Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

amital!dat and Trojan.Boaxxe detected Adsl Router strange behavio

Started by kdokeeffe , Nov 15 2011 07:32 AM

  • Please log in to reply

#1
kdokeeffe
Posted 15 November 2011 - 07:32 AM

kdokeeffe

    Member

  • Member
  • PipPip
  • 41 posts
hi Geekstogo!

after recently having some malware activity on one PC detected and solved I decided to switch from AVG to MSE and scanned my other home PCs with MWBAM for any infections. the results are positive and not in a good way!

there are at least two trojans detected on my Dell desktop running W7. I believe they have not been removed successfully so far.

Main symptoms I have seen are a recent spate of low BB speeds and on pinging my internal router IP, it was forwarding to an external IP. resetting the modem solved the problem temporarily.

here are the last 3 MWB logs and the OTL log. Let me know what you advise. Thanks in advance! - Kdokeeffe


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8152

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

13/11/2011 23:01:19
mbam-log-2011-11-13 (23-01-19).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 503012
Time elapsed: 3 hour(s), 25 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Qoobox\quarantine\C\Windows\System32\dlof759.dll.vir (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Users\Kieran\AppData\Roaming\microsoft\Windows\templates\memory.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Kieran\templates\memory.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Public\documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\Public\documents\Server\server.dat (Malware.Trace) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8156

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

14/11/2011 03:29:59
mbam-log-2011-11-14 (03-29-59).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 502028
Time elapsed: 3 hour(s), 14 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8156

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

15/11/2011 02:30:19
mbam-log-2011-11-15 (02-30-19).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|M:\|Y:\|Z:\|)
Objects scanned: 637694
Time elapsed: 3 hour(s), 4 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


OTL logfile created on: 15/11/2011 13:17:45 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kieran\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 42.58% Memory free
6.49 Gb Paging File | 4.48 Gb Available in Paging File | 68.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 217.78 Gb Total Space | 17.96 Gb Free Space | 8.25% Space Free | Partition Type: NTFS
Drive D: | 232.83 Gb Total Space | 3.29 Gb Free Space | 1.41% Space Free | Partition Type: NTFS
Drive E: | 15.00 Gb Total Space | 10.60 Gb Free Space | 70.67% Space Free | Partition Type: NTFS
Drive Y: | 465.76 Gb Total Space | 0.23 Gb Free Space | 0.05% Space Free | Partition Type: NTFS
Drive Z: | 465.76 Gb Total Space | 52.06 Gb Free Space | 11.18% Space Free | Partition Type: NTFS

Computer Name: DELLPC | User Name: Kieran | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Kieran\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\POWERISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mindjet\MindManager 9\MmReminderService.exe (Mindjet)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\cmd.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe (Macrovision )
PRC - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
PRC - C:\Windows\System32\CTxfispi.exe (Creative Technology Ltd)
PRC - C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
PRC - C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files\Ikanos Consulting\SideTunes\itunessideshowgadget.exe ()
PRC - C:\Windows\System32\Crypserv.exe (CrypKey (Canada) Ltd.)
PRC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe (Seagate Technology LLC)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe ()
PRC - C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe (Acronis)
PRC - C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
PRC - C:\Windows\System32\ico.exe (Primax Electronics Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Users\Kieran\AppData\Local\Google\Chrome\Application\15.0.874.106\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Kieran\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll ()
MOD - C:\Users\Kieran\AppData\Local\Google\Chrome\Application\15.0.874.106\avutil-51.dll ()
MOD - C:\Users\Kieran\AppData\Local\Google\Chrome\Application\15.0.874.106\avformat-53.dll ()
MOD - C:\Users\Kieran\AppData\Local\Google\Chrome\Application\15.0.874.106\avcodec-53.dll ()
MOD - C:\Users\Kieran\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\66a5094e521e34aecd51e4bae30ac266\System.Configuration.Install.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Program Files\Google\Quick Search Box\bin\1.2.1151.245\rlz.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files\Mindjet\MindManager 9\zlib.dll ()
MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.SideShow\1.0.2.0__31bf3856ad364e35\Microsoft.SideShow.dll ()
MOD - C:\Windows\CTXFIRES.DLL ()
MOD - C:\Windows\System32\APOMngr.DLL ()
MOD - C:\Program Files\Ikanos Consulting\SideTunes\itunessideshowgadget.exe ()
MOD - C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe ()
MOD - C:\Program Files\TotalAudioConverter\axTotalConverter.dll ()


========== Win32 Services (SafeList) ==========

SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- File not found
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- File not found
SRV - (Belkin High-Speed Mode Wireless G USB Network Adapter Service) -- File not found
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (InstallShield Licensing Service) -- C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe (Macrovision )
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (Crypkey License) -- C:\Windows\System32\Crypserv.exe (CrypKey (Canada) Ltd.)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (Basics Service) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe (Seagate Technology LLC)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe (Acronis)
SRV - (AlertService) Intel® -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel® Corporation)
SRV - (QualityManager) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe (Intel® Corporation)
SRV - (Remote UI Service) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel® Corporation)
SRV - (MCLServiceATL) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel® Corporation)
SRV - (DHTRACE) Intel® -- C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe (Intel® Corporation)
SRV - (ISSM) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe (Intel® Corporation)
SRV - (NMSCore) Intel® -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe (Intel® Corporation)
SRV - (M1 Server) Intel® Viiv™ -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (DQLWinService) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()


========== Driver Services (SafeList) ==========

DRV - (Avgtdix) -- File not found
DRV - (Avgrkx86) -- File not found
DRV - (AVGIDSShim) -- File not found
DRV - (AVGIDSFilter) -- File not found
DRV - (AVGIDSEH) -- File not found
DRV - (AVGIDSDriver) -- File not found
DRV - (MpKslca3b42fb) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1F7DCC01-F227-4579-B2C6-5C64E7D99DE8}\MpKslca3b42fb.sys (Microsoft Corporation)
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation )
DRV - (appliandMP) -- C:\Windows\System32\drivers\appliand.sys (Applian Technologies Inc.)
DRV - (appliand) -- C:\Windows\System32\drivers\appliand.sys (Applian Technologies Inc.)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (ha20x2k) -- C:\Windows\System32\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\Windows\System32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\Windows\System32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\Windows\System32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\Windows\System32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\System32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\Windows\System32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (CTEXFIFX.SYS) -- C:\Windows\System32\drivers\CTEXFIFX.SYS (Creative Technology Ltd.)
DRV - (CTEXFIFX) -- C:\Windows\System32\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV - (CTHWIUT.SYS) -- C:\Windows\System32\drivers\CTHWIUT.SYS (Creative Technology Ltd.)
DRV - (CTHWIUT) -- C:\Windows\System32\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV - (CT20XUT.SYS) -- C:\Windows\System32\drivers\CT20XUT.SYS (Creative Technology Ltd.)
DRV - (CT20XUT) -- C:\Windows\System32\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV - (ssm_mdm) -- C:\Windows\System32\drivers\ssm_mdm.sys (MCCI Corporation)
DRV - (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) -- C:\Windows\System32\drivers\ssm_bus.sys (MCCI Corporation)
DRV - (ssm_mdfl) -- C:\Windows\System32\drivers\ssm_mdfl.sys (MCCI Corporation)
DRV - (USB_RNDIS) -- C:\Windows\System32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6232.sys (Intel Corporation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (NetworkX) -- C:\Windows\system32\ckldrv.sys ()
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (TSHWMDTCP) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys ()
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (pmxmouse) -- C:\Windows\System32\drivers\pmxmouse.sys (Primax Electronics Ltd.)
DRV - (pmxusblf) -- C:\Windows\System32\drivers\pmxusblf.sys (Primax Electronics Ltd.)
DRV - (nmsunidr) -- C:\Windows\System32\drivers\nmsunidr.sys (Gteko Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll File not found
FF - HKLM\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKCU\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kieran\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kieran\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2011/11/10 22:02:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2011/11/10 22:02:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/28 09:30:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2011/07/26 16:58:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/07/27 01:16:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/25 08:21:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 22:02:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/10 22:02:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/28 09:30:00 | 000,000,000 | ---D | M]

[2009/10/30 15:22:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kieran\AppData\Roaming\Mozilla\Extensions
[2009/10/30 15:22:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kieran\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2011/10/26 01:21:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kieran\AppData\Roaming\Mozilla\Firefox\Profiles\pqgl9gps.default\extensions
[2011/10/26 01:21:40 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Kieran\AppData\Roaming\Mozilla\Firefox\Profiles\pqgl9gps.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/10/24 18:24:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/02 15:22:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/11/30 14:23:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/24 11:42:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/25 16:05:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/23 14:04:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/24 18:24:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2009/10/19 23:52:13 | 000,000,000 | ---D | M] (eMusic - Apple iTunes Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_ITUNES@EMUSIC.COM
[2009/10/19 23:52:13 | 000,000,000 | ---D | M] (eMusic - Nullsoft Winamp Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WINAMP@EMUSIC.COM
[2009/10/19 23:52:13 | 000,000,000 | ---D | M] (eMusic - Microsoft Media Player Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WMP@EMUSIC.COM
[2011/07/19 00:36:52 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/04/25 12:41:55 | 000,024,576 | ---- | M] (Avantstar, Inc.) -- C:\Program Files\mozilla firefox\plugins\NPQ00032.DLL
[2010/07/12 16:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2006/03/22 02:27:56 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2010/07/20 10:00:00 | 000,086,016 | ---- | M] (Avantstar, Inc.) -- C:\Program Files\mozilla firefox\plugins\QVPLUG32.DLL
[2010/01/01 08:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kieran\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Kieran\AppData\Local\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kieran\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Quick View Plus for Windows XP and Windows 2000 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPQ00032.DLL
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: eMusic Remote Plugin (Enabled) = C:\Program Files\eMusic Download Manager\plugin\npemusic.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: RubbishBooks = C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\gklfihmmokekepifllhpdlkobiplpklj\2.3_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: AVG Safe Search = C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1857_0\
CHR - Extension: Vuze Remote = C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.0.1.4_0\
CHR - Extension: Vuze Remote = C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.1.12_0\

O1 HOSTS File: ([2011/11/15 13:11:10 | 000,000,822 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel® Corporation)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DVD or CD Sharing] C:\Program Files\DVD or CD Sharing\ODSAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 9\MmReminderService.exe (Mindjet)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [PMX Daemon] C:\Windows\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [googletalk] C:\Users\Kieran\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1036 Safari/532.5" -"http://www.atom.co.j...ge/Zinter.html" File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E4B2DE6-0546-49F3-8113-23325632B8A5}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE08E2C0-E98D-4D6C-8122-8DDD076F2572}: NameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {0cab0400-7395-11d0-a5e5-0020afe2fdd9} - C:\Windows\qvphook.dll (Avantstar, Inc.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/29 08:57:26 | 000,000,032 | ---- | M] () - Y:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2005/09/29 08:57:26 | 000,000,032 | ---- | M] () - Z:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/15 08:49:25 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/11/14 12:07:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/11/13 11:48:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/11/13 11:37:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/13 11:36:59 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/11 02:02:41 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Roaming\PFStaticIP
[2011/11/11 01:59:51 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Local\APN
[2011/11/11 01:59:22 | 000,000,000 | ---D | C] -- C:\Program Files\PFStaticIP
[2011/11/10 22:02:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/11/10 22:01:55 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/11/08 22:00:32 | 000,000,000 | ---D | C] -- C:\Users\Kieran\Desktop\Tz
[2011/11/06 23:26:01 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Roaming\GRETECH
[2011/11/06 23:25:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
[2011/11/06 23:25:23 | 000,000,000 | ---D | C] -- C:\Program Files\GRETECH
[2011/11/01 21:32:40 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Local\{91EC8B17-9707-4024-9663-FBE3CEF86113}
[2011/11/01 21:32:29 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Local\{9FA0390E-0D72-42CB-911D-418A4F339B8E}
[2011/11/01 20:35:30 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Local\{F93F111E-39E4-42F2-B450-B7BD89E34D3D}
[2011/11/01 20:35:19 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Local\{09509684-0CAE-4054-B29C-405C69B69286}
[2011/11/01 19:48:08 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Local\{50DE5B47-3163-433B-B3A8-81584D2C1705}
[2011/11/01 19:47:53 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Local\{FA995BBF-26E5-409F-ADD6-BB1D4E979585}
[2011/11/01 18:19:59 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Roaming\AVG2012
[2011/11/01 18:19:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/10/30 11:00:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2011/10/30 11:00:18 | 000,000,000 | ---D | C] -- C:\Program Files\POWERISO
[2011/10/30 09:33:37 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TransMac
[2011/10/30 09:33:37 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Local\TransMac
[2011/10/30 09:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\TransMac
[2011/10/30 09:33:01 | 000,000,000 | ---D | C] -- C:\Program Files\Pixbyte
[2011/10/30 09:20:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD or CD Sharing
[2011/10/30 09:20:33 | 000,000,000 | ---D | C] -- C:\Program Files\DVD or CD Sharing
[2011/10/30 02:14:48 | 000,000,000 | ---D | C] -- C:\Users\Kieran\Desktop\from nokia mem card
[2011/10/30 02:05:40 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Roaming\ImgBurn
[2011/10/30 01:39:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2011/10/30 01:38:56 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2011/10/30 01:03:10 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicISO
[2011/10/30 01:03:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
[2011/10/30 01:03:05 | 000,000,000 | ---D | C] -- C:\Program Files\MagicISO
[2011/10/26 01:25:58 | 000,000,000 | ---D | C] -- C:\Users\Kieran\.swt
[2011/10/22 15:31:30 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Local\{24915404-A806-4111-BBCE-1AB528CE7B3E}
[2011/10/22 15:31:19 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Local\{19A7084C-9393-4F4B-8439-0B6C51AAEE4B}
[2011/10/21 17:39:50 | 000,000,000 | ---D | C] -- C:\Users\Kieran\Desktop\Music
[2011/10/20 14:46:50 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Local\{DB615542-A20A-41DD-A6BC-31754765C19B}
[2011/10/20 14:46:38 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Local\{C434913A-A1CC-4902-A8A1-C40654A00031}
[2011/10/20 12:46:30 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Local\{F6274A0C-5DE3-4CF5-A437-9130502E445E}
[2011/10/20 12:44:38 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Local\{AFEF832D-D07A-4E49-BC22-D3C0F99624B0}
[2011/10/20 12:44:27 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Local\{3E03C469-8778-4189-BCF8-C39E958A0C95}
[2011/10/20 12:34:56 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Local\{F329998B-9B26-4B92-9C62-CD01626BB30C}
[2011/10/18 09:27:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/18 09:26:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/18 09:22:29 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/18 08:05:03 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2010/05/05 15:53:36 | 000,060,928 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[2010/05/05 15:32:22 | 000,012,800 | ---- | C] ( ) -- C:\Windows\System32\killapps.exe

========== Files - Modified Within 30 Days ==========

[2011/11/15 13:11:10 | 000,000,822 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/11/15 13:01:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1119982138-2822077597-1950866782-1001UA.job
[2011/11/15 12:34:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/15 10:00:11 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/11/15 09:00:00 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\SyncBack Music Backup.job
[2011/11/15 08:53:53 | 000,011,424 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/15 08:53:53 | 000,011,424 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/15 08:49:25 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/11/15 00:34:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/14 19:01:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1119982138-2822077597-1950866782-1001Core.job
[2011/11/14 12:08:26 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/11/14 12:07:42 | 000,702,142 | ---- | M] () -- C:\Windows\System32\perfh019.dat
[2011/11/14 12:07:42 | 000,666,210 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2011/11/14 12:07:42 | 000,641,796 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/14 12:07:42 | 000,460,018 | ---- | M] () -- C:\Windows\System32\perfh001.dat
[2011/11/14 12:07:42 | 000,377,912 | ---- | M] () -- C:\Windows\System32\perfh00D.dat
[2011/11/14 12:07:42 | 000,142,960 | ---- | M] () -- C:\Windows\System32\perfc019.dat
[2011/11/14 12:07:42 | 000,121,318 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2011/11/14 12:07:42 | 000,116,078 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/14 12:07:42 | 000,088,674 | ---- | M] () -- C:\Windows\System32\perfc001.dat
[2011/11/14 12:07:42 | 000,078,784 | ---- | M] () -- C:\Windows\System32\perfc00D.dat
[2011/11/14 11:42:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/14 11:42:07 | 2615,611,392 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/14 09:41:45 | 000,055,756 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000004-00001102-00000005-60021102}.rfx
[2011/11/14 09:41:45 | 000,055,756 | ---- | M] () -- C:\Windows\System32\BMXState-{00000004-00000000-00000004-00001102-00000005-60021102}.rfx
[2011/11/14 09:41:45 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000004-00000000-00000004-00001102-00000005-60021102}.rfx
[2011/11/13 11:37:03 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/11 01:59:23 | 000,000,955 | ---- | M] () -- C:\Users\Kieran\Desktop\Portforward Setup Static IP Address.lnk
[2011/11/09 18:31:49 | 003,511,976 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/06 23:25:36 | 000,001,075 | ---- | M] () -- C:\Users\Kieran\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2011/11/01 09:04:06 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/10/30 11:00:19 | 000,000,931 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2011/10/30 09:33:38 | 000,000,931 | ---- | M] () -- C:\Users\Kieran\Desktop\TransMac.lnk
[2011/10/30 02:11:33 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2011/10/30 01:39:01 | 000,001,777 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2011/10/30 01:03:10 | 000,001,735 | ---- | M] () -- C:\Users\Kieran\Desktop\MagicISO.lnk
[2011/10/29 21:18:11 | 000,001,117 | ---- | M] () -- C:\Users\Kieran\Desktop\Recent Downloads.lnk
[2011/10/26 01:22:11 | 000,001,789 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2011/10/25 08:21:02 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2011/10/22 15:16:58 | 000,000,756 | ---- | M] () -- C:\Users\Kieran\Desktop\Hazel.lnk
[2011/10/21 17:53:24 | 000,002,377 | ---- | M] () -- C:\Users\Kieran\Desktop\Sunset.Blvd.1950.480x352.25fps.817kbs.96mps.MultiSub.WunSeeDee.avi - Shortcut.lnk
[2011/10/21 17:42:32 | 000,000,650 | ---- | M] () -- C:\Users\Kieran\Desktop\Movies.lnk
[2011/10/18 09:28:08 | 000,002,503 | ---- | M] () -- C:\Users\Kieran\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

========== Files Created - No Company Name ==========

[2011/11/14 12:08:26 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/11/14 12:07:35 | 000,001,859 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/11/13 11:37:03 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/11 01:59:23 | 000,000,955 | ---- | C] () -- C:\Users\Kieran\Desktop\Portforward Setup Static IP Address.lnk
[2011/11/06 23:25:36 | 000,001,075 | ---- | C] () -- C:\Users\Kieran\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2011/10/30 11:00:19 | 000,000,931 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2011/10/30 09:33:38 | 000,000,931 | ---- | C] () -- C:\Users\Kieran\Desktop\TransMac.lnk
[2011/10/30 02:11:33 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2011/10/30 01:39:01 | 000,001,777 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2011/10/30 01:39:00 | 000,001,789 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2011/10/30 01:03:10 | 000,001,735 | ---- | C] () -- C:\Users\Kieran\Desktop\MagicISO.lnk
[2011/10/29 21:18:11 | 000,001,117 | ---- | C] () -- C:\Users\Kieran\Desktop\Recent Downloads.lnk
[2011/10/26 01:22:11 | 000,001,789 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2011/10/22 15:16:58 | 000,000,756 | ---- | C] () -- C:\Users\Kieran\Desktop\Hazel.lnk
[2011/10/21 17:53:24 | 000,002,377 | ---- | C] () -- C:\Users\Kieran\Desktop\Sunset.Blvd.1950.480x352.25fps.817kbs.96mps.MultiSub.WunSeeDee.avi - Shortcut.lnk
[2011/10/21 17:42:32 | 000,000,650 | ---- | C] () -- C:\Users\Kieran\Desktop\Movies.lnk
[2011/10/18 08:05:13 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/10/18 08:05:11 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/07/26 16:38:35 | 000,231,210 | ---- | C] () -- C:\Windows\hpwins23.dat.temp
[2011/04/19 09:54:03 | 000,000,094 | ---- | C] () -- C:\Users\Kieran\AppData\Local\fusioncache.dat
[2011/03/04 15:01:56 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/03/04 15:01:54 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/02/25 15:29:17 | 002,529,622 | ---- | C] () -- C:\Users\Kieran\AppData\Local\[j0005]-[p02].bmp
[2011/02/25 15:29:14 | 002,529,622 | ---- | C] () -- C:\Users\Kieran\AppData\Local\[j0005]-[p01].bmp
[2011/01/24 23:00:33 | 000,272,392 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/01/24 22:25:06 | 000,061,909 | ---- | C] () -- C:\Users\Kieran\AppData\Roaming\Comma Separated Values (Windows).ADR
[2011/01/13 03:37:13 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/01/13 03:37:12 | 000,810,496 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/01/13 03:37:12 | 000,183,808 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/01/13 03:37:12 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/01/13 03:37:12 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/01/05 01:42:22 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011/01/05 01:42:22 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2011/01/05 01:18:17 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2011/01/04 12:04:28 | 000,000,071 | ---- | C] () -- C:\Windows\Crypkey.ini
[2011/01/04 12:03:37 | 000,019,584 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2011/01/04 12:03:36 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2011/01/04 12:03:36 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2011/01/04 12:03:36 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2010/10/20 13:43:45 | 000,000,010 | ---- | C] () -- C:\Users\Kieran\AppData\Roaming\install
[2010/10/07 13:46:13 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/10/07 13:46:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/10/07 13:46:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/10/07 13:46:13 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/10/07 13:46:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/07/14 02:45:03 | 005,653,224 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2010/05/12 22:16:31 | 000,000,000 | ---- | C] () -- C:\Users\Kieran\AppData\Local\prvlcl.dat
[2010/05/05 16:34:20 | 000,027,039 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2010/05/05 16:34:16 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2010/05/05 15:51:04 | 000,002,560 | ---- | C] () -- C:\Windows\System32\CtxfiRes.dll
[2010/05/05 15:40:40 | 000,321,512 | ---- | C] () -- C:\Windows\System32\ctdlang.dat
[2010/05/05 15:40:40 | 000,056,509 | ---- | C] () -- C:\Windows\System32\ctdnlstr.dat
[2010/05/05 15:35:34 | 000,016,384 | ---- | C] () -- C:\Windows\System32\regplib.exe
[2010/05/05 15:32:26 | 000,007,680 | ---- | C] () -- C:\Windows\System32\enlocstr.exe
[2010/04/28 09:29:35 | 000,023,113 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/04/20 21:08:31 | 000,001,843 | ---- | C] () -- C:\Windows\hpwmdl23.dat.temp
[2010/04/20 17:20:46 | 000,228,882 | ---- | C] () -- C:\Windows\hpwins23.dat
[2010/01/11 03:16:24 | 000,040,960 | ---- | C] () -- C:\Windows\DelPiv.exe
[2010/01/06 02:27:32 | 000,000,028 | ---- | C] () -- C:\Windows\v2d.INI
[2009/12/03 01:19:28 | 000,460,018 | ---- | C] () -- C:\Windows\System32\perfh001.dat
[2009/12/03 01:19:28 | 000,344,522 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2009/12/03 01:19:28 | 000,289,060 | ---- | C] () -- C:\Windows\System32\perfi001.dat
[2009/12/03 01:19:28 | 000,088,674 | ---- | C] () -- C:\Windows\System32\perfc001.dat
[2009/12/03 01:19:28 | 000,042,056 | ---- | C] () -- C:\Windows\System32\perfd001.dat
[2009/12/03 01:19:27 | 000,666,210 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2009/12/03 01:19:27 | 000,121,318 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2009/12/03 01:19:27 | 000,038,160 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
[2009/12/03 01:12:54 | 000,336,704 | ---- | C] () -- C:\Windows\System32\perfi019.dat
[2009/12/03 01:12:53 | 000,702,142 | ---- | C] () -- C:\Windows\System32\perfh019.dat
[2009/12/03 01:12:53 | 000,142,960 | ---- | C] () -- C:\Windows\System32\perfc019.dat
[2009/12/03 01:12:53 | 000,039,446 | ---- | C] () -- C:\Windows\System32\perfd019.dat
[2009/12/03 01:06:35 | 000,229,316 | ---- | C] () -- C:\Windows\System32\perfi00D.dat
[2009/12/03 01:06:34 | 000,377,912 | ---- | C] () -- C:\Windows\System32\perfh00D.dat
[2009/12/03 01:06:34 | 000,078,784 | ---- | C] () -- C:\Windows\System32\perfc00D.dat
[2009/12/03 01:06:34 | 000,032,166 | ---- | C] () -- C:\Windows\System32\perfd00D.dat
[2009/11/25 12:08:37 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI
[2009/11/19 01:28:42 | 000,000,017 | ---- | C] () -- C:\Users\Kieran\AppData\Local\resmon.resmoncfg
[2009/11/06 09:17:18 | 000,002,075 | ---- | C] () -- C:\Windows\hpwmdl23.dat
[2009/10/16 02:32:25 | 000,028,160 | ---- | C] () -- C:\Users\Kieran\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/14 16:49:29 | 000,000,000 | ---- | C] () -- C:\Users\Kieran\AppData\Roaming\wklnhst.dat
[2009/10/11 04:32:18 | 000,021,924 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2009/10/11 03:48:16 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2009/10/11 03:48:16 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/14 04:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:33:53 | 003,511,976 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 02:05:48 | 000,641,796 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 02:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 02:05:48 | 000,116,078 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 02:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 02:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 02:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 23:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 23:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 23:11:12 | 001,659,648 | ---- | C] () -- C:\Windows\System32\nywfvpov.dat
[2009/07/13 23:11:12 | 000,633,600 | ---- | C] () -- C:\Windows\System32\vipixuov.dat
[2009/07/13 23:11:12 | 000,149,248 | ---- | C] () -- C:\Windows\System32\xhgataiq.dat
[2009/07/13 23:11:12 | 000,149,248 | ---- | C] () -- C:\Windows\System32\cqhesjbg.dat
[2009/07/13 23:11:12 | 000,145,152 | ---- | C] () -- C:\Windows\System32\dputlcsx.dat
[2009/07/13 23:11:12 | 000,050,432 | ---- | C] () -- C:\Windows\System32\chjacfud.dat
[2009/07/13 23:11:12 | 000,039,680 | ---- | C] () -- C:\Windows\System32\nrhdxyju.dat
[2009/07/06 11:05:26 | 000,059,791 | ---- | C] () -- C:\Users\Kieran\AppData\Roaming\Artwork.jpg
[2009/06/18 03:34:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/06/03 11:19:42 | 000,002,560 | ---- | C] () -- C:\Windows\CTXFIRES.DLL
[2009/05/26 09:56:08 | 000,000,297 | ---- | C] () -- C:\Windows\System32\kill.ini
[2008/10/07 00:09:13 | 000,066,560 | ---- | C] () -- C:\Windows\MOTA113.exe
[2008/10/07 00:09:12 | 000,502,784 | ---- | C] () -- C:\Windows\x2.64.exe
[2008/10/07 00:09:12 | 000,240,128 | ---- | C] () -- C:\Windows\System32\x.264.exe
[2008/10/07 00:09:12 | 000,217,073 | ---- | C] () -- C:\Windows\meta4.exe
[2008/10/07 00:09:12 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2008/09/14 22:42:28 | 000,001,076 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/09/14 22:17:35 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2008/09/14 21:37:22 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2008/02/29 03:12:36 | 000,000,672 | ---- | C] () -- C:\Windows\mozver.dat
[2008/02/22 17:22:25 | 000,024,206 | ---- | C] () -- C:\Users\Kieran\AppData\Roaming\UserTile.png
[2008/02/21 11:34:49 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/02/16 07:46:49 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2008/02/16 00:00:12 | 000,303,104 | ---- | C] () -- C:\Windows\System32\FontZoom.exe
[2008/02/16 00:00:12 | 000,131,062 | ---- | C] () -- C:\Windows\System32\DellPM.ini
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007/06/21 09:49:24 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/06/23 10:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2005/07/22 20:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2002/09/17 23:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe

========== LOP Check ==========

[2011/02/17 15:34:03 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\.minecraft
[2010/09/07 23:52:35 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\.oit
[2009/12/15 10:22:42 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\.purple
[2010/08/26 11:31:45 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Apowersoft
[2010/02/22 20:15:42 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Audacity
[2011/11/01 18:19:59 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\AVG2012
[2010/10/07 13:32:10 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\AVG9
[2011/11/14 23:25:23 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Azureus
[2010/05/20 16:34:41 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Blitware
[2009/05/26 02:40:12 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\DAEMON Tools
[2009/10/11 04:18:36 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\DAEMON Tools Lite
[2010/07/17 19:02:23 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\dBpoweramp
[2009/10/11 04:18:36 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\eMusic
[2010/08/25 20:32:48 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\GrabPro
[2009/10/11 04:18:37 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\gtk-2.0
[2011/10/30 02:05:40 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\ImgBurn
[2009/12/07 14:37:47 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Intermedia Software
[2011/04/19 09:53:01 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\iPodSoft
[2009/10/11 04:18:37 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Leadertech
[2011/01/29 17:33:42 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\ML
[2011/11/15 08:54:54 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Nokia
[2009/10/11 04:19:02 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\NSeries
[2011/01/27 23:20:29 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Orbit
[2011/10/30 02:11:42 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\PC Suite
[2010/12/14 11:50:59 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\PCDr
[2008/02/22 17:22:25 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\PeerNetworking
[2011/11/12 01:28:42 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\PFStaticIP
[2010/08/25 20:34:47 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\ProgSense
[2009/05/19 20:26:42 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Publish Providers
[2011/04/19 09:54:03 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Purple Ghost Software, Inc
[2011/01/25 10:23:15 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Raptr
[2011/04/19 02:07:26 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\rockbox.org
[2011/01/05 01:41:45 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Samsung
[2011/06/18 14:25:18 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Softplicity
[2010/10/09 02:32:41 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Songbird2
[2009/10/11 04:19:04 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Sony
[2009/02/24 23:02:19 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\TeamViewer
[2011/01/03 11:50:08 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Template
[2009/10/11 04:19:04 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2009/12/03 16:53:56 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2009/10/11 04:19:06 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Wizards of the Coast
[2011/11/01 09:04:06 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/09/01 08:50:21 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/11/15 09:00:00 | 000,000,436 | ---- | M] () -- C:\Windows\Tasks\SyncBack Music Backup.job
[2011/11/15 10:00:11 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >
  • 0

Advertisements

#2
SweetTech
Posted 15 November 2011 - 11:15 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :yes:

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together :)
    Because of this, you must reply within three days     failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Do you recognize these files?

[2011/02/25 15:29:17 | 002,529,622 | ---- | C] () -- C:\Users\Kieran\AppData\Local\[j0005]-[p02].bmp
[2011/02/25 15:29:14 | 002,529,622 | ---- | C] () -- C:\Users\Kieran\AppData\Local\[j0005]-[p01].bmp



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
:Processes
KILLALLPROCESSES
:OTL
DRV - (Avgtdix) -- File not found
DRV - (Avgrkx86) -- File not found
DRV - (AVGIDSShim) -- File not found
DRV - (AVGIDSFilter) -- File not found
DRV - (AVGIDSEH) -- File not found
DRV - (AVGIDSDriver) -- File not found
[2010/11/02 15:22:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/11/30 14:23:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/24 11:42:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/25 16:05:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/23 14:04:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1036 Safari/532.5" -"http://www.atom.co.jp/classic/UNSOUND/Actual/Sound/PopOffice/Artists/ZRockHawaii/Backstage/Zinter.html" File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
[2009/07/13 23:11:12 | 001,659,648 | ---- | C] () -- C:\Windows\System32\nywfvpov.dat
[2009/07/13 23:11:12 | 000,633,600 | ---- | C] () -- C:\Windows\System32\vipixuov.dat
[2009/07/13 23:11:12 | 000,149,248 | ---- | C] () -- C:\Windows\System32\xhgataiq.dat
[2009/07/13 23:11:12 | 000,149,248 | ---- | C] () -- C:\Windows\System32\cqhesjbg.dat
[2009/07/13 23:11:12 | 000,145,152 | ---- | C] () -- C:\Windows\System32\dputlcsx.dat
[2009/07/13 23:11:12 | 000,050,432 | ---- | C] () -- C:\Windows\System32\chjacfud.dat
[2009/07/13 23:11:12 | 000,039,680 | ---- | C] () -- C:\Windows\System32\nrhdxyju.dat
[2011/11/01 18:19:59 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\AVG2012
[2010/10/07 13:32:10 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\AVG9
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4

:Reg

:Files
echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



SystemLook
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :dir
C:\Users\Kieran\AppData\Local\{91EC8B17-9707-4024-9663-FBE3CEF86113} /s
C:\Users\Kieran\AppData\Local\{9FA0390E-0D72-42CB-911D-418A4F339B8E} /s
C:\Users\Kieran\AppData\Local\{F93F111E-39E4-42F2-B450-B7BD89E34D3D} /s
C:\Users\Kieran\AppData\Local\{09509684-0CAE-4054-B29C-405C69B69286} /s
C:\Users\Kieran\AppData\Local\{50DE5B47-3163-433B-B3A8-81584D2C1705} /s
C:\Users\Kieran\AppData\Local\{FA995BBF-26E5-409F-ADD6-BB1D4E979585} /s
C:\Users\Kieran\AppData\Local\{24915404-A806-4111-BBCE-1AB528CE7B3E} /s
C:\Users\Kieran\AppData\Local\{19A7084C-9393-4F4B-8439-0B6C51AAEE4B} /s
C:\Users\Kieran\AppData\Local\{DB615542-A20A-41DD-A6BC-31754765C19B} /s
C:\Users\Kieran\AppData\Local\{C434913A-A1CC-4902-A8A1-C40654A00031} /s
C:\Users\Kieran\AppData\Local\{F6274A0C-5DE3-4CF5-A437-9130502E445E} /s
C:\Users\Kieran\AppData\Local\{AFEF832D-D07A-4E49-BC22-D3C0F99624B0} /s
C:\Users\Kieran\AppData\Local\{3E03C469-8778-4189-BCF8-C39E958A0C95} /s
C:\Users\Kieran\AppData\Local\{F329998B-9B26-4B92-9C62-CD01626BB30C} /s
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


NEXT:



Scanning with GMER

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.


Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.

Notes:
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning.



NEXT:



What issues are you currently experiencing with your computer right now?
  • 0

#3
kdokeeffe
Posted 16 November 2011 - 03:54 AM

kdokeeffe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Hi Sweettech, thanks for your help :-)


>> Do you recognize these files?

>> [2011/02/25 15:29:17 | 002,529,622 | ---- | C] () -- C:\Users\Kieran\AppData\Local\[j0005]-[p02].bmp
>> [2011/02/25 15:29:14 | 002,529,622 | ---- | C] () -- C:\Users\Kieran\AppData\Local\[j0005]-[p01].bmp

yes, they are old, I can do without them if they are causing trouble.


All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
Error: No service named Avgtdix was found to stop!
Service\Driver key Avgtdix not found.
File File not found not found.
Error: No service named Avgrkx86 was found to stop!
Service\Driver key Avgrkx86 not found.
File File not found not found.
Error: No service named AVGIDSShim was found to stop!
Service\Driver key AVGIDSShim not found.
File File not found not found.
Error: No service named AVGIDSFilter was found to stop!
Service\Driver key AVGIDSFilter not found.
File File not found not found.
Error: No service named AVGIDSEH was found to stop!
Service\Driver key AVGIDSEH not found.
File File not found not found.
Error: No service named AVGIDSDriver was found to stop!
Service\Driver key AVGIDSDriver not found.
File File not found not found.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Shockwave Updater deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
C:\Windows\System32\nywfvpov.dat moved successfully.
C:\Windows\System32\vipixuov.dat moved successfully.
C:\Windows\System32\xhgataiq.dat moved successfully.
C:\Windows\System32\cqhesjbg.dat moved successfully.
C:\Windows\System32\dputlcsx.dat moved successfully.
C:\Windows\System32\chjacfud.dat moved successfully.
C:\Windows\System32\nrhdxyju.dat moved successfully.
C:\Users\Kieran\AppData\Roaming\AVG2012\cfgall folder moved successfully.
C:\Users\Kieran\AppData\Roaming\AVG2012 folder moved successfully.
C:\Users\Kieran\AppData\Roaming\AVG9\cfgall folder moved successfully.
C:\Users\Kieran\AppData\Roaming\AVG9 folder moved successfully.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
========== REGISTRY ==========
========== FILES ==========
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?
C:\Users\Kieran\Desktop\cmd.bat deleted successfully.
C:\Users\Kieran\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Kieran\Desktop\cmd.bat deleted successfully.
C:\Users\Kieran\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: IUSR_NMPR
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kieran
->Temp folder emptied: 59359407 bytes
->Temporary Internet Files folder emptied: 491521461 bytes
->Java cache emptied: 40637 bytes
->FireFox cache emptied: 103794905 bytes
->Google Chrome cache emptied: 230702025 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 138505 bytes

User: Newadmin
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 136991909 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 975.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: IUSR_NMPR

User: Kieran
->Flash cache emptied: 0 bytes

User: Newadmin

User: Public

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 11162011_002003

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


SystemLook 30.07.11 by jpshortstuff
Log created at 00:28 on 16/11/2011 by Kieran
Administrator - Elevation successful

========== dir ==========

C:\Users\Kieran\AppData\Local\{91EC8B17-9707-4024-9663-FBE3CEF86113} - Parameters: "/s"

---Files---
None found.

No folders found.

C:\Users\Kieran\AppData\Local\{9FA0390E-0D72-42CB-911D-418A4F339B8E} - Parameters: "/s"

---Files---
None found.

No folders found.

C:\Users\Kieran\AppData\Local\{F93F111E-39E4-42F2-B450-B7BD89E34D3D} - Parameters: "/s"

---Files---
None found.

No folders found.

C:\Users\Kieran\AppData\Local\{09509684-0CAE-4054-B29C-405C69B69286} - Parameters: "/s"

---Files---
None found.

No folders found.

C:\Users\Kieran\AppData\Local\{50DE5B47-3163-433B-B3A8-81584D2C1705} - Parameters: "/s"

---Files---
None found.

No folders found.

C:\Users\Kieran\AppData\Local\{FA995BBF-26E5-409F-ADD6-BB1D4E979585} - Parameters: "/s"

---Files---
None found.

No folders found.

C:\Users\Kieran\AppData\Local\{24915404-A806-4111-BBCE-1AB528CE7B3E} - Parameters: "/s"

---Files---
None found.

No folders found.

C:\Users\Kieran\AppData\Local\{19A7084C-9393-4F4B-8439-0B6C51AAEE4B} - Parameters: "/s"

---Files---
None found.

No folders found.

C:\Users\Kieran\AppData\Local\{DB615542-A20A-41DD-A6BC-31754765C19B} - Parameters: "/s"

---Files---
None found.

No folders found.

C:\Users\Kieran\AppData\Local\{C434913A-A1CC-4902-A8A1-C40654A00031} - Parameters: "/s"

---Files---
None found.

No folders found.

C:\Users\Kieran\AppData\Local\{F6274A0C-5DE3-4CF5-A437-9130502E445E} - Parameters: "/s"

---Files---
None found.

No folders found.

C:\Users\Kieran\AppData\Local\{AFEF832D-D07A-4E49-BC22-D3C0F99624B0} - Parameters: "/s"

---Files---
None found.

No folders found.

C:\Users\Kieran\AppData\Local\{3E03C469-8778-4189-BCF8-C39E958A0C95} - Parameters: "/s"

---Files---
None found.

No folders found.

C:\Users\Kieran\AppData\Local\{F329998B-9B26-4B92-9C62-CD01626BB30C} - Parameters: "/s"

---Files---
None found.

No folders found.

-= EOF =-


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-16 07:12:49
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2 WDC_WD25 rev.12.0
Running: gmer.exe; Driver: C:\Users\Kieran\AppData\Local\Temp\pwldapod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 83093349 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830CCD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc0fe5e4
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc0fe5e4@d48890298ecf 0x6F 0x5B 0xA6 0xC0 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc0fe5e4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc0fe5e4@d48890298ecf 0x6F 0x5B 0xA6 0xC0 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C6B56403F35B1A94E9AB3A1F78DA05E2\Usage@SoleFeature 1064335669
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{86ED9FC0-3A25-62BA-BA82-DC30FE45E874}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{86ED9FC0-3A25-62BA-BA82-DC30FE45E874}@oalapiaflmfpiplllgdigmkjndkiak 0x6B 0x61 0x6B 0x69 ...

---- EOF - GMER 1.0.15 ----

>> What issues are you currently experiencing with your computer right now?

the main issue is the suspected hijack of my broadband modem. I don't know if it's related to the infections on this PC.

let me know the next steps to take. thanks!
  • 0

#4
SweetTech
Posted 16 November 2011 - 10:58 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi kdokeeffe!

No problem!

yes, they are old, I can do without them if they are causing trouble.

I don't see an issue with them right now, but malware has been known to create weird filenames like that, so I just wanted to make sure you put them there and didn't get put there by malware.

In your first post you said that you reset your modem, did you mean to say modem or did you mean router?

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#5
kdokeeffe
Posted 16 November 2011 - 11:37 AM

kdokeeffe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

In your first post you said that you reset your modem, did you mean to say modem or did you mean router?


hi, it's a combined broadband modem and wireless router so I guess both are half right :-)

here's the log, nothing was found:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8176

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

16/11/2011 17:19:53
mbam-log-2011-11-16 (17-19-53).txt

Scan type: Quick scan
Objects scanned: 217866
Time elapsed: 6 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#6
SweetTech
Posted 16 November 2011 - 11:50 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts

hi, it's a combined broadband modem and wireless router so I guess both are half right :-)

Would you be able to provide me with the make, model/model number for your modem/wireless router?

Also, please run these scans:


ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.


  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:


Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

  • 0

#7
kdokeeffe
Posted 17 November 2011 - 04:30 AM

kdokeeffe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

hi, it's a combined broadband modem and wireless router so I guess both are half right :-)

Would you be able to provide me with the make, model/model number for your modem/wireless router?

It's a Zyxel zyxel p-660hw-t1 v3.

here's what ESET found:

C:\Users\Kieran\Downloads\cnet_ISOBuddy1113_exe.exe a variant of Win32/InstallCore.D application
C:\Users\Kieran\Downloads\cnet_Setup_MagicISO_exe.exe a variant of Win32/InstallCore.D application
C:\Users\Kieran\Music\RokyErickson-Interview-4_1_78.mp3 HTML/Iframe.B.Gen virus
C:\Users\Kieran\Music\TheRedCrayola-TransparentRadiation.mp3 HTML/Iframe.B.Gen virus
C:\Users\Kieran\Software - Installable\Windows\registrybooster.exe a variant of Win32/RegistryBooster application

Security Check:


Results of screen317's Security Check version 0.99.27
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
McAfee Virtual Technician
Microsoft Security Essentials
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java™ 6 Update 29
Java™ SE Runtime Environment 6
Adobe Flash Player ( 10.2.159.1) Flash Player Out of Date!
Mozilla Firefox (5.0.) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
``````````End of Log````````````
  • 0

#8
SweetTech
Posted 17 November 2011 - 10:35 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Okay. Thanks for that information.

These threat(s) below will be removed very shortly:

C:\Users\Kieran\Downloads\cnet_ISOBuddy1113_exe.exe a variant of Win32/InstallCore.D application
C:\Users\Kieran\Downloads\cnet_Setup_MagicISO_exe.exe a variant of Win32/InstallCore.D application
C:\Users\Kieran\Music\RokyErickson-Interview-4_1_78.mp3 HTML/Iframe.B.Gen virus
C:\Users\Kieran\Music\TheRedCrayola-TransparentRadiation.mp3 HTML/Iframe.B.Gen virus
C:\Users\Kieran\Software - Installable\Windows\registrybooster.exe a variant of Win32/RegistryBooster application


____________________________________________________

From the looks of your SecurityCheck log, I can see that we have some outdated programs that need to be updated.

Lets address those programs that need updating now!

Your SecurityCheck log indicates that your version of Flash Player is outdated. This is a vulnerability that needs to be addressed. Please remove the outdated version of Flash Player and then install the latest version.

Java Outdated

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform:
    • 32-bit Select: Windows x86 Offline.
    • 64-bit Select: Windows x64.
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
:OTL

:Reg

:Files
C:\Users\Kieran\Downloads\cnet_ISOBuddy1113_exe.exe
C:\Users\Kieran\Downloads\cnet_Setup_MagicISO_exe.exe
C:\Users\Kieran\Music\RokyErickson-Interview-4_1_78.mp3
C:\Users\Kieran\Music\TheRedCrayola-TransparentRadiation.mp3
C:\Users\Kieran\Software - Installable\Windows\registrybooster.exe
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.


    netsvcs
    drivers32
    hklm\software\clients\startmenuinternet|command /rs
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



What outstanding issues (if any) are you still experiencing with your computer?
  • 0

#9
kdokeeffe
Posted 18 November 2011 - 07:00 AM

kdokeeffe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Hi SweetTech

okay, updates applied, and here are the latest OTL logs:


All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
C:\Users\Kieran\Downloads\cnet_ISOBuddy1113_exe.exe moved successfully.
C:\Users\Kieran\Downloads\cnet_Setup_MagicISO_exe.exe moved successfully.
C:\Users\Kieran\Music\RokyErickson-Interview-4_1_78.mp3 moved successfully.
C:\Users\Kieran\Music\TheRedCrayola-TransparentRadiation.mp3 moved successfully.
C:\Users\Kieran\Software - Installable\Windows\registrybooster.exe moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Kieran\Desktop\cmd.bat deleted successfully.
C:\Users\Kieran\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: IUSR_NMPR
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kieran
->Temp folder emptied: 2199736 bytes
->Temporary Internet Files folder emptied: 6672327 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 57235423 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1087 bytes

User: Newadmin
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 163580 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 63.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: IUSR_NMPR

User: Kieran
->Flash cache emptied: 0 bytes

User: Newadmin

User: Public

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 11182011_124827

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

OTL logfile created on: 18/11/2011 12:52:24 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kieran\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 57.56% Memory free
6.49 Gb Paging File | 5.02 Gb Available in Paging File | 77.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 217.78 Gb Total Space | 15.40 Gb Free Space | 7.07% Space Free | Partition Type: NTFS
Drive D: | 232.83 Gb Total Space | 3.29 Gb Free Space | 1.41% Space Free | Partition Type: NTFS
Drive E: | 15.00 Gb Total Space | 10.60 Gb Free Space | 70.67% Space Free | Partition Type: NTFS
Drive Q: | 991.22 Mb Total Space | 964.39 Mb Free Space | 97.29% Space Free | Partition Type: FAT
Drive Y: | 465.76 Gb Total Space | 0.23 Gb Free Space | 0.05% Space Free | Partition Type: NTFS
Drive Z: | 465.76 Gb Total Space | 52.06 Gb Free Space | 11.18% Space Free | Partition Type: NTFS

Computer Name: DELLPC | User Name: Kieran | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Kieran\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\POWERISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mindjet\MindManager 9\MmReminderService.exe (Mindjet)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe (Macrovision )
PRC - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
PRC - C:\Windows\System32\CTxfispi.exe (Creative Technology Ltd)
PRC - C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
PRC - C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files\Ikanos Consulting\SideTunes\itunessideshowgadget.exe ()
PRC - C:\Windows\System32\Crypserv.exe (CrypKey (Canada) Ltd.)
PRC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe (Seagate Technology LLC)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe ()
PRC - C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe (Acronis)
PRC - C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
PRC - C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
PRC - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
PRC - C:\Windows\System32\ico.exe (Primax Electronics Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Users\Kieran\AppData\Local\Google\Chrome\Application\15.0.874.120\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Kieran\AppData\Local\Google\Chrome\Application\15.0.874.120\pdf.dll ()
MOD - C:\Users\Kieran\AppData\Local\Google\Chrome\Application\15.0.874.120\avutil-51.dll ()
MOD - C:\Users\Kieran\AppData\Local\Google\Chrome\Application\15.0.874.120\avformat-53.dll ()
MOD - C:\Users\Kieran\AppData\Local\Google\Chrome\Application\15.0.874.120\avcodec-53.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\66a5094e521e34aecd51e4bae30ac266\System.Configuration.Install.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Program Files\Google\Quick Search Box\bin\1.2.1151.245\rlz.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files\Mindjet\MindManager 9\zlib.dll ()
MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.SideShow\1.0.2.0__31bf3856ad364e35\Microsoft.SideShow.dll ()
MOD - C:\Windows\CTXFIRES.DLL ()
MOD - C:\Windows\System32\APOMngr.DLL ()
MOD - C:\Windows\System32\CmdRtr.DLL ()
MOD - C:\Program Files\Ikanos Consulting\SideTunes\itunessideshowgadget.exe ()
MOD - C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe ()
MOD - C:\Program Files\TotalAudioConverter\axTotalConverter.dll ()


========== Win32 Services (SafeList) ==========

SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- File not found
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- File not found
SRV - (Belkin High-Speed Mode Wireless G USB Network Adapter Service) -- File not found
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (InstallShield Licensing Service) -- C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe (Macrovision )
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (Crypkey License) -- C:\Windows\System32\Crypserv.exe (CrypKey (Canada) Ltd.)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (Basics Service) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe (Seagate Technology LLC)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe (Acronis)
SRV - (AlertService) Intel® -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel® Corporation)
SRV - (QualityManager) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe (Intel® Corporation)
SRV - (Remote UI Service) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel® Corporation)
SRV - (MCLServiceATL) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel® Corporation)
SRV - (DHTRACE) Intel® -- C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe (Intel® Corporation)
SRV - (ISSM) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe (Intel® Corporation)
SRV - (NMSCore) Intel® -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe (Intel® Corporation)
SRV - (M1 Server) Intel® Viiv™ -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (DQLWinService) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()


========== Driver Services (SafeList) ==========

DRV - (MpKsl1293ee33) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DF9FD085-E231-4872-A93B-574CC331F915}\MpKsl1293ee33.sys (Microsoft Corporation)
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation )
DRV - (appliandMP) -- C:\Windows\System32\drivers\appliand.sys (Applian Technologies Inc.)
DRV - (appliand) -- C:\Windows\System32\drivers\appliand.sys (Applian Technologies Inc.)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (ha20x2k) -- C:\Windows\System32\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\Windows\System32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\Windows\System32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\Windows\System32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\Windows\System32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\System32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\Windows\System32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (CTEXFIFX.SYS) -- C:\Windows\System32\drivers\CTEXFIFX.SYS (Creative Technology Ltd.)
DRV - (CTEXFIFX) -- C:\Windows\System32\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV - (CTHWIUT.SYS) -- C:\Windows\System32\drivers\CTHWIUT.SYS (Creative Technology Ltd.)
DRV - (CTHWIUT) -- C:\Windows\System32\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV - (CT20XUT.SYS) -- C:\Windows\System32\drivers\CT20XUT.SYS (Creative Technology Ltd.)
DRV - (CT20XUT) -- C:\Windows\System32\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV - (ssm_mdm) -- C:\Windows\System32\drivers\ssm_mdm.sys (MCCI Corporation)
DRV - (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) -- C:\Windows\System32\drivers\ssm_bus.sys (MCCI Corporation)
DRV - (ssm_mdfl) -- C:\Windows\System32\drivers\ssm_mdfl.sys (MCCI Corporation)
DRV - (USB_RNDIS) -- C:\Windows\System32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6232.sys (Intel Corporation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (NetworkX) -- C:\Windows\system32\ckldrv.sys ()
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (TSHWMDTCP) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys ()
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (pmxmouse) -- C:\Windows\System32\drivers\pmxmouse.sys (Primax Electronics Ltd.)
DRV - (pmxusblf) -- C:\Windows\System32\drivers\pmxusblf.sys (Primax Electronics Ltd.)
DRV - (nmsunidr) -- C:\Windows\System32\drivers\nmsunidr.sys (Gteko Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll File not found
FF - HKLM\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKCU\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kieran\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kieran\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2011/11/10 22:02:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2011/11/10 22:02:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/28 09:30:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2011/07/26 16:58:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/07/27 01:16:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/25 08:21:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 22:02:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/10 22:02:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/28 09:30:00 | 000,000,000 | ---D | M]

[2009/10/30 15:22:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kieran\AppData\Roaming\Mozilla\Extensions
[2009/10/30 15:22:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kieran\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2011/10/26 01:21:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kieran\AppData\Roaming\Mozilla\Firefox\Profiles\pqgl9gps.default\extensions
[2011/10/26 01:21:40 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Kieran\AppData\Roaming\Mozilla\Firefox\Profiles\pqgl9gps.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/11/17 20:37:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/17 20:37:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
[2009/10/19 23:52:13 | 000,000,000 | ---D | M] (eMusic - Apple iTunes Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_ITUNES@EMUSIC.COM
[2009/10/19 23:52:13 | 000,000,000 | ---D | M] (eMusic - Nullsoft Winamp Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WINAMP@EMUSIC.COM
[2009/10/19 23:52:13 | 000,000,000 | ---D | M] (eMusic - Microsoft Media Player Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WMP@EMUSIC.COM
[2011/07/19 00:36:52 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/17 20:37:16 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/04/25 12:41:55 | 000,024,576 | ---- | M] (Avantstar, Inc.) -- C:\Program Files\mozilla firefox\plugins\NPQ00032.DLL
[2010/07/12 16:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2006/03/22 02:27:56 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2010/07/20 10:00:00 | 000,086,016 | ---- | M] (Avantstar, Inc.) -- C:\Program Files\mozilla firefox\plugins\QVPLUG32.DLL
[2010/01/01 08:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kieran\AppData\Local\Google\Chrome\Application\15.0.874.120\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Kieran\AppData\Local\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kieran\AppData\Local\Google\Chrome\Application\15.0.874.120\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Quick View Plus for Windows XP and Windows 2000 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPQ00032.DLL
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: eMusic Remote Plugin (Enabled) = C:\Program Files\eMusic Download Manager\plugin\npemusic.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: RubbishBooks = C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\gklfihmmokekepifllhpdlkobiplpklj\2.3_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

O1 HOSTS File: ([2011/11/18 12:48:30 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel® Corporation)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DVD or CD Sharing] C:\Program Files\DVD or CD Sharing\ODSAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 9\MmReminderService.exe (Mindjet)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
O4 - HKLM..\Run: [PMX Daemon] C:\Windows\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [googletalk] C:\Users\Kieran\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E4B2DE6-0546-49F3-8113-23325632B8A5}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE08E2C0-E98D-4D6C-8122-8DDD076F2572}: NameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {0cab0400-7395-11d0-a5e5-0020afe2fdd9} - C:\Windows\qvphook.dll (Avantstar, Inc.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/29 08:57:26 | 000,000,032 | ---- | M] () - Y:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2005/09/29 08:57:26 | 000,000,032 | ---- | M] () - Z:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.divxa32 - C:\Windows\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

========== Files/Folders - Created Within 30 Days ==========

[2011/11/18 12:50:59 | 000,000,000 | ---D | C] -- C:\Users\Kieran\Desktop\gtg
[2011/11/17 20:38:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/11/16 18:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/11/16 18:34:18 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Kieran\Desktop\esetsmartinstaller_enu.exe
[2011/11/16 00:20:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/15 13:17:07 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Kieran\Desktop\OTL.exe
[2011/11/14 12:07:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/11/13 11:48:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/11/13 11:37:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/13 11:36:59 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/11 02:02:41 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Roaming\PFStaticIP
[2011/11/11 01:59:51 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Local\APN
[2011/11/11 01:59:22 | 000,000,000 | ---D | C] -- C:\Program Files\PFStaticIP
[2011/11/10 22:02:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/11/10 22:01:55 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/11/08 22:00:32 | 000,000,000 | ---D | C] -- C:\Users\Kieran\Desktop\Tz
[2011/11/06 23:26:01 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Roaming\GRETECH
[2011/11/06 23:25:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
[2011/11/06 23:25:23 | 000,000,000 | ---D | C] -- C:\Program Files\GRETECH
[2011/11/01 21:32:40 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Local\{91EC8B17-9707-4024-9663-FBE3CEF86113}
[2011/11/01 21:32:29 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Local\{9FA0390E-0D72-42CB-911D-418A4F339B8E}
[2011/11/01 20:35:30 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Local\{F93F111E-39E4-42F2-B450-B7BD89E34D3D}
[2011/11/01 20:35:19 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Local\{09509684-0CAE-4054-B29C-405C69B69286}
[2011/11/01 19:48:08 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Local\{50DE5B47-3163-433B-B3A8-81584D2C1705}
[2011/11/01 19:47:53 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Local\{FA995BBF-26E5-409F-ADD6-BB1D4E979585}
[2011/11/01 18:19:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/10/30 11:00:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2011/10/30 11:00:18 | 000,000,000 | ---D | C] -- C:\Program Files\POWERISO
[2011/10/30 09:33:37 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TransMac
[2011/10/30 09:33:37 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Local\TransMac
[2011/10/30 09:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\TransMac
[2011/10/30 09:33:01 | 000,000,000 | ---D | C] -- C:\Program Files\Pixbyte
[2011/10/30 09:20:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD or CD Sharing
[2011/10/30 09:20:33 | 000,000,000 | ---D | C] -- C:\Program Files\DVD or CD Sharing
[2011/10/30 02:14:48 | 000,000,000 | ---D | C] -- C:\Users\Kieran\Desktop\from nokia mem card
[2011/10/30 02:05:40 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Roaming\ImgBurn
[2011/10/30 01:39:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2011/10/30 01:38:56 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2011/10/30 01:03:10 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicISO
[2011/10/30 01:03:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
[2011/10/30 01:03:05 | 000,000,000 | ---D | C] -- C:\Program Files\MagicISO
[2011/10/26 01:25:58 | 000,000,000 | ---D | C] -- C:\Users\Kieran\.swt
[2011/10/22 15:31:30 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Local\{24915404-A806-4111-BBCE-1AB528CE7B3E}
[2011/10/22 15:31:19 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Local\{19A7084C-9393-4F4B-8439-0B6C51AAEE4B}
[2011/10/21 17:39:50 | 000,000,000 | ---D | C] -- C:\Users\Kieran\Desktop\Music
[2011/10/20 14:46:50 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Local\{DB615542-A20A-41DD-A6BC-31754765C19B}
[2011/10/20 14:46:38 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Local\{C434913A-A1CC-4902-A8A1-C40654A00031}
[2011/10/20 12:46:30 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Local\{F6274A0C-5DE3-4CF5-A437-9130502E445E}
[2011/10/20 12:44:38 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Local\{AFEF832D-D07A-4E49-BC22-D3C0F99624B0}
[2011/10/20 12:44:27 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Local\{3E03C469-8778-4189-BCF8-C39E958A0C95}
[2011/10/20 12:34:56 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Local\{F329998B-9B26-4B92-9C62-CD01626BB30C}
[2010/05/05 15:53:36 | 000,060,928 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[2010/05/05 15:32:22 | 000,012,800 | ---- | C] ( ) -- C:\Windows\System32\killapps.exe

========== Files - Modified Within 30 Days ==========

[2011/11/18 12:57:16 | 000,011,424 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/18 12:57:16 | 000,011,424 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/18 12:50:02 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/18 12:49:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/18 12:49:34 | 2615,611,392 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/18 12:49:01 | 000,055,756 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000004-00001102-00000005-60021102}.rfx
[2011/11/18 12:49:01 | 000,055,756 | ---- | M] () -- C:\Windows\System32\BMXState-{00000004-00000000-00000004-00001102-00000005-60021102}.rfx
[2011/11/18 12:49:01 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000004-00000000-00000004-00001102-00000005-60021102}.rfx
[2011/11/18 12:49:00 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/11/18 12:48:30 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/11/18 00:01:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1119982138-2822077597-1950866782-1001UA.job
[2011/11/17 23:34:03 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/17 19:01:04 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1119982138-2822077597-1950866782-1001Core.job
[2011/11/17 09:29:28 | 000,879,641 | ---- | M] () -- C:\Users\Kieran\Desktop\SecurityCheck.exe
[2011/11/17 09:00:00 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\SyncBack Music Backup.job
[2011/11/16 18:34:51 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Kieran\Desktop\esetsmartinstaller_enu.exe
[2011/11/16 00:04:38 | 000,139,264 | ---- | M] () -- C:\Users\Kieran\Desktop\SystemLook.exe
[2011/11/15 13:17:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kieran\Desktop\OTL.exe
[2011/11/14 12:08:26 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/11/14 12:07:42 | 000,702,142 | ---- | M] () -- C:\Windows\System32\perfh019.dat
[2011/11/14 12:07:42 | 000,666,210 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2011/11/14 12:07:42 | 000,641,796 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/14 12:07:42 | 000,460,018 | ---- | M] () -- C:\Windows\System32\perfh001.dat
[2011/11/14 12:07:42 | 000,377,912 | ---- | M] () -- C:\Windows\System32\perfh00D.dat
[2011/11/14 12:07:42 | 000,142,960 | ---- | M] () -- C:\Windows\System32\perfc019.dat
[2011/11/14 12:07:42 | 000,121,318 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2011/11/14 12:07:42 | 000,116,078 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/14 12:07:42 | 000,088,674 | ---- | M] () -- C:\Windows\System32\perfc001.dat
[2011/11/14 12:07:42 | 000,078,784 | ---- | M] () -- C:\Windows\System32\perfc00D.dat
[2011/11/13 11:37:03 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/11 01:59:23 | 000,000,955 | ---- | M] () -- C:\Users\Kieran\Desktop\Portforward Setup Static IP Address.lnk
[2011/11/09 18:31:49 | 003,511,976 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/06 23:25:36 | 000,001,075 | ---- | M] () -- C:\Users\Kieran\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2011/11/01 09:04:06 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/10/30 11:00:19 | 000,000,931 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2011/10/30 09:33:38 | 000,000,931 | ---- | M] () -- C:\Users\Kieran\Desktop\TransMac.lnk
[2011/10/30 02:11:33 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2011/10/30 01:39:01 | 000,001,777 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2011/10/30 01:03:10 | 000,001,735 | ---- | M] () -- C:\Users\Kieran\Desktop\MagicISO.lnk
[2011/10/29 21:18:11 | 000,001,117 | ---- | M] () -- C:\Users\Kieran\Desktop\Recent Downloads.lnk
[2011/10/26 01:22:11 | 000,001,789 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2011/10/25 08:21:02 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2011/10/22 15:16:58 | 000,000,756 | ---- | M] () -- C:\Users\Kieran\Desktop\Hazel.lnk
[2011/10/21 17:53:24 | 000,002,377 | ---- | M] () -- C:\Users\Kieran\Desktop\Sunset.Blvd.1950.480x352.25fps.817kbs.96mps.MultiSub.WunSeeDee.avi - Shortcut.lnk
[2011/10/21 17:42:32 | 000,000,650 | ---- | M] () -- C:\Users\Kieran\Desktop\Movies.lnk

========== Files Created - No Company Name ==========

[2011/11/17 09:29:22 | 000,879,641 | ---- | C] () -- C:\Users\Kieran\Desktop\SecurityCheck.exe
[2011/11/16 00:29:24 | 000,302,592 | ---- | C] () -- C:\Users\Kieran\Desktop\gmer.exe
[2011/11/16 00:27:14 | 000,139,264 | ---- | C] () -- C:\Users\Kieran\Desktop\SystemLook.exe
[2011/11/14 12:08:26 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/11/14 12:07:35 | 000,001,859 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/11/13 11:37:03 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/11 01:59:23 | 000,000,955 | ---- | C] () -- C:\Users\Kieran\Desktop\Portforward Setup Static IP Address.lnk
[2011/11/06 23:25:36 | 000,001,075 | ---- | C] () -- C:\Users\Kieran\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2011/10/30 11:00:19 | 000,000,931 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2011/10/30 09:33:38 | 000,000,931 | ---- | C] () -- C:\Users\Kieran\Desktop\TransMac.lnk
[2011/10/30 02:11:33 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2011/10/30 01:39:01 | 000,001,777 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2011/10/30 01:39:00 | 000,001,789 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2011/10/30 01:03:10 | 000,001,735 | ---- | C] () -- C:\Users\Kieran\Desktop\MagicISO.lnk
[2011/10/29 21:18:11 | 000,001,117 | ---- | C] () -- C:\Users\Kieran\Desktop\Recent Downloads.lnk
[2011/10/26 01:22:11 | 000,001,789 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2011/10/22 15:16:58 | 000,000,756 | ---- | C] () -- C:\Users\Kieran\Desktop\Hazel.lnk
[2011/10/21 17:53:24 | 000,002,377 | ---- | C] () -- C:\Users\Kieran\Desktop\Sunset.Blvd.1950.480x352.25fps.817kbs.96mps.MultiSub.WunSeeDee.avi - Shortcut.lnk
[2011/10/21 17:42:32 | 000,000,650 | ---- | C] () -- C:\Users\Kieran\Desktop\Movies.lnk
[2011/07/26 16:38:35 | 000,231,210 | ---- | C] () -- C:\Windows\hpwins23.dat.temp
[2011/04/19 09:54:03 | 000,000,094 | ---- | C] () -- C:\Users\Kieran\AppData\Local\fusioncache.dat
[2011/03/04 15:01:56 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/03/04 15:01:54 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/02/25 15:29:17 | 002,529,622 | ---- | C] () -- C:\Users\Kieran\AppData\Local\[j0005]-[p02].bmp
[2011/02/25 15:29:14 | 002,529,622 | ---- | C] () -- C:\Users\Kieran\AppData\Local\[j0005]-[p01].bmp
[2011/01/24 23:00:33 | 000,272,392 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/01/24 22:25:06 | 000,061,909 | ---- | C] () -- C:\Users\Kieran\AppData\Roaming\Comma Separated Values (Windows).ADR
[2011/01/13 03:37:13 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/01/13 03:37:12 | 000,810,496 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/01/13 03:37:12 | 000,183,808 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/01/13 03:37:12 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/01/13 03:37:12 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/01/05 01:42:22 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011/01/05 01:42:22 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2011/01/05 01:18:17 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2011/01/04 12:04:28 | 000,000,071 | ---- | C] () -- C:\Windows\Crypkey.ini
[2011/01/04 12:03:37 | 000,019,584 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2011/01/04 12:03:36 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2011/01/04 12:03:36 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2011/01/04 12:03:36 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2010/10/20 13:43:45 | 000,000,010 | ---- | C] () -- C:\Users\Kieran\AppData\Roaming\install
[2010/10/07 13:46:13 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/10/07 13:46:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/10/07 13:46:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/10/07 13:46:13 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/10/07 13:46:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/07/14 02:45:03 | 005,653,224 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2010/05/12 22:16:31 | 000,000,000 | ---- | C] () -- C:\Users\Kieran\AppData\Local\prvlcl.dat
[2010/05/05 16:34:20 | 000,027,039 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2010/05/05 16:34:16 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2010/05/05 15:51:04 | 000,002,560 | ---- | C] () -- C:\Windows\System32\CtxfiRes.dll
[2010/05/05 15:40:40 | 000,321,512 | ---- | C] () -- C:\Windows\System32\ctdlang.dat
[2010/05/05 15:40:40 | 000,056,509 | ---- | C] () -- C:\Windows\System32\ctdnlstr.dat
[2010/05/05 15:35:34 | 000,016,384 | ---- | C] () -- C:\Windows\System32\regplib.exe
[2010/05/05 15:32:26 | 000,007,680 | ---- | C] () -- C:\Windows\System32\enlocstr.exe
[2010/04/28 09:29:35 | 000,023,113 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/04/20 21:08:31 | 000,001,843 | ---- | C] () -- C:\Windows\hpwmdl23.dat.temp
[2010/04/20 17:20:46 | 000,228,882 | ---- | C] () -- C:\Windows\hpwins23.dat
[2010/01/11 03:16:24 | 000,040,960 | ---- | C] () -- C:\Windows\DelPiv.exe
[2010/01/06 02:27:32 | 000,000,028 | ---- | C] () -- C:\Windows\v2d.INI
[2009/12/03 01:19:28 | 000,460,018 | ---- | C] () -- C:\Windows\System32\perfh001.dat
[2009/12/03 01:19:28 | 000,344,522 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2009/12/03 01:19:28 | 000,289,060 | ---- | C] () -- C:\Windows\System32\perfi001.dat
[2009/12/03 01:19:28 | 000,088,674 | ---- | C] () -- C:\Windows\System32\perfc001.dat
[2009/12/03 01:19:28 | 000,042,056 | ---- | C] () -- C:\Windows\System32\perfd001.dat
[2009/12/03 01:19:27 | 000,666,210 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2009/12/03 01:19:27 | 000,121,318 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2009/12/03 01:19:27 | 000,038,160 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
[2009/12/03 01:12:54 | 000,336,704 | ---- | C] () -- C:\Windows\System32\perfi019.dat
[2009/12/03 01:12:53 | 000,702,142 | ---- | C] () -- C:\Windows\System32\perfh019.dat
[2009/12/03 01:12:53 | 000,142,960 | ---- | C] () -- C:\Windows\System32\perfc019.dat
[2009/12/03 01:12:53 | 000,039,446 | ---- | C] () -- C:\Windows\System32\perfd019.dat
[2009/12/03 01:06:35 | 000,229,316 | ---- | C] () -- C:\Windows\System32\perfi00D.dat
[2009/12/03 01:06:34 | 000,377,912 | ---- | C] () -- C:\Windows\System32\perfh00D.dat
[2009/12/03 01:06:34 | 000,078,784 | ---- | C] () -- C:\Windows\System32\perfc00D.dat
[2009/12/03 01:06:34 | 000,032,166 | ---- | C] () -- C:\Windows\System32\perfd00D.dat
[2009/11/25 12:08:37 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI
[2009/11/19 01:28:42 | 000,000,017 | ---- | C] () -- C:\Users\Kieran\AppData\Local\resmon.resmoncfg
[2009/11/06 09:17:18 | 000,002,075 | ---- | C] () -- C:\Windows\hpwmdl23.dat
[2009/10/16 02:32:25 | 000,028,160 | ---- | C] () -- C:\Users\Kieran\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/14 16:49:29 | 000,000,000 | ---- | C] () -- C:\Users\Kieran\AppData\Roaming\wklnhst.dat
[2009/10/11 04:32:18 | 000,021,924 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2009/10/11 03:48:16 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2009/10/11 03:48:16 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/14 04:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:33:53 | 003,511,976 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 02:05:48 | 000,641,796 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 02:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 02:05:48 | 000,116,078 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 02:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 02:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 02:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 23:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 23:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/06 11:05:26 | 000,059,791 | ---- | C] () -- C:\Users\Kieran\AppData\Roaming\Artwork.jpg
[2009/06/18 03:34:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/06/03 11:19:42 | 000,002,560 | ---- | C] () -- C:\Windows\CTXFIRES.DLL
[2009/05/26 09:56:08 | 000,000,297 | ---- | C] () -- C:\Windows\System32\kill.ini
[2008/10/07 00:09:13 | 000,066,560 | ---- | C] () -- C:\Windows\MOTA113.exe
[2008/10/07 00:09:12 | 000,502,784 | ---- | C] () -- C:\Windows\x2.64.exe
[2008/10/07 00:09:12 | 000,240,128 | ---- | C] () -- C:\Windows\System32\x.264.exe
[2008/10/07 00:09:12 | 000,217,073 | ---- | C] () -- C:\Windows\meta4.exe
[2008/10/07 00:09:12 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2008/09/14 22:42:28 | 000,001,076 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/09/14 22:17:35 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2008/09/14 21:37:22 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2008/02/29 03:12:36 | 000,000,672 | ---- | C] () -- C:\Windows\mozver.dat
[2008/02/22 17:22:25 | 000,024,206 | ---- | C] () -- C:\Users\Kieran\AppData\Roaming\UserTile.png
[2008/02/21 11:34:49 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/02/16 07:46:49 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2008/02/16 00:00:12 | 000,303,104 | ---- | C] () -- C:\Windows\System32\FontZoom.exe
[2008/02/16 00:00:12 | 000,131,062 | ---- | C] () -- C:\Windows\System32\DellPM.ini
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007/06/21 09:49:24 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/06/23 10:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2005/07/22 20:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2002/09/17 23:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe

========== LOP Check ==========

[2011/02/17 15:34:03 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\.minecraft
[2010/09/07 23:52:35 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\.oit
[2009/12/15 10:22:42 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\.purple
[2010/08/26 11:31:45 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Apowersoft
[2010/02/22 20:15:42 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Audacity
[2011/11/14 23:25:23 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Azureus
[2010/05/20 16:34:41 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Blitware
[2009/05/26 02:40:12 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\DAEMON Tools
[2009/10/11 04:18:36 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\DAEMON Tools Lite
[2010/07/17 19:02:23 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\dBpoweramp
[2009/10/11 04:18:36 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\eMusic
[2010/08/25 20:32:48 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\GrabPro
[2009/10/11 04:18:37 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\gtk-2.0
[2011/10/30 02:05:40 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\ImgBurn
[2009/12/07 14:37:47 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Intermedia Software
[2011/04/19 09:53:01 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\iPodSoft
[2009/10/11 04:18:37 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Leadertech
[2011/01/29 17:33:42 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\ML
[2011/11/15 08:54:54 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Nokia
[2009/10/11 04:19:02 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\NSeries
[2011/01/27 23:20:29 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Orbit
[2011/10/30 02:11:42 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\PC Suite
[2010/12/14 11:50:59 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\PCDr
[2008/02/22 17:22:25 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\PeerNetworking
[2011/11/12 01:28:42 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\PFStaticIP
[2010/08/25 20:34:47 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\ProgSense
[2009/05/19 20:26:42 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Publish Providers
[2011/04/19 09:54:03 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Purple Ghost Software, Inc
[2011/01/25 10:23:15 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Raptr
[2011/04/19 02:07:26 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\rockbox.org
[2011/01/05 01:41:45 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Samsung
[2011/06/18 14:25:18 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Softplicity
[2010/10/09 02:32:41 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Songbird2
[2009/10/11 04:19:04 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Sony
[2009/02/24 23:02:19 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\TeamViewer
[2011/01/03 11:50:08 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Template
[2009/10/11 04:19:04 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2009/12/03 16:53:56 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2009/10/11 04:19:06 | 000,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Wizards of the Coast
[2011/11/01 09:04:06 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/09/01 08:50:21 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/11/17 09:00:00 | 000,000,436 | ---- | M] () -- C:\Windows\Tasks\SyncBack Music Backup.job
[2011/11/18 12:49:00 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Custom Scans ==========


< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/07/19 00:36:51 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/07/19 00:36:51 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/07/19 00:36:51 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/07/19 00:36:52 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/07/19 00:36:52 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/07/19 00:36:52 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Kieran\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/11/08 03:02:58 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Kieran\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/11/08 03:02:58 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Kieran\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/11/08 03:02:58 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Kieran\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/11/08 03:02:58 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/04/17 02:23:01 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/04/17 02:23:01 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/04/17 02:23:01 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/04/17 02:23:02 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/04/17 02:23:02 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/09/27 13:47:02 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/09/27 13:47:02 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/09/27 13:47:02 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/09/27 13:47:02 | 002,388,848 | ---- | M] (Apple Inc.)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >
[2011/07/18 17:06:34 | 000,001,756 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\.ChromotingConfig.json
[2011/08/24 23:44:15 | 000,000,080 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Custom Dictionary.txt
[2011/11/18 12:56:26 | 000,030,210 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Local State
[2011/11/18 12:56:05 | 004,959,192 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom
[2011/11/18 12:56:06 | 001,849,340 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom Filter 2
[2011/11/18 12:56:06 | 000,134,192 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Safe Browsing Csd Whitelist
[2011/11/18 12:56:05 | 000,449,332 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Safe Browsing Download
[2011/10/26 01:26:24 | 000,000,055 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Service State
[2011/09/13 20:23:40 | 000,053,248 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Archived History
[2011/11/16 09:46:01 | 000,002,856 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Bookmarks
[2011/11/16 09:46:01 | 000,002,856 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Bookmarks.bak
[2011/11/18 12:51:48 | 000,988,160 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Cookies
[2011/11/18 12:57:48 | 000,129,780 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Current Session
[2011/11/18 12:46:00 | 000,000,008 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
[2010/09/29 14:24:13 | 000,006,144 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
[2011/11/17 21:18:27 | 001,593,344 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Favicons
[2011/11/18 12:51:38 | 002,293,760 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\History
[2011/11/14 00:11:09 | 008,101,888 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-09
[2011/11/17 21:15:01 | 026,243,072 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-10
[2011/11/18 12:51:38 | 006,479,872 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-11
[2011/11/18 12:51:38 | 000,103,112 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-11-journal
[2011/11/18 00:09:32 | 000,140,746 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
[2011/11/18 12:51:38 | 000,049,760 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\History-journal
[2011/11/18 12:48:25 | 000,044,119 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Last Session
[2011/11/18 00:09:32 | 000,013,230 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Last Tabs
[2011/11/14 00:06:59 | 000,034,816 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Login Data
[2011/11/18 12:56:59 | 000,061,490 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Preferences
[2011/11/16 09:45:18 | 000,013,312 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\QuotaManager
[2011/11/18 12:51:36 | 000,258,048 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Top Sites
[2011/09/07 20:45:03 | 000,000,008 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
[2011/11/18 00:09:32 | 000,131,072 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Visited Links
[2011/11/18 12:51:18 | 000,159,744 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Web Data
[2011/11/18 12:51:19 | 000,004,624 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
[2011/10/28 00:59:12 | 000,183,296 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Index
[2011/10/28 14:53:04 | 000,045,056 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\data_0
[2011/10/28 14:53:04 | 000,794,624 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\data_1
[2011/10/28 14:53:04 | 001,056,768 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\data_2
[2011/10/28 14:53:04 | 008,396,800 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\data_3
[2011/10/27 19:13:38 | 000,170,215 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00005d
[2011/10/27 19:13:38 | 000,089,685 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00005e
[2011/10/27 19:13:38 | 000,054,305 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00005f
[2011/10/27 19:13:39 | 000,038,830 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000060
[2011/10/27 19:13:39 | 000,018,032 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000061
[2011/10/27 19:13:40 | 000,021,616 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000062
[2011/10/27 19:13:40 | 000,539,122 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000063
[2011/10/27 19:13:40 | 000,023,916 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000064
[2011/10/27 19:13:40 | 000,055,748 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000065
[2011/10/27 19:13:41 | 000,216,019 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000066
[2011/10/27 19:13:47 | 000,319,724 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000067
[2011/10/27 19:13:47 | 000,019,929 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000068
[2011/10/27 19:13:48 | 000,064,734 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000069
[2011/10/27 19:13:48 | 000,018,675 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00006a
[2011/10/27 19:13:49 | 000,096,312 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00006b
[2011/10/27 19:13:49 | 000,018,870 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00006c
[2011/10/27 19:13:50 | 000,060,846 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00006d
[2011/10/27 19:13:52 | 001,136,051 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00006e
[2011/10/27 19:13:52 | 000,040,440 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00006f
[2011/10/27 19:13:52 | 000,025,225 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000070
[2011/10/27 19:13:53 | 000,065,930 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000071
[2011/10/27 19:13:53 | 000,273,534 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000072
[2011/10/27 19:13:54 | 000,035,083 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000073
[2011/10/27 19:13:54 | 000,055,555 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000074
[2011/10/27 19:13:55 | 000,051,474 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000075
[2011/10/27 19:13:56 | 000,620,945 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000076
[2011/10/27 19:13:57 | 000,651,099 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000077
[2011/10/27 19:13:58 | 000,735,236 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000078
[2011/10/27 19:13:58 | 000,063,887 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000079
[2011/10/27 19:13:59 | 000,448,927 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00007a
[2011/10/27 19:13:59 | 000,282,535 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00007b
[2011/10/27 19:14:00 | 000,064,261 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00007c
[2011/10/27 19:14:01 | 000,650,101 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00007d
[2011/10/27 19:14:02 | 000,027,287 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00007e
[2011/10/27 19:14:02 | 000,021,325 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00007f
[2011/10/27 19:14:03 | 000,024,494 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000080
[2011/10/27 19:14:03 | 000,635,647 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000081
[2011/10/27 19:14:03 | 000,049,680 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000082
[2011/10/27 19:14:04 | 000,054,217 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000083
[2011/10/27 19:14:04 | 000,252,656 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000084
[2011/10/27 19:14:05 | 000,111,072 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000085
[2011/10/27 19:14:05 | 000,017,363 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000086
[2011/10/27 19:14:07 | 000,208,104 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000087
[2011/10/27 19:14:07 | 000,370,598 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000088
[2011/10/27 19:14:07 | 000,114,932 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000089
[2011/10/27 19:14:08 | 000,487,507 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00008a
[2011/10/27 19:14:09 | 000,450,288 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00008b
[2011/10/27 19:14:10 | 000,070,877 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00008c
[2011/10/27 19:14:10 | 000,019,614 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00008d
[2011/10/27 19:14:10 | 000,019,659 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00008e
[2011/10/27 19:14:11 | 000,072,798 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00008f
[2011/10/27 19:14:12 | 000,229,707 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000090
[2011/10/27 19:14:12 | 000,547,581 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000091
[2011/10/27 19:14:12 | 000,123,360 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000092
[2011/10/27 19:14:13 | 000,215,792 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000093
[2011/10/27 19:14:13 | 000,140,269 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000094
[2011/10/27 19:14:14 | 000,400,039 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000095
[2011/10/27 19:14:15 | 000,507,744 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000096
[2011/10/27 19:14:15 | 000,071,662 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000097
[2011/10/27 19:14:15 | 000,125,304 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000098
[2011/10/27 19:14:16 | 000,018,431 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000099
[2011/10/27 19:14:16 | 000,389,565 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00009a
[2011/10/27 19:14:17 | 000,019,549 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00009b
[2011/10/27 19:14:17 | 000,019,385 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00009c
[2011/10/27 19:14:18 | 000,018,191 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00009d
[2011/10/27 19:14:18 | 000,072,394 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00009e
[2011/10/27 19:14:18 | 000,163,220 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00009f
[2011/10/27 19:14:18 | 000,064,891 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_0000a0
[2011/10/27 19:14:19 | 000,058,601 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_0000a1
[2011/10/27 19:14:20 | 000,017,478 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_0000a2
[2011/10/27 19:14:20 | 000,019,621 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_0000a3
[2011/10/27 19:14:21 | 000,053,192 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_0000a4
[2011/10/27 19:14:21 | 000,018,705 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_0000a5
[2011/10/27 19:14:21 | 000,054,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_0000a6
[2011/10/27 19:14:21 | 000,117,595 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_0000a7
[2011/10/27 19:14:22 | 000,020,050 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_0000a8
[2011/10/27 19:14:22 | 000,105,244 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_0000a9
[2011/10/27 19:14:22 | 000,038,126 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_0000aa
[2011/10/27 19:14:23 | 000,115,289 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_0000ab
[2011/10/27 19:14:23 | 000,226,219 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_0000ac
[2011/10/27 19:14:23 | 000,055,050 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_0000ad
[2011/10/27 19:14:24 | 000,050,051 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_0000ae
[2011/10/27 19:14:24 | 000,241,608 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_0000af
[2011/10/27 19:14:25 | 000,030,151 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_0000b0
[2011/10/27 19:14:25 | 000,017,568 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_0000b1
[2011/10/27 19:14:25 | 000,037,522 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_0000b2
[2011/10/27 19:14:25 | 000,020,846 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_0000b3
[2011/10/27 19:14:26 | 000,036,547 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_0000b4
[2011/10/27 19:14:26 | 000,194,983 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_0000b5
[2011/10/27 19:14:26 | 000,095,920 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_0000b6
[2011/10/27 19:14:27 | 000,075,943 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_0000b7
[2011/10/27 19:14:27 | 000,038,097 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_0000b8
[2011/10/27 19:14:28 | 000,226,267 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_0000b9
[2011/10/27 19:14:28 | 000,061,993 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_0000ba
[2011/10/27 19:14:28 | 000,018,306 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_0000bb
[2011/10/27 19:14:28 | 000,016,606 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_0000bc
[2011/10/27 19:14:29 | 000,041,274 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_0000bd
[2011/10/27 19:14:29 | 000,017,640 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_0000be
[2011/10/27 19:14:29 | 000,023,258 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_0000bf
[2011/10/27 19:14:29 | 000,091,358 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_0000c0
[2011/10/27 19:14:30 | 000,353,399 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_0000c1
[2011/10/27 19:14:30 | 000,023,544 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_0000c2
[2011/10/27 19:14:30 | 000,023,428 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_0000c3
[2011/10/27 19:14:30 | 000,075,892 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_0000c4
[2011/10/27 19:14:30 | 000,036,337 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_0000c5
[2011/10/27 19:14:31 | 000,085,702 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_0000c6
[2011/10/27 19:14:32 | 000,656,407 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_0000c7
[2011/10/27 19:14:33 | 000,029,419 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_0000c8
[2011/10/27 19:14:33 | 000,019,314 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_0000c9
[2011/10/27 19:14:33 | 000,564,889 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_0000ca
[2011/10/27 19:14:34 | 000,056,781 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_0000cb
[2011/08/23 22:25:04 | 000,524,656 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\index
[2011/11/18 12:51:18 | 000,045,056 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0
[2011/11/18 12:51:18 | 000,270,336 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
[2011/11/18 12:51:27 | 001,056,768 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2
[2011/11/18 12:51:29 | 004,202,496 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3
[2011/11/18 12:51:28 | 000,018,386 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000001
[2011/11/18 12:51:28 | 000,037,451 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000002
[2011/11/18 12:51:28 | 000,063,926 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000003
[2011/11/18 12:51:28 | 000,029,478 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000004
[2011/11/18 12:51:30 | 000,026,009 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000005
[2011/11/18 12:51:31 | 000,049,203 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000006
[2011/11/18 12:51:31 | 000,039,792 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000007
[2011/11/18 12:51:32 | 000,032,765 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000008
[2011/11/18 12:51:32 | 000,018,994 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000009
[2011/11/18 12:51:35 | 000,496,713 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000a
[2011/11/18 12:51:18 | 000,262,512 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Cache\index
[2011/10/13 12:39:21 | 000,009,216 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db
[2011/10/13 12:39:21 | 000,004,096 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\databases\http_download.cnet.com_0\17
[2011/09/24 15:27:27 | 000,004,096 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\databases\http_twitter.com_0\14
[2011/10/13 11:28:25 | 000,004,096 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\databases\http_www.toshiba.ie_0\16
[2011/11/02 17:02:16 | 000,004,096 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\databases\https_docs.google.com_0\15
[2011/10/21 21:56:03 | 000,020,257 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\128.png
[2011/10/21 21:56:03 | 000,000,920 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\16.png
[2011/10/21 21:56:03 | 000,000,716 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\manifest.json
[2011/10/21 21:56:03 | 000,000,176 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\ar\messages.json
[2011/10/21 21:56:03 | 000,000,296 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\bg\messages.json
[2011/10/21 21:56:03 | 000,000,104 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\ca\messages.json
[2011/10/21 21:56:03 | 000,000,105 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\cs\messages.json
[2011/10/21 21:56:03 | 000,000,107 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\da\messages.json
[2011/10/21 21:56:03 | 000,000,106 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\de\messages.json
[2011/10/21 21:56:03 | 000,000,296 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\el\messages.json
[2011/10/21 21:56:03 | 000,000,093 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\en\messages.json
[2011/10/21 21:56:02 | 000,000,083 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\en-GB\messages.json
[2011/10/21 21:56:03 | 000,000,131 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\es\messages.json
[2011/10/21 21:56:02 | 000,000,102 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\es-419\messages.json
[2011/10/21 21:56:03 | 000,000,112 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\et\messages.json
[2011/10/21 21:56:03 | 000,000,100 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\fi\messages.json
[2011/10/21 21:56:03 | 000,000,103 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\fil\messages.json
[2011/10/21 21:56:03 | 000,000,131 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\fr\messages.json
[2011/10/21 21:56:03 | 000,000,092 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\hr\messages.json
[2011/10/21 21:56:03 | 000,000,114 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\hu\messages.json
[2011/10/21 21:56:03 | 000,000,089 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\id\messages.json
[2011/10/21 21:56:03 | 000,000,097 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\it\messages.json
[2011/10/21 21:56:03 | 000,000,096 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\iw\messages.json
[2011/10/21 21:56:03 | 000,000,179 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\ja\messages.json
[2011/10/21 21:56:03 | 000,000,182 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\ko\messages.json
[2011/10/21 21:56:03 | 000,000,121 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\lt\messages.json
[2011/10/21 21:56:03 | 000,000,113 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\lv\messages.json
[2011/10/21 21:56:03 | 000,000,090 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\nl\messages.json
[2011/10/21 21:56:03 | 000,000,083 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\no\messages.json
[2011/10/21 21:56:03 | 000,000,099 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\pl\messages.json
[2011/10/21 21:56:03 | 000,000,090 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\pt-BR\messages.json
[2011/10/21 21:56:03 | 000,000,087 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\pt-PT\messages.json
[2011/10/21 21:56:03 | 000,000,113 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\ro\messages.json
[2011/10/21 21:56:03 | 000,000,220 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\ru\messages.json
[2011/10/21 21:56:03 | 000,000,092 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\sk\messages.json
[2011/10/21 21:56:03 | 000,000,095 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\sl\messages.json
[2011/10/21 21:56:03 | 000,000,236 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\sr\messages.json
[2011/10/21 21:56:03 | 000,000,113 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\sv\messages.json
[2011/10/21 21:56:03 | 000,000,200 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\th\messages.json
[2011/10/21 21:56:03 | 000,000,113 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\tr\messages.json
[2011/10/21 21:56:03 | 000,000,254 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\uk\messages.json
[2011/10/21 21:56:03 | 000,000,176 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\vi\messages.json
[2011/10/21 21:56:03 | 000,000,085 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\zh-CN\messages.json
[2011/10/21 21:56:03 | 000,000,082 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\zh-TW\messages.json
[2011/08/30 12:51:52 | 000,005,972 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\gklfihmmokekepifllhpdlkobiplpklj\2.3_0\128.png
[2011/08/30 12:51:52 | 000,000,866 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\gklfihmmokekepifllhpdlkobiplpklj\2.3_0\24.png
[2011/08/30 12:51:52 | 000,000,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\gklfihmmokekepifllhpdlkobiplpklj\2.3_0\manifest.json
[2011/10/25 08:25:17 | 000,000,217 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\background.html
[2011/10/25 08:25:17 | 000,003,879 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\contentscript.js
[2011/10/25 08:25:18 | 000,000,640 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\manifest.json
[8 C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\*.tmp files -> C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\*.tmp -> ]
[7 C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\*.tmp files -> C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\*.tmp -> ]
[2011/11/11 09:46:02 | 000,003,072 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-devtools_devtools_0.localstorage
[2011/10/03 22:56:30 | 000,003,072 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_clients6.google.com_0.localstorage
[2011/11/02 23:56:11 | 000,003,072 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_docs.google.com_0.localstorage
[2011/11/08 22:18:35 | 000,005,120 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_plus.google.com_0.localstorage
[2011/10/02 23:32:40 | 000,003,072 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.amazon.co.uk_0.localstorage
[2011/10/14 19:23:58 | 000,003,072 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.amazon.com_0.localstorage
[2011/10/02 17:31:37 | 000,003,072 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.meebo.com_0.localstorage
[2011/11/01 20:33:34 | 000,552,960 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cdn.apture.com_0.localstorage
[2011/10/27 20:45:06 | 000,009,216 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_chrome.angrybirds.com_0.localstorage
[2011/10/26 01:22:08 | 000,005,120 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_conduitapp.s3.amazonaws.com_0.localstorage
[2011/10/26 01:22:51 | 000,005,120 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_dl.gameplaylabs.com_0.localstorage
[2011/10/02 17:32:02 | 000,006,144 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ebiquity.umbc.edu_0.localstorage
[2011/10/26 01:23:19 | 000,005,120 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_en.wikipedia.org_0.localstorage
[2011/10/02 22:44:22 | 000,003,072 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_forums.dpreview.com_0.localstorage
[2011/10/02 17:03:03 | 000,003,072 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_marvel.wikia.com_0.localstorage
[2011/11/11 03:49:42 | 000,006,144 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mediacdn.disqus.com_0.localstorage
[2011/10/07 11:37:15 | 000,003,072 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_peel.wikia.com_0.localstorage
[2011/10/26 01:22:44 | 000,005,120 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_remote.vuze.com_0.localstorage
[2011/10/03 15:11:26 | 000,003,072 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_soundcloud.com_0.localstorage
[2011/10/02 16:27:55 | 000,003,072 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_thenextweb.com_0.localstorage
[2011/10/26 01:22:08 | 000,005,120 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_torrentz.eu_0.localstorage
[2011/09/24 15:27:51 | 000,038,912 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_twitter.com_0.localstorage
[2011/09/27 14:00:11 | 000,003,072 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.apple.com_0.localstorage
[2011/10/03 15:51:51 | 000,226,304 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.emusic.com_0.localstorage
[2011/10/26 01:23:13 | 000,005,120 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.google.ie_0.localstorage
[2011/10/02 16:13:29 | 000,003,072 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.independent.co.uk_0.localstorage
[2011/10/02 17:31:38 | 000,268,288 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.meebo.com_0.localstorage
[2011/10/18 10:02:45 | 000,003,072 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.myspace.com_0.localstorage
[2011/10/18 14:32:37 | 000,003,072 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.nme.com_0.localstorage
[2011/10/10 09:09:04 | 000,003,072 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.nytimes.com_0.localstorage
[2011/10/23 21:51:20 | 000,003,072 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.nzherald.co.nz_0.localstorage
[2011/10/02 16:42:28 | 000,003,072 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.reuters.com_0.localstorage
[2011/09/26 18:19:34 | 000,003,072 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.sensoryedge.com_0.localstorage
[2011/10/26 01:23:02 | 000,005,120 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.uknova.com_0.localstorage
[2011/09/24 10:47:02 | 000,003,072 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.veoh.com_0.localstorage
[2011/10/26 01:22:49 | 000,005,120 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.vuze.com_0.localstorage
[2011/11/14 20:24:48 | 000,005,120 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.youtube.com_0.localstorage
[2011/11/02 23:56:24 | 000,045,056 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_0
[2011/11/02 23:56:24 | 000,270,336 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_1
[2011/09/13 20:23:45 | 000,008,192 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_2
[2011/09/13 20:23:45 | 000,008,192 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_3
[2011/10/25 07:44:29 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000001
[2011/10/25 07:44:31 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000002
[2011/10/25 07:44:32 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000003
[2011/10/25 07:44:33 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000004
[2011/10/25 07:44:35 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000005
[2011/10/25 07:44:36 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000006
[2011/10/25 07:44:38 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000007
[2011/10/25 07:44:39 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000008
[2011/10/25 07:44:40 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000009
[2011/10/25 07:44:42 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00000a
[2011/10/25 07:44:44 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00000b
[2011/10/25 07:44:46 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00000c
[2011/10/25 07:45:26 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00000d
[2011/10/25 07:45:28 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00000e
[2011/10/25 07:45:30 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00000f
[2011/10/25 07:45:32 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000010
[2011/10/25 07:45:34 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000011
[2011/10/25 07:45:35 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000012
[2011/10/25 07:46:23 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000013
[2011/10/25 07:46:24 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000014
[2011/10/25 07:46:26 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000015
[2011/10/25 07:46:27 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000016
[2011/10/25 07:46:29 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000017
[2011/10/25 07:46:30 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000018
[2011/10/25 07:47:15 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000019
[2011/10/25 07:55:46 | 000,213,851 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00001a
[2011/10/25 07:47:16 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00001b
[2011/10/25 07:48:04 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00001c
[2011/10/25 07:48:07 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00001d
[2011/10/25 07:48:12 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00001e
[2011/10/25 07:48:16 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00001f
[2011/10/25 07:48:20 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000020
[2011/10/25 07:48:25 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000021
[2011/10/25 07:48:28 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000022
[2011/10/25 07:48:32 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000023
[2011/10/25 07:48:36 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000024
[2011/10/25 07:49:33 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000025
[2011/10/25 07:49:36 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000026
[2011/10/25 07:49:40 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000027
[2011/10/25 07:49:44 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000028
[2011/10/25 07:49:48 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000029
[2011/10/25 07:49:51 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00002a
[2011/10/25 07:50:48 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00002b
[2011/10/25 07:50:50 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00002c
[2011/10/25 07:50:53 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00002d
[2011/10/25 07:50:57 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00002e
[2011/10/25 07:51:00 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00002f
[2011/10/25 07:51:04 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000030
[2011/10/25 07:51:08 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000031
[2011/10/25 07:51:12 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000032
[2011/10/25 07:51:47 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000033
[2011/10/25 07:52:35 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000034
[2011/10/25 07:52:37 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000035
[2011/10/25 07:52:39 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000036
[2011/10/25 07:52:41 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000037
[2011/10/25 07:52:43 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000038
[2011/10/25 07:52:44 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000039
[2011/10/25 07:53:17 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00003a
[2011/10/25 07:53:20 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00003b
[2011/10/25 07:53:22 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00003c
[2011/10/25 07:53:24 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00003d
[2011/10/25 07:53:26 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00003e
[2011/10/25 07:53:28 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00003f
[2011/10/25 07:53:30 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000040
[2011/10/25 07:54:08 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000041
[2011/10/25 07:54:10 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000042
[2011/10/25 07:54:12 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000043
[2011/10/25 07:54:14 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000044
[2011/10/25 07:54:16 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000045
[2011/10/25 07:54:18 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000046
[2011/10/25 07:55:43 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000047
[2011/10/25 07:55:45 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000048
[2011/10/25 07:58:51 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000049
[2011/10/25 07:58:52 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00004a
[2011/10/25 07:58:54 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00004b
[2011/10/25 07:58:55 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00004c
[2011/10/25 07:58:57 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00004d
[2011/10/25 07:58:58 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00004e
[2011/10/25 07:59:00 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00004f
[2011/10/25 07:59:02 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000050
[2011/10/25 07:59:03 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000051
[2011/10/25 07:59:05 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000052
[2011/10/25 07:59:07 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000053
[2011/10/25 07:59:13 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000054
[2011/10/25 08:00:08 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000055
[2011/10/25 08:00:10 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000056
[2011/10/25 08:00:13 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000057
[2011/10/25 08:00:16 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000058
[2011/10/25 08:00:19 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000059
[2011/10/25 08:00:22 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00005a
[2011/10/25 08:01:40 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00005b
[2011/10/25 08:01:41 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00005c
[2011/10/25 08:01:44 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00005d
[2011/10/25 08:01:46 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00005e
[2011/10/25 08:01:48 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00005f
[2011/10/25 08:01:50 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000060
[2011/10/25 08:03:06 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000061
[2011/10/25 08:03:08 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000062
[2011/10/25 08:03:11 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000063
[2011/10/25 08:03:13 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000064
[2011/10/25 08:03:15 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000065
[2011/10/25 08:04:36 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000066
[2011/10/25 08:04:38 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000067
[2011/10/25 08:04:40 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000068
[2011/10/25 08:04:42 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000069
[2011/10/25 08:04:45 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00006a
[2011/10/25 08:04:48 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00006b
[2011/10/25 08:06:12 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00006c
[2011/10/25 08:06:14 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00006d
[2011/10/25 08:06:16 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00006e
[2011/10/25 08:06:18 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00006f
[2011/10/25 08:06:21 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000070
[2011/10/25 08:06:25 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000071
[2011/10/25 08:07:42 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000072
[2011/10/25 08:07:44 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000073
[2011/10/25 08:07:48 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000074
[2011/10/25 08:07:53 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000075
[2011/10/25 08:07:57 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000076
[2011/10/25 08:08:00 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000077
[2011/10/25 08:08:04 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000078
[2011/10/25 08:09:22 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000079
[2011/10/25 08:09:28 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00007a
[2011/10/25 08:09:30 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00007b
[2011/10/25 08:09:33 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00007c
[2011/10/25 08:09:36 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00007d
[2011/10/25 08:09:38 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00007e
[2011/10/25 08:09:39 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00007f
[2011/10/25 08:09:41 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000080
[2011/10/25 08:09:43 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000081
[2011/10/25 08:09:44 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000082
[2011/10/25 08:09:46 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000083
[2011/10/25 08:09:48 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000084
[2011/10/25 08:09:50 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000085
[2011/10/25 08:09:52 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000086
[2011/10/25 08:09:55 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000087
[2011/10/25 08:09:57 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000088
[2011/10/25 08:10:00 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000089
[2011/10/25 08:10:03 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00008a
[2011/10/25 08:10:06 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00008b
[2011/10/25 08:10:09 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00008c
[2011/10/25 08:10:11 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00008d
[2011/10/25 08:10:14 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00008e
[2011/10/25 08:10:17 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00008f
[2011/10/25 08:10:20 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000090
[2011/10/25 08:10:23 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000091
[2011/10/25 08:10:26 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000092
[2011/10/25 08:10:29 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000093
[2011/10/25 08:10:31 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000094
[2011/10/25 08:10:34 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000095
[2011/10/25 08:10:37 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000096
[2011/10/25 08:10:39 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000097
[2011/10/25 08:10:42 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000098
[2011/10/25 08:10:45 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000099
[2011/10/25 08:10:48 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00009a
[2011/10/25 08:10:51 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00009b
[2011/10/25 08:10:54 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00009c
[2011/10/25 08:10:56 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00009d
[2011/10/25 08:10:59 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00009e
[2011/10/25 08:11:02 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00009f
[2011/10/25 08:11:05 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_0000a0
[2011/10/25 08:11:08 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_0000a1
[2011/10/25 08:11:11 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_0000a2
[2011/10/25 08:11:13 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_0000a3
[2011/10/25 08:11:16 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_0000a4
[2011/10/25 08:11:19 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_0000a5
[2011/10/25 08:11:22 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_0000a6
[2011/10/25 08:11:25 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_0000a7
[2011/10/25 08:11:28 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_0000a8
[2011/10/25 08:11:31 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_0000a9
[2011/10/25 08:11:33 | 001,048,576 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_0000aa
[2011/10/25 08:11:35 | 000,647,649 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_0000ab
[2011/11/02 09:41:00 | 000,490,223 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_0000ac
[2011/09/13 20:23:45 | 000,262,512 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Media Cache\index
[2010/09/29 14:01:49 | 000,000,000 | ---- | M] () -- C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\User StyleSheets\Custom.css

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-15 08:49:24

< End of report >

PC is working okay. Do you think these infections were at the root of the broadband hijack?

Edited by kdokeeffe, 18 November 2011 - 07:02 AM.

  • 0

#10
SweetTech
Posted 19 November 2011 - 01:29 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Good Evening,

I apologize for the delay. My hours at work have been a little hectic lately, and I'm just getting around to responding to my logs now.

Your logs are looking better.

PC is working okay. Do you think these infections were at the root of the broadband hijack?

It's a possibility. Some malware has been known to mess with your router. The best way to prevent this is by setting a password for your routers configuration page.

Are there any outstanding issues that we haven't addressed yet, or do you think you are ready to proceed with the clean-up procedure??

Please let me know.

Kindest Regards,
SweetTech.
  • 0

Advertisements

#11
kdokeeffe
Posted 19 November 2011 - 08:36 AM

kdokeeffe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
thanks! and no problem about the delay, I realise you have a real job / life too :-)

everything seems okay now with no broadband problems since the threats were removed, so I am good to start with the cleanup procedure.
  • 0

#12
SweetTech
Posted 20 November 2011 - 01:07 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Good Evening!

Great! Glad to hear things are running smoothly.


Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Commands
[ClearAllRestorePoints]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



OTL Clean-Up

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:
  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


NEXT:



All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===



Below I have included a number of recommendations for how to protect your computer against malware infections.


Updated Anti-Virus Program
It's essential that you have an updated anti-virus program running on your computer. You don't want to run more than one as it can cause program conflicts, as well as false positives

You can view an excellent list of Free Security Software programs that has been compiled by GeekstoGo.


Avoid P2P Programs

Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

If you have any of these programs installed then I highly suggest you uninstall them.

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


Internet Browsers

Many of the users that I assist here on the forums, ask me which programs they can use to prevent themselves from getting infected again in the future. The best answer I can give you is too practice safe browsing.

Please consider using an alternative browser such as Google Chrome or Opera. They are both much more secure than Internet Explorer, immune to almost all known browser hijackers, and also have great built-in pop-up blockers.

I also suggest you make your Internet Explore more secure.


Make Internet Explorer more secure

  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.



Extra Goodies

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them     then consider a password keeper, to keep all your passwords safe.
  • Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • You should run an updated scan with MalwareBytes' Anti-Malware weekly. Instructions are included below:

    • Open Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Check for Updates

  • Be weary of e-mails from unknown senders. Keep the following in mind as well: If it's to good to be true, then it more than likely is.

  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for Chrome and Opera.
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.
**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.
  • 0

#13
kdokeeffe
Posted 21 November 2011 - 01:43 PM

kdokeeffe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
thanks for all your help :-)


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8198

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

20/11/2011 13:49:17
mbam-log-2011-11-20 (13-49-17).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|M:\|Y:\|Z:\|)
Objects scanned: 623210
Time elapsed: 3 hour(s), 0 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



========== COMMANDS ==========


OTL by OldTimer - Version 3.2.31.0 log created on 11202011_095146

Edited by kdokeeffe, 21 November 2011 - 01:46 PM.

  • 0

#14
SweetTech
Posted 21 November 2011 - 08:02 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
You should be all set now! Do you have any remaining questions or concerns for me or do you think we can consider this case resolved, and mark it as such?
  • 1

#15
kdokeeffe
Posted 22 November 2011 - 04:40 AM

kdokeeffe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
hi - things seems all good now - I consider the case resolved. :thumbsup:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP