2010/03/31 09:00:54 | 000,038,992 | ---- | M] (DrayTek, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VPPPx64.sys -- (VPPP)
DRV:64bit: - [2009/12/22 03:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/07/16 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 02:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2007/09/25 15:59:52 | 000,018,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder Audio Edition x64\SysInfoX64.sys -- (CrystalSysInfo)
DRV - [2011/09/16 15:10:50 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2010/10/15 02:40:25 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\donal.osullivan\Downloads\PeerBlock_r484__x64_Release_(Vista)\pbfilter.sys -- (pbfilter)
DRV - [2010/07/15 09:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 09:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006/11/14 23:26:48 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQDSK/2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/CQDSK/2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 6D 08 E2 39 CC CB 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {CF129514-CC52-40EE-ACCB-D8B8CBAAEBDB}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{CF129514-CC52-40EE-ACCB-D8B8CBAAEBDB}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avaya.com/WebAlive,version=2.5.40: C:\Program Files (x86)\web.alive\web.alive-2.5.40\System\npwebalive_2_5b_40.dll (Nortel Networks)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: M:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\donal.osullivan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\donal.osullivan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/18 11:15:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/22 15:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\components [2011/11/21 10:28:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/01/20 09:59:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2011/05/31 09:19:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\donal.osullivan\AppData\Roaming\Mozilla\Extensions
[2011/03/23 14:24:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\donal.osullivan\AppData\Roaming\Mozilla\Extensions\MediaCoder
[2012/03/05 15:38:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\donal.osullivan\AppData\Roaming\Mozilla\Firefox\Profiles\wiavgrjg.default\extensions
[2011/05/31 09:19:54 | 000,000,000 | ---D | M] (Just Black (A Cylence theme for Firefox 3)) -- C:\Users\donal.osullivan\AppData\Roaming\Mozilla\Firefox\Profiles\wiavgrjg.default\extensions\{1a45a8a0-3278-11dd-bd11-0800200c9a66}
[2012/01/19 03:00:41 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\donal.osullivan\AppData\Roaming\Mozilla\Firefox\Profiles\wiavgrjg.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2011/05/31 09:19:56 | 000,000,000 | ---D | M] (zblack) -- C:\Users\donal.osullivan\AppData\Roaming\Mozilla\Firefox\Profiles\wiavgrjg.default\extensions\{50931610-3d8e-11dd-ae16-0800200c9a66}
[2011/05/31 09:19:56 | 000,000,000 | ---D | M] (New Tab Homepage) -- C:\Users\donal.osullivan\AppData\Roaming\Mozilla\Firefox\Profiles\wiavgrjg.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
[2011/12/05 10:54:55 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\donal.osullivan\AppData\Roaming\Mozilla\Firefox\Profiles\wiavgrjg.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2011/12/28 09:56:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\donal.osullivan\AppData\Roaming\Mozilla\Firefox\Profiles\wiavgrjg.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/03/01 10:48:23 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\donal.osullivan\AppData\Roaming\Mozilla\Firefox\Profiles\wiavgrjg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/10/02 11:48:47 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\donal.osullivan\AppData\Roaming\Mozilla\Firefox\Profiles\wiavgrjg.default\extensions\[email protected]
[2012/02/15 13:13:19 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\donal.osullivan\AppData\Roaming\Mozilla\Firefox\Profiles\wiavgrjg.default\extensions\[email protected]
[2012/01/04 14:50:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/01/05 11:26:57 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/03/18 11:15:33 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/20 13:19:35 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/13 14:33:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/13 14:33:01 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\donal.osullivan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\donal.osullivan\AppData\Local\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\donal.osullivan\AppData\Local\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\donal.osullivan\AppData\Local\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = M:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: OnLive Game Client Detector (Enabled) = C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: web.alive (Enabled) = C:\Program Files (x86)\web.alive\web.alive-2.5.40\System\npwebalive_2_5b_40.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Atari - Lunar Lander = C:\Users\donal.osullivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aheampccjiggeiflpcjolbabpohbpclg\1.0_0\
CHR - Extension: Web Developer = C:\Users\donal.osullivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm\0.3.1_0\
CHR - Extension: SKiD Racer = C:\Users\donal.osullivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhoaojooagiaaiidlnfhkkafjpbbnnno\0.0.0.37_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\donal.osullivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: WGT Golf Challenge = C:\Users\donal.osullivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcilimldmomiaihcfkmaldanopfejefg\32.1.0_0\
CHR - Extension: Solitaire Games = C:\Users\donal.osullivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\eljmkmbmhmgmpmmbkagbobpmpocacdbo\1.0.0.3_0\
CHR - Extension: AdBlock = C:\Users\donal.osullivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.22_0\
CHR - Extension: OrangeFPS on Roozz = C:\Users\donal.osullivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifnckhopllcmleegegheacblhehfifei\0.1.0.4_0\
CHR - Extension: OrangeFPS on Roozz = C:\Users\donal.osullivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifnckhopllcmleegegheacblhehfifei\0.1.0.5_0\
CHR - Extension: StumbleUpon = C:\Users\donal.osullivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg\3.12.6.1_0\
CHR - Extension: StumbleUpon = C:\Users\donal.osullivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg\4.3.19.2_0\
CHR - Extension: Steambirds: Survival = C:\Users\donal.osullivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcdhpokmalcfjnfkjlfncgekebcojinn\1.0_0\
CHR - Extension: Plants vs Zombies = C:\Users\donal.osullivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\
CHR - Extension: Web Server Notifier = C:\Users\donal.osullivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\najdkmbedaehkepolllmpdfccdgooajh\1.4.4_0\

O1 HOSTS File: ([2012/03/06 10:02:38 | 000,009,822 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 adobe.com
O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 3dns-5.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip2.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip4.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip1.adobe.com
O1 - Hosts: 112 more lines...
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1AD5EACB-3854-4FF0-98B8-2DE0425069E5}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{806A6FF0-B6C7-451E-A9A3-91807990D870}: DhcpNameServer = 192.168.16.2 192.168.16.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/11 04:32:00 | 000,000,031 | R--- | M] () - J:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = "I:\Adobe CS5\Set-up.exe"
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = "J:\Adobe CS5\Set-up.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/29 09:29:37 | 000,000,000 | ---D | C] -- C:\adobeTemp
[2012/03/29 09:24:26 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\donal.osullivan\Desktop\OTL.exe
[2012/03/29 09:01:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2012/03/29 09:00:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2012/03/29 09:00:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2012/03/28 22:53:34 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware
[2012/03/27 13:13:20 | 000,000,000 | ---D | C] -- C:\Users\donal.osullivan\AppData\Roaming\pdfforge
[2012/03/27 13:13:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012/03/27 13:13:17 | 000,065,024 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll
[2012/03/23 10:25:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CustoPackTools
[2012/03/23 10:25:03 | 000,000,000 | ---D | C] -- C:\ProgramData\CustoPackTools
[2012/03/23 10:24:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CustoPackTools
[2012/03/22 10:34:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\KeyShot 3
[2012/03/22 10:34:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyShot3 64
[2012/03/22 10:34:14 | 000,000,000 | ---D | C] -- C:\Program Files\KeyShot3
[2012/03/20 15:00:44 | 000,000,000 | ---D | C] -- C:\updates
[2012/03/12 10:35:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/12 10:35:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/12 10:35:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/05 14:28:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari
[2012/03/05 10:36:00 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/03/02 12:46:30 | 000,000,000 | ---D | C] -- C:\Users\donal.osullivan\AppData\Roaming\web.alive
[2012/03/02 12:46:27 | 000,000,000 | ---D | C] -- C:\Users\donal.osullivan\AppData\Local\web.alive
[2012/03/02 12:46:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\web.alive
[2012/03/02 12:46:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\web.alive
[2012/03/02 11:30:44 | 000,000,000 | ---D | C] -- C:\Users\donal.osullivan\VirtualBox VMs
[2012/03/02 11:30:00 | 000,000,000 | ---D | C] -- C:\Users\donal.osullivan\.VirtualBox
[2012/03/02 11:29:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2012/03/02 11:29:06 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/03/01 14:00:39 | 000,000,000 | ---D | C] -- C:\Users\donal.osullivan\AppData\Local\Thinkbox
[2012/03/01 13:54:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thinkbox
[2012/03/01 13:54:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Thinkbox
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/29 09:24:53 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\donal.osullivan\Desktop\OTL.exe
[2012/03/29 08:56:02 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1789972626-3051360349-2546482966-1001UA.job
[2012/03/29 08:52:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/29 02:56:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1789972626-3051360349-2546482966-1001Core.job
[2012/03/28 17:52:44 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/28 17:13:34 | 000,000,536 | ---- | M] () -- C:\Windows\tasks\Web.AliveUpdateTask.job
[2012/03/28 16:22:51 | 000,786,706 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/28 16:22:51 | 000,672,036 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/28 16:22:51 | 000,128,588 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/28 14:24:39 | 000,020,480 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/28 14:24:39 | 000,020,480 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/28 14:13:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/27 13:13:20 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012/03/23 10:25:03 | 000,001,123 | ---- | M] () -- C:\Users\Public\Desktop\CustoPack Tools.lnk
[2012/03/22 10:35:14 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\KeyShot 3 Resources.lnk
[2012/03/20 10:17:52 | 000,018,404 | ---- | M] () -- C:\Users\donal.osullivan\Desktop\nanny contract.odt
[2012/03/14 18:23:22 | 000,065,024 | ---- | M] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll
[2012/03/14 10:38:05 | 005,200,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/12 15:28:39 | 000,002,047 | ---- | M] () -- C:\Users\donal.osullivan\Desktop\BatchMerge-v1.5.zip
[2012/03/08 11:50:27 | 000,072,093 | ---- | M] () -- C:\Users\donal.osullivan\Desktop\contacts04.ldif
[2012/03/06 10:38:26 | 000,000,132 | ---- | M] () -- C:\Users\donal.osullivan\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/03/06 10:02:38 | 000,009,822 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/03/05 10:47:49 | 000,000,158 | ---- | M] () -- C:\Users\donal.osullivan\Desktop\Ed&AudePC.URL
[2012/02/29 13:48:13 | 001,121,620 | ---- | M] () -- C:\Users\donal.osullivan\Desktop\VR_shot 1.jpg
[2012/02/28 12:49:22 | 000,001,456 | ---- | M] () -- C:\Users\donal.osullivan\AppData\Local\Adobe Save for Web 12.0 Prefs
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/27 13:13:20 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012/03/23 10:25:03 | 000,001,123 | ---- | C] () -- C:\Users\Public\Desktop\CustoPack Tools.lnk
[2012/03/22 10:35:14 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\KeyShot 3 Resources.lnk
[2012/03/20 10:15:06 | 000,018,404 | ---- | C] () -- C:\Users\donal.osullivan\Desktop\nanny contract.odt
[2012/03/12 15:28:39 | 000,002,047 | ---- | C] () -- C:\Users\donal.osullivan\Desktop\BatchMerge-v1.5.zip
[2012/03/08 11:50:27 | 000,072,093 | ---- | C] () -- C:\Users\donal.osullivan\Desktop\contacts04.ldif
[2012/03/05 14:28:34 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2012/03/05 10:47:49 | 000,000,158 | ---- | C] () -- C:\Users\donal.osullivan\Desktop\Ed&AudePC.URL
[2012/03/02 12:46:31 | 000,000,536 | ---- | C] () -- C:\Windows\tasks\Web.AliveUpdateTask.job
[2012/02/29 13:48:13 | 001,121,620 | ---- | C] () -- C:\Users\donal.osullivan\Desktop\VR_shot 1.jpg
[2012/02/21 17:05:43 | 000,155,136 | ---- | C] () -- C:\Windows\SysWow64\AI_ContextMenu.dll
[2012/02/21 09:49:35 | 000,723,230 | ---- | C] () -- C:\Windows\unins000.exe
[2012/02/21 09:49:35 | 000,027,007 | ---- | C] () -- C:\Windows\unins000.dat
[2012/02/16 17:46:23 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/02/10 17:00:00 | 000,038,496 | ---- | C] () -- C:\Users\donal.osullivan\AppData\Roaming\Comma Separated Values (DOS).ADR
[2012/01/31 09:40:17 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/01/31 09:40:15 | 000,032,493 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/01/19 10:38:43 | 000,000,080 | ---- | C] () -- C:\Users\donal.osullivan\AppData\Local\CrystalDiskMark30.ini
[2012/01/02 13:13:06 | 000,071,096 | ---- | C] () -- C:\Windows\SysWow64\NMSAccessU.exe
[2012/01/02 13:13:06 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\SyncBackPro.dll
[2011/11/10 11:39:47 | 000,001,456 | ---- | C] () -- C:\Users\donal.osullivan\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/10/31 16:23:43 | 000,000,119 | ---- | C] () -- C:\Windows\prfile.ini
[2011/10/19 21:25:26 | 000,162,440 | ---- | C] () -- C:\Windows\SysWow64\AirfoilInject3.dll
[2011/10/15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/09/21 16:33:27 | 000,199,900 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/08/02 19:55:23 | 000,000,600 | ---- | C] () -- C:\Users\donal.osullivan\AppData\Local\PUTTY.RND
[2011/08/02 18:02:08 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2011/07/23 17:14:11 | 000,006,144 | ---- | C] () -- C:\Users\donal.osullivan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/22 11:26:36 | 000,000,132 | ---- | C] () -- C:\Users\donal.osullivan\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/07/07 10:39:27 | 000,000,203 | ---- | C] () -- C:\Windows\MSUTIL.INI
[2011/07/07 09:34:57 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2011/05/31 09:30:27 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/03/24 09:48:08 | 002,336,384 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2011/03/24 09:48:08 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2011/03/24 09:48:08 | 000,014,848 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2011/03/24 09:48:08 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2011/03/24 09:48:08 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2011/03/23 15:40:12 | 000,014,976 | ---- | C] () -- C:\Windows\SysWow64\drivers\SBKUPNT.SYS
[2011/03/23 15:40:12 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\DEVLOAD.EXE
[2011/03/23 15:40:08 | 000,002,799 | ---- | C] () -- C:\Windows\SKLANG.INI
[2011/03/17 13:14:02 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/03/08 20:00:10 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/03/08 20:00:10 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/02/15 12:39:55 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/02/14 12:36:12 | 000,774,198 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/05/11 16:48:24 | 000,534,016 | ---- | C] () -- C:\Windows\SysWow64\LS3Renderer.dll

========== LOP Check ==========

[2012/01/02 13:17:46 | 000,000,000 | ---D | M] -- C:\Users\donal.osullivan\AppData\Roaming\2BrightSparks
[2012/02/21 17:05:54 | 000,000,000 | ---D | M] -- C:\Users\donal.osullivan\AppData\Roaming\Aimersoft Video Converter Ultimate
[2011/10/26 15:25:16 | 000,000,000 | ---D | M] -- C:\Users\donal.osullivan\AppData\Roaming\Audacity
[2012/02/01 17:02:33 | 000,000,000 | ---D | M] -- C:\Users\donal.osullivan\AppData\Roaming\Autodesk
[2011/05/31 09:19:41 | 000,000,000 | ---D | M] -- C:\Users\donal.osullivan\AppData\Roaming\Broad Intelligence
[2011/05/31 09:19:41 | 000,000,000 | ---D | M] -- C:\Users\donal.osullivan\AppData\Roaming\Canneverbe Limited
[2011/05/31 09:19:41 | 000,000,000 | ---D | M] -- C:\Users\donal.osullivan\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/05/31 09:19:42 | 000,000,000 | ---D | M] -- C:\Users\donal.osullivan\AppData\Roaming\djv-0.8-3
[2011/05/31 09:19:42 | 000,000,000 | ---D | M] -- C:\Users\donal.osullivan\AppData\Roaming\e-on software
[2011/07/07 09:36:01 | 000,000,000 | ---D | M] -- C:\Users\donal.osullivan\AppData\Roaming\EDrawings
[2011/05/31 09:19:42 | 000,000,000 | ---D | M] -- C:\Users\donal.osullivan\AppData\Roaming\eyeon
[2011/06/01 12:55:40 | 000,000,000 | ---D | M] -- C:\Users\donal.osullivan\AppData\Roaming\FastCopy
[2012/03/05 11:26:39 | 000,000,000 | ---D | M] -- C:\Users\donal.osullivan\AppData\Roaming\FileZilla
[2011/05/31 09:19:42 | 000,000,000 | ---D | M] -- C:\Users\donal.osullivan\AppData\Roaming\Foxit Software
[2011/05/31 09:19:42 | 000,000,000 | ---D | M] -- C:\Users\donal.osullivan\AppData\Roaming\GetRightToGo
[2011/05/31 09:19:42 | 000,000,000 | ---D | M] -- C:\Users\donal.osullivan\AppData\Roaming\HDRLabs
[2012/01/16 14:22:27 | 000,000,000 | ---D | M] -- C:\Users\donal.osullivan\AppData\Roaming\Install
[2011/10/13 09:53:36 | 000,000,000 | ---D | M] -- C:\Users\donal.osullivan\AppData\Roaming\JAM Software
[2011/06/16 16:02:52 | 000,000,000 | ---D | M] -- C:\Users\donal.osullivan\AppData\Roaming\johnsadventures.com
[2011/05/31 09:19:42 | 000,000,000 | ---D | M] -- C:\Users\donal.osullivan\AppData\Roaming\Kerio
[2012/02/27 16:34:23 | 000,000,000 | ---D | M] -- C:\Users\donal.osullivan\AppData\Roaming\krpano
[2012/02/21 12:02:20 | 000,000,000 | ---D | M] -- C:\Users\donal.osullivan\AppData\Roaming\Leawo
[2011/05/31 09:19:50 | 000,000,000 | ---D | M] -- C:\Users\donal.osullivan\AppData\Roaming\mkvtoolnix
[2012/01/31 15:22:28 | 000,000,000 | ---D | M] -- C:\Users\donal.osullivan\AppData\Roaming\NesterSoft
[2011/05/31 09:19:57 | 000,000,000 | ---D | M] -- C:\Users\donal.osullivan\AppData\Roaming\Notepad++
[2011/09/22 13:07:57 | 000,000,000 | ---D | M] -- C:\Users\donal.osullivan\AppData\Roaming\OnLive App
[2011/05/31 09:19:58 | 000,000,000 | ---D | M] -- C:\Users\donal.osullivan\AppData\Roaming\OpenOffice.org
[2011/12/06 11:23:33 | 000,000,000 | ---D | M] -- C:\Users\donal.osullivan\AppData\Roaming\Opera
[2011/08/02 18:02:08 | 000,000,000 | ---D | M] -- C:\Users\donal.osullivan\AppData\Roaming\PACE Anti-Piracy
[2012/03/27 13:13:20 | 000,000,000 | ---D | M] -- C:\Users\donal.osullivan\AppData\Roaming\pdfforge
[2012/02/11 13:18:17 | 000,000,000 | ---D | M] -- C:\Users\donal.osullivan\AppData\Roaming\Pdplayer
[2012/02/15 17:01:09 | 000,000,000 | ---D | M] -- C:\Users\donal.osullivan\AppData\Roaming\PTGui
[2012/01/09 13:34:21 | 000,000,000 | ---D | M] -- C:\Users\donal.osullivan\AppData\Roaming\QuteCom
[2011/05/31 09:20:02 | 000,000,000 | ---D | M] -- C:\Users\donal.osullivan\AppData\Roaming\SorensonMedia
[2012/03/19 19:24:06 | 000,000,000 | ---D | M] -- C:\Users\donal.osullivan\AppData\Roaming\Spotify
[2011/08/02 18:02:55 | 000,000,000 | ---D | M] -- C:\Users\donal.osullivan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/03/27 17:59:35 | 000,000,000 | ---D | M] -- C:\Users\donal.osullivan\AppData\Roaming\TeraCopy
[2012/01/06 13:58:54 | 000,000,000 | ---D | M] -- C:\Users\donal.osullivan\AppData\Roaming\ThumbGen
[2012/01/20 09:59:14 | 000,000,000 | ---D | M] -- C:\Users\donal.osullivan\AppData\Roaming\Thunderbird
[2012/02/16 17:47:37 | 000,000,000 | ---D | M] -- C:\Users\donal.osullivan\AppData\Roaming\tiger-k
[2012/03/28 13:46:26 | 000,000,000 | ---D | M] -- C:\Users\donal.osullivan\AppData\Roaming\uTorrent
[2012/03/02 12:46:30 | 000,000,000 | ---D | M] -- C:\Users\donal.osullivan\AppData\Roaming\web.alive
[2009/07/14 06:08:49 | 000,031,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/03/28 17:13:34 | 000,000,536 | ---- | M] () -- C:\Windows\Tasks\Web.AliveUpdateTask.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1248 bytes -> C:\ProgramData\Microsoft:Iw3On6SNSa00CZStGN0
@Alternate Data Stream - 1182 bytes -> C:\Program Files\Common Files\Microsoft Shared:fcZm4dCP2xI6sU0IBBH
@Alternate Data Stream - 1150 bytes -> C:\Users\donal.osullivan\AppData\Local\Temp:4UHPBSKv3bKJwnOss30OvD
@Alternate Data Stream - 1061 bytes -> C:\Program Files\Common Files\Microsoft Shared:nSVAQ4IJOSttsT0OB8qvj9I
@Alternate Data Stream - 1039 bytes -> C:\ProgramData\Microsoft:K29BTYwcfLo0XZJ05gy

< End of report >
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP