Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi all! We have been experiencing an issue on site where threads have been missing the latest postings. The platform host Vanilla are working on this issue. A workaround that has been used by some is to navigate back from 1 to 10+ pages to re-sync the thread and this will then show the latest posts. Thanks, Mike.
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest
Malware Infection
-
29-05-2012 11:54amHi guys,
Think I have some sort of virus that is confusing my antivirus. I'm in work at the moment so don't have all details to hand. Will clarify any points tonight.
I switched on the pc last night and eset nod32 gave an error something along the lines that it's installation had been compromised due to malware (something like that anyway). it says to uninstall and then reinstall eset.
So I did this along with installing AVG and spybot. I also ran a non-install malware fixer called combofix. I think combofix picked up and quarantied some stuff.
Running the proper antivirus stuff now shows the pc is clean however I'm not fully convinced it is.
When I start the pc and logon i get two error messages saying that two different .dll files failed to startup. (Will confirm exact errors but I believe they are expected to be found folder AppDir)
When i check the combofix quarantine folder those two files are there. So my guess is they have been identified as infected but are still being invoked on startup. So i think something is still possibly hidden requesting those files to startup.
There is another file that combofix quarantined as well jna(followed by heap of numbers).dll (i think) e.g jna675412567893.dll
Everytime I logon a new jna(follwed by heap of new numbers).dll is created Think in AppDir also.
So, what should my next steps be? I subsequently was able to install Nod32 again and that error isn't showing but my suspicions are still roused.
Any advice greatly appreciated.
Edit: also installed and ran malware bytes. It shows as clear too.0
Comments
-
can you post the combofix log, it should be at C:\combofix.txt0
-
-
you can post that too
also fully uninstall one of those two anti-viruses, AVG/Avast, not good for your PC to have both on there even if one is messed up.0 -
http://pastebin.com/Sr5M5cZW
and quarantined files
http://pastebin.com/f63PWqdu
the two error messages that popup on logon
http://i631.photobucket.com/albums/uu39/TechnoFreek1/errors.jpg
thanks in advance0 -
can you post these logs here rather than attach them, easier for me
Download OTL to your Desktop- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Click the Quick Scan button. Do not change any settings. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files here
0 -
Advertisement
-
OTL Extras logfile created on: 29/05/2012 20:05:03 - Run 1
OTL by OldTimer - Version 3.2.44.0 Folder = \
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy
4.00 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 45.88% Memory free
7.99 Gb Paging File | 5.48 Gb Available in Paging File | 68.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 139.15 Gb Free Space | 29.88% Space Free | Partition Type: NTFS
Drive | 465.76 Gb Total Space | 72.76 Gb Free Space | 15.62% Space Free | Partition Type: NTFS
Drive F: | 1863.01 Gb Total Space | 199.76 Gb Free Space | 10.72% Space Free | Partition Type: NTFS
Computer Name: DAMIEN-PC | User Name: Damien | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{5B562A83-E2BF-4AE3-9CCB-36D65736E78E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D4C76578-A82E-45A5-966D-D07628872032}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{04F80196-A97D-4102-81F6-D31565A9D0D1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{29F78CC8-AFDB-45C0-92B7-A219B4C3105E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8C4D9DB2-2E5D-4A47-8C6C-B55BC4E0B2BD}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A79F507D-C168-4EC5-B662-59F0FCAEFF7B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F8C0426D-4A90-4624-A39A-B0EF5337A6B3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{F9B8D148-7B1F-41D8-952B-2B6D9DEA247C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"TCP Query User{E59BCB18-F5C5-4FE1-8A8E-8FE6D19FF43B}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{AF8178C5-2BAA-41E9-AB6C-9B9A61DB0223}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java(TM) 6 Update 29 (64-bit)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2CDD9D22-AD67-4588-93AD-147C979F6E7C}" = AVG 2012
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{857B32C1-7C87-40B5-B2A5-D06F49B80002}" = AVG 2012
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C43C57C2-092C-4BB2-9371-C7342EF0CBA5}" = AVG 2012
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240CD}" = WinZip 16.0
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AVG" = AVG 2012
"ComicRack" = ComicRack v0.9.151
"EPSON SX410 Series" = EPSON SX410 Series Printer Uninstall
"KLiteCodecPack64_is1" = K-Lite Codec Pack 6.3.0 (64-bit)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"WinRAR archiver" = WinRAR 4.01 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{04BCB992-A9E6-427D-BC66-E92BB76BE97A}" = WD Discovery Software
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83217002FF}" = Java(TM) 7 Update 2
"{28773E11-6E44-46DC-90BD-273A3FA2CAC1}" = Adobe Setup
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = USB2.0 UVC Camera
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{49CC1A6A-3A1A-4EE7-913F-8106B51B59D1}" = Paragon Partition Manager 8.5 Professional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A423411-E28A-4A13-BDB0-8E8BC42FFA29}" = HTC Sync
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{879E1A85-4B17-48CF-8D73-6CC09F46497E}_is1" = Connon Fodder 3 version 1.0
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90190409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Publisher 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0E7A72E-FEFF-47BA-B893-1697CCAE5FE2}" = calibre
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D47087E7-AA15-4D1D-8C0A-60F7E446D597}" = PSP ISO Compressor
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_ccb135070a90ff24d6e7cc4bc5a59cb" = Adobe Fireworks CS4
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Ashampoo Burning Studio 11_is1" = Ashampoo Burning Studio 11 v.11.0.4
"AviSynth" = AviSynth 2.5
"clrmamepro" = clrmamepro
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CrossLoop_is1" = CrossLoop 2.70
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec
"dBpoweramp m4a Codec" = dBpoweramp m4a Codec
"dBpoweramp Midi Decoder" = dBpoweramp Midi Decoder
"dBpoweramp Monkeys Audio Codec" = dBpoweramp Monkeys Audio Codec
"dBpoweramp Musepack Codec" = dBpoweramp Musepack Codec
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"dBpoweramp Music Converter_is1" = dBpoweramp Music Converter Power Pack 14
"dBpoweramp Ogg Vorbis Codec" = dBpoweramp Ogg Vorbis Codec
"dBPowerAMP Real Audio (Helix) Encoder" = dBPowerAMP Real Audio (Helix) Encoder
"dBpoweramp Shorten Codec" = dBpoweramp Shorten Codec
"dBpoweramp WavPack Codec" = dBpoweramp WavPack Codec
"dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec
"DivX Setup" = DivX Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Epson Stylus SX210_SX410_TX210_TX410 User’s Guide" = Epson Stylus SX210_SX410_TX210_TX410 Manual
"Exact Audio Copy" = Exact Audio Copy 0.99pb5
"EZ Vinyl/Tape Converter by MixMeister_is1" = EZ Vinyl/Tape Converter 4.1 by MixMeister
"Finale NotePad 2010" = Finale NotePad 2010
"FLAC" = FLAC 1.2.1b (remove only)
"ImgBurn" = ImgBurn
"Internet Download Manager" = Internet Download Manager
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"MiPony" = MiPony 1.6.1
"MKVtoolnix" = MKVToolNix 5.5.0
"Mozilla Firefox (4.0b4)" = Mozilla Firefox (4.0b4)
"Mozilla Firefox 12.0 (x86 en-GB)" = Mozilla Firefox 12.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Open Codecs" = Xiph.Org Open Codecs 0.85.17777
"PC Auto Shutdown_is1" = PC Auto Shutdown 3.8
"PS3 Media Server" = PS3 Media Server
"Soulseek2" = SoulSeek 157 NS 13e
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.9
"WD Link" = WD Link
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WM Capture" = WM Capture
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Draw 4 App" = Draw 4 App
"FileZilla Client" = FileZilla Client 3.5.3
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 09/04/2011 10:21:06 | Computer Name = Damien-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
Error - 09/04/2011 10:36:23 | Computer Name = Damien-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
Error - 09/04/2011 17:21:36 | Computer Name = Damien-PC | Source = Application Hang | ID = 1002
Description = The program wmplayer.exe version 12.0.7601.17514 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1560 Start
Time: 01cbf6fb9b17fa70 Termination Time: 10 Application Path: C:\Program Files (x86)\Windows
Media Player\wmplayer.exe Report Id: 577db51d-62ef-11e0-b7f8-00e06106c558
Error - 09/04/2011 17:21:54 | Computer Name = Damien-PC | Source = Application Error | ID = 1000
Description = Faulting application name: wmpnetwk.exe, version: 12.0.7601.17514,
time stamp: 0x4ce7ae7f Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7c78c Exception code: 0x0000046b Fault offset: 0x000000000000a49d
Faulting
process id: 0x9bc Faulting application start time: 0x01cbf6c38e3b1ac3 Faulting application
path: C:\Program Files\Windows Media Player\wmpnetwk.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: 63d893dc-62ef-11e0-b7f8-00e06106c558
Error - 10/04/2011 04:25:55 | Computer Name = Damien-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
Error - 10/04/2011 09:04:31 | Computer Name = Damien-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Adobe
Fireworks CS4\Configuration\Win\Shared\AdobeAIR\SDK\runtime\Adobe AIR\Versions\1.0\Adobe
AIR.dll".Error in manifest or policy file "C:\Program Files (x86)\Adobe\Adobe Fireworks
CS4\Configuration\Win\Shared\AdobeAIR\SDK\runtime\Adobe AIR\Versions\1.0\Adobe
AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.
Error - 10/04/2011 09:04:57 | Computer Name = Damien-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Nokia\Nokia
PC Suite 7\TIS_Windows7PIM.dll". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 10/04/2011 10:08:24 | Computer Name = Damien-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
Error - 10/04/2011 11:14:57 | Computer Name = Damien-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17514,
time stamp: 0x4ce7a144 Faulting module name: msieftp.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7c806 Exception code: 0xc0000005 Fault offset: 0x0000000000018b90
Faulting
process id: 0x91c Faulting application start time: 0x01cbf758edf35142 Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\system32\msieftp.dll
Report
Id: 4b341f80-6385-11e0-b561-00e06106c558
Error - 10/04/2011 16:06:03 | Computer Name = Damien-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
[ Media Center Events ]
Error - 07/01/2010 11:54:16 | Computer Name = Damien-PC | Source = MCUpdate | ID = 0
Description = 15:54:16 - Error connecting to the internet. 15:54:16 - Unable
to contact server..
Error - 07/01/2010 11:55:09 | Computer Name = Damien-PC | Source = MCUpdate | ID = 0
Description = 15:55:00 - Error connecting to the internet. 15:55:00 - Unable
to contact server..
Error - 07/01/2010 12:59:33 | Computer Name = Damien-PC | Source = MCUpdate | ID = 0
Description = 16:59:33 - Failed to retrieve Directory (Error: Unable to connect
to the remote server)
Error - 07/01/2010 13:00:17 | Computer Name = Damien-PC | Source = MCUpdate | ID = 0
Description = 17:00:16 - Error connecting to the internet. 17:00:16 - Unable
to contact server..
Error - 08/01/2010 17:26:34 | Computer Name = Damien-PC | Source = MCUpdate | ID = 0
Description = 21:26:34 - Error connecting to the internet. 21:26:34 - Unable
to contact server..
Error - 08/01/2010 17:27:23 | Computer Name = Damien-PC | Source = MCUpdate | ID = 0
Description = 21:27:18 - Error connecting to the internet. 21:27:18 - Unable
to contact server..
Error - 11/01/2010 15:23:58 | Computer Name = Damien-PC | Source = MCUpdate | ID = 0
Description = 19:23:57 - Error connecting to the internet. 19:23:58 - Unable
to contact server..
Error - 11/01/2010 15:24:31 | Computer Name = Damien-PC | Source = MCUpdate | ID = 0
Description = 19:24:27 - Error connecting to the internet. 19:24:27 - Unable
to contact server..
Error - 17/01/2010 17:43:52 | Computer Name = Damien-PC | Source = MCUpdate | ID = 0
Description = 21:43:52 - Error connecting to the internet. 21:43:52 - Unable
to contact server..
Error - 17/01/2010 17:44:02 | Computer Name = Damien-PC | Source = MCUpdate | ID = 0
Description = 21:43:57 - Error connecting to the internet. 21:43:57 - Unable
to contact server..
[ System Events ]
Error - 28/05/2012 17:35:28 | Computer Name = Damien-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068
Error - 28/05/2012 17:35:29 | Computer Name = Damien-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068
Error - 28/05/2012 17:36:13 | Computer Name = Damien-PC | Source = DCOM | ID = 10005
Description =
Error - 28/05/2012 17:38:57 | Computer Name = Damien-PC | Source = DCOM | ID = 10005
Description =
Error - 28/05/2012 17:42:55 | Computer Name = Damien-PC | Source = Service Control Manager | ID = 7024
Description = The Apache2.2 service terminated with service-specific error %%1.
Error - 28/05/2012 17:42:56 | Computer Name = Damien-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126
Error - 28/05/2012 17:56:40 | Computer Name = Damien-PC | Source = Service Control Manager | ID = 7024
Description = The Apache2.2 service terminated with service-specific error %%1.
Error - 28/05/2012 17:56:41 | Computer Name = Damien-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126
Error - 29/05/2012 14:08:35 | Computer Name = Damien-PC | Source = Service Control Manager | ID = 7024
Description = The Apache2.2 service terminated with service-specific error %%1.
Error - 29/05/2012 14:08:36 | Computer Name = Damien-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126
< End of report >0 -
OTL logfile created on: 29/05/2012 20:05:03 - Run 1
OTL by OldTimer - Version 3.2.44.0 Folder = \
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy
4.00 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 45.88% Memory free
7.99 Gb Paging File | 5.48 Gb Available in Paging File | 68.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 139.15 Gb Free Space | 29.88% Space Free | Partition Type: NTFS
Drive | 465.76 Gb Total Space | 72.76 Gb Free Space | 15.62% Space Free | Partition Type: NTFS
Drive F: | 1863.01 Gb Total Space | 199.76 Gb Free Space | 10.72% Space Free | Partition Type: NTFS
Computer Name: DAMIEN-PC | User Name: Damien | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/05/29 19:57:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- \OTL.exe
PRC - [2012/05/28 19:32:42 | 000,935,480 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
PRC - [2012/05/28 19:32:41 | 001,104,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/05/03 20:08:25 | 003,487,128 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/27 21:36:26 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/04/01 17:04:00 | 000,634,880 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2012/03/23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/04 18:08:06 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Java\jre7\bin\javaw.exe
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/05/21 07:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010/04/01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/12/20 01:00:00 | 006,095,504 | ---- | M] (MySQL AB) -- C:\XAMPP\xampp\mysql\bin\mysqld.exe
PRC - [2009/12/16 19:01:26 | 000,086,016 | ---- | M] () -- C:\Users\Damien\AppData\Local\CrossLoop\CrossLoopService.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/12/17 01:09:02 | 000,461,928 | ---- | M] (GoldSolution Software, Inc.) -- C:\Program Files (x86)\PC Auto Shutdown\ShutdownService.exe
PRC - [2007/07/11 16:31:14 | 000,569,344 | ---- | M] (Sonix) -- C:\Windows\vsnp2uvc.exe
========== Modules (No Company Name) ==========
MOD - [2012/05/28 19:32:42 | 000,132,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll
MOD - [2012/05/28 19:32:41 | 001,104,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/05/10 13:32:47 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\7bc1e5196772dfcdc597401cc08098c8\System.Data.ni.dll
MOD - [2012/05/10 13:31:58 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/10 13:31:55 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/10 13:31:54 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/10 13:31:44 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/05/04 23:45:43 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012/04/27 21:36:25 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/04/01 17:04:00 | 001,515,520 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2012/04/01 17:04:00 | 000,634,880 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2012/04/01 17:04:00 | 000,559,244 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2012/04/01 17:04:00 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2012/04/01 17:04:00 | 000,385,024 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2012/04/01 17:04:00 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2012/04/01 17:04:00 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2012/04/01 17:04:00 | 000,103,936 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll
MOD - [2012/04/01 17:04:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/11/05 02:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010/11/20 14:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2010/02/20 17:36:23 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/07/14 02:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/05/25 10:38:54 | 000,567,216 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdccoms.exe -- (lxdc_device)
SRV - [2012/05/28 19:32:42 | 000,935,480 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0)
SRV - [2012/05/04 23:45:43 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/04/27 21:36:27 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/05/21 07:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/05/17 08:27:48 | 000,366,872 | ---- | M] (Tanuki Software, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe -- (PS3 Media Server)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/20 17:36:14 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/20 01:00:00 | 006,095,504 | ---- | M] (MySQL AB) [Auto | Running] -- C:\XAMPP\xampp\mysql\bin\mysqld.exe -- (MySQL)
SRV - [2009/12/20 01:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- C:\XAMPP\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2009/12/16 19:01:26 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Users\Damien\AppData\Local\CrossLoop\CrossLoopService.exe -- (CrossLoopService)
SRV - [2009/12/06 22:12:48 | 001,590,216 | ---- | M] (UltraVNC) [On_Demand | Stopped] -- C:\Users\Damien\AppData\Local\CrossLoop\winvnc.exe -- (uvnc_service)
SRV - [2009/07/14 02:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 21:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2007/12/17 23:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/12/17 01:09:02 | 000,461,928 | ---- | M] (GoldSolution Software, Inc.) [Auto | Running] -- C:\Program Files (x86)\PC Auto Shutdown\ShutdownService.exe -- (PCAutoShutdown_Service)
SRV - [2007/01/11 23:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/04/23 12:26:26 | 000,154,272 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/08/17 10:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/18 09:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/13 15:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/02/18 07:20:34 | 000,056,160 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\busenum.sys -- (busenum)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 14:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/11/20 10:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010/09/13 16:28:00 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2010/07/17 00:39:59 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/06/25 17:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2009/11/04 17:59:36 | 000,133,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009/11/04 17:59:36 | 000,117,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009/11/04 17:59:36 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbfake.sys -- (hwusbfake)
DRV:64bit: - [2009/10/30 15:56:17 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/10/26 16:54:22 | 000,032,768 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/09/04 18:08:16 | 000,019,912 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2009/09/04 18:08:12 | 000,013,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2009/07/25 00:21:14 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vncmirror.sys -- (vncmirror)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009/06/10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/06/27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2007/03/22 20:56:52 | 000,036,248 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Ultra.sys -- (Ultra)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2465030
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-IE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A8 36 3A 07 E3 02 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{81AF55AF-8BBE-45C0-8FE1-419B4CD5DD74}: "URL" = http://www.google.ie/search?hl=en&source=hp&q={searchTerms}&meta=&aq=f&oq=&aqi=g10
IE - HKCU\..\SearchScopes\{84D6C944-C745-4D47-82F2-F25EBC3D2B07}: "URL" = http://www.google.ie/search?hl=en&source=hp&q={searchTerms}&meta=&aq=f&oq=&aqi=g10
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={756A08A0-1B97-48C5-BCB1-6E6760A2770A}&mid=9a7cd636cb61495e95cb5c580b75d976-9a17500a96d428a5cdb8b2643968b9a928fc107f&lang=en&ds=AVG&pr=fr&d=2012-05-28 19:32:43&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2465030
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:7.2.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid={faf64172-b3b1-498f-80f5-a691a705a045}&mid=9a7cd636cb61495e95cb5c580b75d976-9a17500a96d428a5cdb8b2643968b9a928fc107f&ds=AVG&v=11.1.0.7&lang=en&pr=fr&d=2012-05-28 19:32:43&sap=ku&q="
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/26 12:29:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/05/29 19:20:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/28 19:30:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012/05/28 19:32:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/27 21:36:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/10 19:31:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b4\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 4\components [2011/12/26 12:04:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 4\plugins [2012/04/10 19:31:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Damien\AppData\Roaming\IDM\idmmzcc5 [2012/05/05 11:23:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{C298387A-A7DF-11E1-8270-B8AC6F996F26}: C:\Users\Damien\AppData\Local\{C298387A-A7DF-11E1-8270-B8AC6F996F26}\ [2012/05/27 10:39:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Damien\AppData\Roaming\IDM\idmmzcc5 [2012/05/05 11:23:05 | 000,000,000 | ---D | M]
[2009/10/30 15:55:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Damien\AppData\Roaming\Mozilla\Extensions
[2012/05/26 10:59:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Damien\AppData\Roaming\Mozilla\Firefox\Profiles\5e3vplax.default\extensions
[2012/04/24 20:47:24 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Damien\AppData\Roaming\Mozilla\Firefox\Profiles\5e3vplax.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2012/05/18 18:29:12 | 000,000,000 | ---D | M] (IDM CC) -- C:\Users\Damien\AppData\Roaming\Mozilla\Firefox\Profiles\5e3vplax.default\extensions\mozilla_cc@internetdownloadmanager.com
[2011/12/02 15:44:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/02 15:44:54 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/28 19:30:39 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/05/29 19:20:46 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4
[2011/12/26 12:29:39 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/05/28 19:32:52 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.7
[2012/05/27 10:39:32 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\DAMIEN\APPDATA\LOCAL\{C298387A-A7DF-11E1-8270-B8AC6F996F26}
[2012/05/26 10:59:15 | 000,336,363 | ---- | M] () (No name found) -- C:\USERS\DAMIEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5E3VPLAX.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
[2012/05/15 20:11:18 | 000,006,578 | ---- | M] () (No name found) -- C:\USERS\DAMIEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5E3VPLAX.DEFAULT\EXTENSIONS\SUPPORT@RPNET.BIZ.XPI
[2012/04/27 21:36:27 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/27 21:36:23 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/05/28 19:32:41 | 000,003,747 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/11/11 11:35:24 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/27 21:36:23 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/04/27 21:36:23 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/04/27 21:36:27 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/04/27 21:36:23 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml
========== Chrome ==========
O1 HOSTS File: ([2012/05/28 21:03:23 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [brmsyl] rundll32.exe "C:\Users\Damien\AppData\Local\Temp\brmsyl.dll",IsConvertImagesDialogShowed File not found
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [unapls] rundll32.exe "C:\Users\Damien\AppData\Local\Temp\unapls.dll",QuaternionLn File not found
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMS - Shortcut.lnk = C:\Program Files (x86)\PS3 Media Server\PMS.exe (A. Brochard)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8:64bit: - Extra context menu item: Download with Mipony - C:\Program Files (x86)\MiPony\Browser\IEContext.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Download with Mipony - C:\Program Files (x86)\MiPony\Browser\IEContext.htm ()
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0DC95331-7737-4BA6-BAC0-15FF8AAAB442}: NameServer = 89.19.64.164,89.19.64.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F04856B-0360-4F71-A3F4-05DA07FF5720}: DhcpNameServer = 89.19.64.36 89.19.64.164
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFE72A30-02B0-4D49-880C-2F85CFCCFE15}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk /k:F *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/05/29 19:20:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/05/29 19:20:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/05/28 22:04:27 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Roaming\Malwarebytes
[2012/05/28 22:04:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/28 22:04:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/28 22:04:12 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/05/28 22:04:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/28 21:58:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/28 21:00:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/28 20:46:42 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/05/28 20:13:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/28 20:13:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/28 20:13:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/28 20:13:47 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/28 20:13:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/28 20:10:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/05/28 20:10:53 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/05/28 19:33:25 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Roaming\AVG2012
[2012/05/28 19:33:07 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\AVG Secure Search
[2012/05/28 19:32:42 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/05/28 19:32:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/05/28 19:32:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/05/28 19:31:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012/05/28 19:30:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/05/28 19:30:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2012/05/28 19:03:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/05/28 18:20:03 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{67E056DB-8A3C-4BBB-A84B-12549B87B6F1}
[2012/05/28 18:19:50 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{4D09D584-2D84-4AF7-B155-FC9CF1969168}
[2012/05/27 22:15:01 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{998A92F3-69DA-43D4-99E4-5B0E0A6AFB47}
[2012/05/27 22:01:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xilisoft
[2012/05/27 10:39:32 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{C298387A-A7DF-11E1-8270-B8AC6F996F26}
[2012/05/27 10:14:35 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{0FC63426-FA2B-46C8-9685-76BB906DE1CB}
[2012/05/27 10:14:24 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{D6009BEE-F57D-4104-9DFB-3215F20A2573}
[2012/05/26 13:18:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack x64
[2012/05/26 13:17:57 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack x64
[2012/05/26 10:55:12 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{975E98A2-5D9F-440D-99E3-95A27B2F6096}
[2012/05/26 10:54:56 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{6C5EFEEB-6B4F-4818-88D4-D6A07DE454AC}
[2012/05/25 18:34:41 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{811D4AF7-1663-4824-9B11-721DCA9F19BA}
[2012/05/25 18:34:18 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{3F729332-8E95-45E8-B974-A2A4CAAF6F1E}
[2012/05/24 18:24:19 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{4C62F3C3-B138-4919-BE88-E4EF9143ED8C}
[2012/05/24 18:23:52 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{B342B8F8-63D5-41E9-B9A5-01EAFDFD959E}
[2012/05/23 21:22:43 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{513B9B9C-3692-4A5F-9600-5BD351A5C97B}
[2012/05/23 21:22:29 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{6269B6DE-2524-4E33-A229-4D2344F4241C}
[2012/05/22 18:17:52 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{58BEA038-E882-42B5-89C7-A0C524B3C2E8}
[2012/05/22 18:17:28 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{41FFB006-BCD2-450F-99B8-E58CC9D62178}
[2012/05/21 18:39:57 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{3AE58492-BEC7-48B5-96F4-501D05A63D38}
[2012/05/21 18:39:44 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{787DC351-2947-4F40-AE23-7E3300BA9B65}
[2012/05/20 09:29:19 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{200A0D11-6751-4F7D-893B-6CB126F50A04}
[2012/05/20 09:28:46 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{6C464ED2-4608-4B93-B593-DACE0875ACCB}
[2012/05/19 20:20:01 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{5297DB6A-5D49-45B8-8EFC-73440BE14073}
[2012/05/19 08:19:10 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{00940FFF-8753-4793-8167-575B36F8EE2F}
[2012/05/19 08:18:53 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{AEFBA3C3-8301-4C76-9844-1CD180D19F95}
[2012/05/18 18:26:00 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{7CDAED30-2676-4105-9BFF-3533D9872FC1}
[2012/05/18 18:25:39 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{AEC0683C-EA16-4E37-B288-E0A4C125896A}
[2012/05/17 19:01:27 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{9A2664D8-6B52-4F0D-9F6A-C4532626916F}
[2012/05/17 19:01:00 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{82272DAE-BA29-452B-AF40-43E875F006C8}
[2012/05/16 21:09:44 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{7340F78A-677A-4F12-AECC-7BD01511F13E}
[2012/05/16 21:09:33 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{B855673D-D377-456C-8B2B-42C05CAA439C}
[2012/05/15 18:19:55 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{C11DC50F-E3CA-4DE7-AE53-17D6A4C3C894}
[2012/05/15 18:19:39 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{A58B84CA-8967-41C3-8C87-FE6620D8F916}
[2012/05/14 18:17:19 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{F32E6C03-83ED-4C42-991C-53D2AA00FA1B}
[2012/05/14 18:16:58 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{D1A9C3F3-F147-4005-91EF-FF0C49225B9E}
[2012/05/13 21:45:10 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{70352530-26A2-440E-AAC9-2B348D4B7867}
[2012/05/13 21:44:59 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{8DE582E8-8EBB-47D0-9BF3-D40CDE6789B4}
[2012/05/13 09:54:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/13 09:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/05/13 09:53:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/05/13 09:44:21 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{49863EFB-BDA4-429B-831B-DAF57C6350B3}
[2012/05/13 09:44:02 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{8F6EC3BB-CFE5-43F1-B233-A56341788DD7}
[2012/05/12 09:19:58 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{5E59D183-BB05-43B8-A69F-39EB7194DB3A}
[2012/05/12 09:19:40 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{DEEDACC2-A309-460A-95C5-14ACBA971083}
[2012/05/11 20:58:06 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{D8F7AB84-76D4-462F-8767-799810667B5B}
[2012/05/11 20:57:44 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{D2A1F9D2-77E6-40C0-AD4F-013B57A4EB2D}
[2012/05/10 13:27:22 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{C31358DE-AB59-489B-812F-B1D68E097F4A}
[2012/05/10 13:27:03 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{6127FA56-054D-45F1-875B-AB9DF062D326}
[2012/05/09 18:16:31 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{1D6D78B9-105D-4C02-92D6-6C19CDA22AF4}
[2012/05/09 18:16:11 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{E68596DD-72B8-479A-9EF1-9A3D11220FB0}
[2012/05/08 15:20:05 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{144FCDA6-4487-4002-9317-E298C3BAA5A9}
[2012/05/08 15:19:46 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{31A860D9-3C70-4386-BC55-9B7C474B8027}
[2012/05/07 11:36:24 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{F959FD00-38A3-4A85-884C-0E792052CA55}
[2012/05/07 11:36:03 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{EC1F278C-905C-42B4-BEA5-B0B452F34145}
[2012/05/06 23:35:37 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{7B28DD0C-E3D5-4182-8D0A-7EA6078E441B}
[2012/05/06 23:35:24 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{CB9D770F-8932-4481-8ED1-92527901878D}
[2012/05/06 11:34:53 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{02513A86-0DE9-4A37-822D-28F5B8908277}
[2012/05/06 11:34:36 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{08F79F9F-FA8F-41FB-8298-A59AB4CC25A3}
[2012/05/05 23:21:53 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{3C9F1C4F-3C30-4158-BF76-C452B43571CB}
[2012/05/05 11:21:20 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{01F4A0C5-6900-4D6F-AA86-EF5A389F209B}
[2012/05/05 11:21:06 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{A966CCCD-72B5-4798-ADF1-A92A075F1450}
[2012/05/04 18:38:51 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{C11C1397-BDCA-44C7-AB2C-F8071E9E3695}
[2012/05/04 18:38:30 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{8F464FEA-5339-41C5-81E3-CAC0F93474BE}
[2012/05/03 21:44:08 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{C2E93DE3-36E6-410E-BC18-9840E3BCC1A5}
[2012/05/03 21:43:50 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{48AE0376-5C42-4BD9-9524-11F32339F9F7}
[2012/05/03 20:07:38 | 000,154,272 | ---- | C] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys
[2012/05/02 18:58:08 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{D9921E95-326C-459C-A0C7-C17A7E49E762}
[2012/05/02 18:57:53 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{891520E3-D004-477B-AB96-6E40D3918DEE}
[2012/05/01 18:38:47 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{1987919F-7C2D-40A5-A2D2-F44EF1A7FA12}
[2012/05/01 18:38:20 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{2F5F99BE-8D42-442A-9F55-037E1B28BBD0}
[2012/04/30 18:17:43 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{8CF6422E-B3AB-451F-BAD6-B2D9298315FE}
[2012/04/30 18:17:27 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{C45137E1-D37C-44B1-9A4B-784EFA087CB8}
[2010/07/17 00:39:59 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Damien\AppData\Roaming\pcouffin.sys
========== Files - Modified Within 30 Days ==========
[2012/05/29 19:41:05 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/29 19:37:01 | 000,045,063 | ---- | M] () -- C:\Users\Damien\Desktop\errors.jpg
[2012/05/29 19:23:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/29 19:12:20 | 099,443,830 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/05/29 19:09:53 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/29 19:08:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/29 19:08:32 | 3219,787,776 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/28 22:55:17 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/28 22:55:17 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/28 22:33:29 | 000,002,324 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/05/28 22:03:37 | 000,783,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/28 22:03:37 | 000,667,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/28 22:03:37 | 000,126,178 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/28 21:03:23 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/05/28 21:02:17 | 000,000,362 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/05/28 20:10:53 | 000,002,981 | ---- | M] () -- C:\Users\Damien\Desktop\HiJackThis.lnk
[2012/05/28 19:31:13 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/05/28 19:31:13 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/05/19 08:28:32 | 000,000,971 | ---- | M] () -- C:\Users\Damien\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/05/15 19:00:00 | 000,092,160 | ---- | M] () -- C:\Windows\SysNative\ff_vfw.dll
[2012/05/10 13:25:34 | 003,045,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2012/05/29 19:26:06 | 000,045,063 | ---- | C] () -- C:\Users\Damien\Desktop\errors.jpg
[2012/05/29 19:12:20 | 099,443,830 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/05/28 22:33:29 | 000,002,324 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/05/28 20:13:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/28 20:13:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/28 20:13:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/28 20:13:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/28 20:13:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/28 20:10:53 | 000,002,981 | ---- | C] () -- C:\Users\Damien\Desktop\HiJackThis.lnk
[2012/05/28 19:31:13 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/05/28 19:31:13 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/05/26 13:17:59 | 000,203,264 | ---- | C] () -- C:\Windows\SysNative\unrar.dll
[2012/05/26 13:17:58 | 000,092,160 | ---- | C] () -- C:\Windows\SysNative\ff_vfw.dll
[2011/09/13 15:49:28 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\ptlx55.dat.{5728B11F-B697-47AA-9C1B-8ECB545B5193}
[2011/03/08 23:09:02 | 000,088,576 | ---- | C] () -- C:\Windows\SysWow64\OptimFROG.dll
[2011/01/06 12:11:41 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/11/07 13:38:45 | 000,247,824 | ---- | C] () -- C:\Windows\SysWow64\prgiso.dll
[2010/11/07 13:38:44 | 004,245,008 | ---- | C] () -- C:\Windows\SysWow64\qtp-mt334.dll
[2010/11/07 13:38:44 | 000,013,840 | ---- | C] () -- C:\Windows\SysWow64\wnaspi32.dll
[2010/07/25 17:28:23 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2010/07/25 17:28:23 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2010/07/25 17:28:23 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2010/07/25 17:28:23 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2010/07/25 17:28:23 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2010/07/25 17:28:23 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2010/07/25 17:28:23 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2010/07/25 17:28:23 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2010/07/25 17:28:23 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2010/07/25 17:28:23 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2010/07/25 17:28:23 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2010/07/25 17:28:23 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2010/07/25 17:28:23 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2010/07/25 17:28:23 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2010/07/25 17:28:23 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2010/07/25 17:28:23 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2010/07/25 17:28:23 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2010/07/25 17:28:23 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2010/07/25 17:28:23 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/07/24 18:28:01 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2010/07/17 14:50:09 | 000,788,168 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/17 00:39:59 | 000,007,859 | ---- | C] () -- C:\Users\Damien\AppData\Roaming\pcouffin.cat
[2010/07/17 00:39:59 | 000,001,167 | ---- | C] () -- C:\Users\Damien\AppData\Roaming\pcouffin.inf
========== LOP Check ==========
[2009/11/13 19:22:27 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Apowersoft
[2012/01/28 21:38:53 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Ashampoo
[2010/10/13 20:59:35 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\AVG10
[2012/05/28 19:33:25 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\AVG2012
[2012/01/03 23:11:23 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\calibre
[2010/04/02 11:35:30 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\cYo
[2009/10/30 14:53:58 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\DAEMON Tools Lite
[2009/10/30 14:42:26 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\DAEMON Tools Pro
[2011/03/08 23:09:10 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\dBpoweramp
[2012/05/28 22:33:34 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\DMCache
[2011/04/30 09:36:06 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\EPSON
[2010/11/03 23:04:15 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\ESET
[2012/04/08 20:08:07 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\FileZilla
[2010/02/20 14:31:36 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Helios
[2012/04/06 14:43:15 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\HTC
[2012/04/06 14:27:36 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012/05/05 11:22:57 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\IDM
[2010/11/21 16:32:05 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\ImgBurn
[2010/08/31 19:56:59 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\ImTOO
[2009/12/08 12:27:27 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Lexmark Productivity Studio
[2012/05/27 19:08:18 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Mipony
[2011/03/06 14:15:12 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\mkvtoolnix
[2011/12/23 19:45:21 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Nokia
[2010/10/23 16:52:49 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Ovusoft
[2010/08/21 14:48:27 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Pavtube
[2011/12/23 19:33:34 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\PC Suite
[2011/05/15 17:57:58 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\PMS
[2011/11/06 00:39:41 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\rockbox.org
[2009/12/03 20:02:25 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Softland
[2010/11/30 22:28:46 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Teleca
[2009/11/13 19:09:25 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Thinstall
[2010/02/02 23:57:49 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\ThumbGen
[2010/09/17 19:22:07 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\TightVNC
[2010/04/06 13:12:41 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\TuneUpMedia
[2012/05/27 23:10:45 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\uTorrent
[2010/01/12 20:02:03 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Vodafone
[2010/07/17 10:24:38 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Vso
[2010/03/12 20:14:38 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\WinAVI
[2010/03/12 20:19:26 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Xilisoft Corporation
[2012/04/12 18:15:08 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
< End of report >0 -
thanks in advance asj0
-
you need to disable spybot before doing this or the fix wont work
open OTL, paste this into the custom scan/fixes box
:OTL
O4:64bit: - HKLM..\Run: [brmsyl] rundll32.exe "C:\Users\Damien\AppData\Local\Temp\brmsyl.dll",IsConvertImagesDialogShowed File not found
O4:64bit: - HKLM..\Run: [unapls] rundll32.exe "C:\Users\Damien\AppData\Local\Temp\unapls.dll",QuaternionLn File not found
[2012/05/28 18:20:03 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{67E056DB-8A3C-4BBB-A84B-12549B87B6F1}
[2012/05/28 18:19:50 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{4D09D584-2D84-4AF7-B155-FC9CF1969168}
[2012/05/27 22:15:01 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{998A92F3-69DA-43D4-99E4-5B0E0A6AFB47}
[2012/05/27 10:39:32 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{C298387A-A7DF-11E1-8270-B8AC6F996F26}
[2012/05/27 10:14:35 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{0FC63426-FA2B-46C8-9685-76BB906DE1CB}
[2012/05/27 10:14:24 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{D6009BEE-F57D-4104-9DFB-3215F20A2573}
[2012/05/26 10:55:12 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{975E98A2-5D9F-440D-99E3-95A27B2F6096}
[2012/05/26 10:54:56 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{6C5EFEEB-6B4F-4818-88D4-D6A07DE454AC}
[2012/05/25 18:34:41 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{811D4AF7-1663-4824-9B11-721DCA9F19BA}
[2012/05/25 18:34:18 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{3F729332-8E95-45E8-B974-A2A4CAAF6F1E}
[2012/05/24 18:24:19 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{4C62F3C3-B138-4919-BE88-E4EF9143ED8C}
[2012/05/24 18:23:52 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{B342B8F8-63D5-41E9-B9A5-01EAFDFD959E}
[2012/05/23 21:22:43 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{513B9B9C-3692-4A5F-9600-5BD351A5C97B}
[2012/05/23 21:22:29 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{6269B6DE-2524-4E33-A229-4D2344F4241C}
[2012/05/22 18:17:52 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{58BEA038-E882-42B5-89C7-A0C524B3C2E8}
[2012/05/22 18:17:28 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{41FFB006-BCD2-450F-99B8-E58CC9D62178}
[2012/05/21 18:39:57 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{3AE58492-BEC7-48B5-96F4-501D05A63D38}
[2012/05/21 18:39:44 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{787DC351-2947-4F40-AE23-7E3300BA9B65}
[2012/05/20 09:29:19 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{200A0D11-6751-4F7D-893B-6CB126F50A04}
[2012/05/20 09:28:46 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{6C464ED2-4608-4B93-B593-DACE0875ACCB}
[2012/05/19 20:20:01 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{5297DB6A-5D49-45B8-8EFC-73440BE14073}
[2012/05/19 08:19:10 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{00940FFF-8753-4793-8167-575B36F8EE2F}
[2012/05/19 08:18:53 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{AEFBA3C3-8301-4C76-9844-1CD180D19F95}
[2012/05/18 18:26:00 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{7CDAED30-2676-4105-9BFF-3533D9872FC1}
[2012/05/18 18:25:39 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{AEC0683C-EA16-4E37-B288-E0A4C125896A}
[2012/05/17 19:01:27 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{9A2664D8-6B52-4F0D-9F6A-C4532626916F}
[2012/05/17 19:01:00 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{82272DAE-BA29-452B-AF40-43E875F006C8}
[2012/05/16 21:09:44 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{7340F78A-677A-4F12-AECC-7BD01511F13E}
[2012/05/16 21:09:33 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{B855673D-D377-456C-8B2B-42C05CAA439C}
[2012/05/15 18:19:55 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{C11DC50F-E3CA-4DE7-AE53-17D6A4C3C894}
[2012/05/15 18:19:39 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{A58B84CA-8967-41C3-8C87-FE6620D8F916}
[2012/05/14 18:17:19 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{F32E6C03-83ED-4C42-991C-53D2AA00FA1B}
[2012/05/14 18:16:58 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{D1A9C3F3-F147-4005-91EF-FF0C49225B9E}
[2012/05/13 21:45:10 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{70352530-26A2-440E-AAC9-2B348D4B7867}
[2012/05/13 21:44:59 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{8DE582E8-8EBB-47D0-9BF3-D40CDE6789B4}
[2012/05/13 09:44:21 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{49863EFB-BDA4-429B-831B-DAF57C6350B3}
[2012/05/13 09:44:02 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{8F6EC3BB-CFE5-43F1-B233-A56341788DD7}
[2012/05/12 09:19:58 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{5E59D183-BB05-43B8-A69F-39EB7194DB3A}
[2012/05/12 09:19:40 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{DEEDACC2-A309-460A-95C5-14ACBA971083}
[2012/05/11 20:58:06 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{D8F7AB84-76D4-462F-8767-799810667B5B}
[2012/05/11 20:57:44 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{D2A1F9D2-77E6-40C0-AD4F-013B57A4EB2D}
[2012/05/10 13:27:22 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{C31358DE-AB59-489B-812F-B1D68E097F4A}
[2012/05/10 13:27:03 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{6127FA56-054D-45F1-875B-AB9DF062D326}
[2012/05/09 18:16:31 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{1D6D78B9-105D-4C02-92D6-6C19CDA22AF4}
[2012/05/09 18:16:11 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{E68596DD-72B8-479A-9EF1-9A3D11220FB0}
[2012/05/08 15:20:05 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{144FCDA6-4487-4002-9317-E298C3BAA5A9}
[2012/05/08 15:19:46 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{31A860D9-3C70-4386-BC55-9B7C474B8027}
[2012/05/07 11:36:24 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{F959FD00-38A3-4A85-884C-0E792052CA55}
[2012/05/07 11:36:03 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{EC1F278C-905C-42B4-BEA5-B0B452F34145}
[2012/05/06 23:35:37 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{7B28DD0C-E3D5-4182-8D0A-7EA6078E441B}
[2012/05/06 23:35:24 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{CB9D770F-8932-4481-8ED1-92527901878D}
[2012/05/06 11:34:53 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{02513A86-0DE9-4A37-822D-28F5B8908277}
[2012/05/06 11:34:36 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{08F79F9F-FA8F-41FB-8298-A59AB4CC25A3}
[2012/05/05 23:21:53 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{3C9F1C4F-3C30-4158-BF76-C452B43571CB}
[2012/05/05 11:21:20 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{01F4A0C5-6900-4D6F-AA86-EF5A389F209B}
[2012/05/05 11:21:06 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{A966CCCD-72B5-4798-ADF1-A92A075F1450}
[2012/05/04 18:38:51 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{C11C1397-BDCA-44C7-AB2C-F8071E9E3695}
[2012/05/04 18:38:30 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{8F464FEA-5339-41C5-81E3-CAC0F93474BE}
[2012/05/03 21:44:08 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{C2E93DE3-36E6-410E-BC18-9840E3BCC1A5}
[2012/05/03 21:43:50 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{48AE0376-5C42-4BD9-9524-11F32339F9F7}
[2012/05/02 18:58:08 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{D9921E95-326C-459C-A0C7-C17A7E49E762}
[2012/05/02 18:57:53 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{891520E3-D004-477B-AB96-6E40D3918DEE}
[2012/05/01 18:38:47 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{1987919F-7C2D-40A5-A2D2-F44EF1A7FA12}
[2012/05/01 18:38:20 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{2F5F99BE-8D42-442A-9F55-037E1B28BBD0}
[2012/04/30 18:17:43 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{8CF6422E-B3AB-451F-BAD6-B2D9298315FE}
[2012/04/30 18:17:27 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Local\{C45137E1-D37C-44B1-9A4B-784EFA087CB8}
:Commands
[PURITY]
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[EMPTYJAVA]
[Clearallrestorepoints]
[Reboot]
:Files
ipconfig /flushdns /c
Click Run Fix, post the log it gives you0 -
Ran fix. Machine has to reboot. Will post log shortly.
So what is the issue do you think?0 -
Advertisement
-
typical malware infection, nothing too bad. you just had left over registry entries from it that are causing that error. spybot stopped combofix from removing them0
-
Thanks man. What does this particular malware do and how did it likely get past eset in the first place0
-
no idea, would have to analyze the file that caused the problem to answer that Q. As for how it got past eset, could be from installing a codec, using a crack/keygen, javascript vulnerability, so many ways to get infected.0
-
All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\brmsyl deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\unapls deleted successfully.
C:\Users\Damien\AppData\Local\{67E056DB-8A3C-4BBB-A84B-12549B87B6F1} folder moved successfully.
C:\Users\Damien\AppData\Local\{4D09D584-2D84-4AF7-B155-FC9CF1969168} folder moved successfully.
C:\Users\Damien\AppData\Local\{998A92F3-69DA-43D4-99E4-5B0E0A6AFB47} folder moved successfully.
C:\Users\Damien\AppData\Local\{C298387A-A7DF-11E1-8270-B8AC6F996F26}\chrome\content folder moved successfully.
C:\Users\Damien\AppData\Local\{C298387A-A7DF-11E1-8270-B8AC6F996F26}\chrome folder moved successfully.
C:\Users\Damien\AppData\Local\{C298387A-A7DF-11E1-8270-B8AC6F996F26} folder moved successfully.
C:\Users\Damien\AppData\Local\{0FC63426-FA2B-46C8-9685-76BB906DE1CB} folder moved successfully.
C:\Users\Damien\AppData\Local\{D6009BEE-F57D-4104-9DFB-3215F20A2573} folder moved successfully.
C:\Users\Damien\AppData\Local\{975E98A2-5D9F-440D-99E3-95A27B2F6096} folder moved successfully.
C:\Users\Damien\AppData\Local\{6C5EFEEB-6B4F-4818-88D4-D6A07DE454AC} folder moved successfully.
C:\Users\Damien\AppData\Local\{811D4AF7-1663-4824-9B11-721DCA9F19BA} folder moved successfully.
C:\Users\Damien\AppData\Local\{3F729332-8E95-45E8-B974-A2A4CAAF6F1E} folder moved successfully.
C:\Users\Damien\AppData\Local\{4C62F3C3-B138-4919-BE88-E4EF9143ED8C} folder moved successfully.
C:\Users\Damien\AppData\Local\{B342B8F8-63D5-41E9-B9A5-01EAFDFD959E} folder moved successfully.
C:\Users\Damien\AppData\Local\{513B9B9C-3692-4A5F-9600-5BD351A5C97B} folder moved successfully.
C:\Users\Damien\AppData\Local\{6269B6DE-2524-4E33-A229-4D2344F4241C} folder moved successfully.
C:\Users\Damien\AppData\Local\{58BEA038-E882-42B5-89C7-A0C524B3C2E8} folder moved successfully.
C:\Users\Damien\AppData\Local\{41FFB006-BCD2-450F-99B8-E58CC9D62178} folder moved successfully.
C:\Users\Damien\AppData\Local\{3AE58492-BEC7-48B5-96F4-501D05A63D38} folder moved successfully.
C:\Users\Damien\AppData\Local\{787DC351-2947-4F40-AE23-7E3300BA9B65} folder moved successfully.
C:\Users\Damien\AppData\Local\{200A0D11-6751-4F7D-893B-6CB126F50A04} folder moved successfully.
C:\Users\Damien\AppData\Local\{6C464ED2-4608-4B93-B593-DACE0875ACCB} folder moved successfully.
C:\Users\Damien\AppData\Local\{5297DB6A-5D49-45B8-8EFC-73440BE14073} folder moved successfully.
C:\Users\Damien\AppData\Local\{00940FFF-8753-4793-8167-575B36F8EE2F} folder moved successfully.
C:\Users\Damien\AppData\Local\{AEFBA3C3-8301-4C76-9844-1CD180D19F95} folder moved successfully.
C:\Users\Damien\AppData\Local\{7CDAED30-2676-4105-9BFF-3533D9872FC1} folder moved successfully.
C:\Users\Damien\AppData\Local\{AEC0683C-EA16-4E37-B288-E0A4C125896A} folder moved successfully.
C:\Users\Damien\AppData\Local\{9A2664D8-6B52-4F0D-9F6A-C4532626916F} folder moved successfully.
C:\Users\Damien\AppData\Local\{82272DAE-BA29-452B-AF40-43E875F006C8} folder moved successfully.
C:\Users\Damien\AppData\Local\{7340F78A-677A-4F12-AECC-7BD01511F13E} folder moved successfully.
C:\Users\Damien\AppData\Local\{B855673D-D377-456C-8B2B-42C05CAA439C} folder moved successfully.
C:\Users\Damien\AppData\Local\{C11DC50F-E3CA-4DE7-AE53-17D6A4C3C894} folder moved successfully.
C:\Users\Damien\AppData\Local\{A58B84CA-8967-41C3-8C87-FE6620D8F916} folder moved successfully.
C:\Users\Damien\AppData\Local\{F32E6C03-83ED-4C42-991C-53D2AA00FA1B} folder moved successfully.
C:\Users\Damien\AppData\Local\{D1A9C3F3-F147-4005-91EF-FF0C49225B9E} folder moved successfully.
C:\Users\Damien\AppData\Local\{70352530-26A2-440E-AAC9-2B348D4B7867} folder moved successfully.
C:\Users\Damien\AppData\Local\{8DE582E8-8EBB-47D0-9BF3-D40CDE6789B4} folder moved successfully.
C:\Users\Damien\AppData\Local\{49863EFB-BDA4-429B-831B-DAF57C6350B3} folder moved successfully.
C:\Users\Damien\AppData\Local\{8F6EC3BB-CFE5-43F1-B233-A56341788DD7} folder moved successfully.
C:\Users\Damien\AppData\Local\{5E59D183-BB05-43B8-A69F-39EB7194DB3A} folder moved successfully.
C:\Users\Damien\AppData\Local\{DEEDACC2-A309-460A-95C5-14ACBA971083} folder moved successfully.
C:\Users\Damien\AppData\Local\{D8F7AB84-76D4-462F-8767-799810667B5B} folder moved successfully.
C:\Users\Damien\AppData\Local\{D2A1F9D2-77E6-40C0-AD4F-013B57A4EB2D} folder moved successfully.
C:\Users\Damien\AppData\Local\{C31358DE-AB59-489B-812F-B1D68E097F4A} folder moved successfully.
C:\Users\Damien\AppData\Local\{6127FA56-054D-45F1-875B-AB9DF062D326} folder moved successfully.
C:\Users\Damien\AppData\Local\{1D6D78B9-105D-4C02-92D6-6C19CDA22AF4} folder moved successfully.
C:\Users\Damien\AppData\Local\{E68596DD-72B8-479A-9EF1-9A3D11220FB0} folder moved successfully.
C:\Users\Damien\AppData\Local\{144FCDA6-4487-4002-9317-E298C3BAA5A9} folder moved successfully.
C:\Users\Damien\AppData\Local\{31A860D9-3C70-4386-BC55-9B7C474B8027} folder moved successfully.
C:\Users\Damien\AppData\Local\{F959FD00-38A3-4A85-884C-0E792052CA55} folder moved successfully.
C:\Users\Damien\AppData\Local\{EC1F278C-905C-42B4-BEA5-B0B452F34145} folder moved successfully.
C:\Users\Damien\AppData\Local\{7B28DD0C-E3D5-4182-8D0A-7EA6078E441B} folder moved successfully.
C:\Users\Damien\AppData\Local\{CB9D770F-8932-4481-8ED1-92527901878D} folder moved successfully.
C:\Users\Damien\AppData\Local\{02513A86-0DE9-4A37-822D-28F5B8908277} folder moved successfully.
C:\Users\Damien\AppData\Local\{08F79F9F-FA8F-41FB-8298-A59AB4CC25A3} folder moved successfully.
C:\Users\Damien\AppData\Local\{3C9F1C4F-3C30-4158-BF76-C452B43571CB} folder moved successfully.
C:\Users\Damien\AppData\Local\{01F4A0C5-6900-4D6F-AA86-EF5A389F209B} folder moved successfully.
C:\Users\Damien\AppData\Local\{A966CCCD-72B5-4798-ADF1-A92A075F1450} folder moved successfully.
C:\Users\Damien\AppData\Local\{C11C1397-BDCA-44C7-AB2C-F8071E9E3695} folder moved successfully.
C:\Users\Damien\AppData\Local\{8F464FEA-5339-41C5-81E3-CAC0F93474BE} folder moved successfully.
C:\Users\Damien\AppData\Local\{C2E93DE3-36E6-410E-BC18-9840E3BCC1A5} folder moved successfully.
C:\Users\Damien\AppData\Local\{48AE0376-5C42-4BD9-9524-11F32339F9F7} folder moved successfully.
C:\Users\Damien\AppData\Local\{D9921E95-326C-459C-A0C7-C17A7E49E762} folder moved successfully.
C:\Users\Damien\AppData\Local\{891520E3-D004-477B-AB96-6E40D3918DEE} folder moved successfully.
C:\Users\Damien\AppData\Local\{1987919F-7C2D-40A5-A2D2-F44EF1A7FA12} folder moved successfully.
C:\Users\Damien\AppData\Local\{2F5F99BE-8D42-442A-9F55-037E1B28BBD0} folder moved successfully.
C:\Users\Damien\AppData\Local\{8CF6422E-B3AB-451F-BAD6-B2D9298315FE} folder moved successfully.
C:\Users\Damien\AppData\Local\{C45137E1-D37C-44B1-9A4B-784EFA087CB8} folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: AppData
->Temp folder emptied: 0 bytes
User: Carol-Anne
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 27756971 bytes
->Java cache emptied: 122594 bytes
->FireFox cache emptied: 542483505 bytes
->Google Chrome cache emptied: 7102154 bytes
->Flash cache emptied: 24552 bytes
User: Damien
->Temp folder emptied: 1155301 bytes
->Temporary Internet Files folder emptied: 12817119 bytes
->Java cache emptied: 8478 bytes
->FireFox cache emptied: 79701065 bytes
->Flash cache emptied: 76466 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 88433 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 87541 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67496 bytes
RecycleBin emptied: 32805452 bytes
Total Files Cleaned = 672.00 mb
[EMPTYFLASH]
User: All Users
User: AppData
User: Carol-Anne
->Flash cache emptied: 0 bytes
User: Damien
->Flash cache emptied: 0 bytes
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Public
User: UpdatusUser
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYJAVA]
User: All Users
User: AppData
User: Carol-Anne
->Java cache emptied: 0 bytes
User: Damien
->Java cache emptied: 0 bytes
User: Default
User: Default User
User: Public
User: UpdatusUser
Total Java Files Cleaned = 0.00 mb
Restore point Set: OTL Restore Point
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
\cmd.bat deleted successfully.
\cmd.txt deleted successfully.
OTL by OldTimer - Version 3.2.44.0 log created on 05292012_202845
Files\Folders moved on Reboot...
C:\Users\Damien\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...0 -
so how does that look?0
-
all good unless you are having any more problems0
-
hmmm. i think my dl speed isnt up to scratch.
normally get 2mb/s constant, barely getting 1.5 now. related?
EDIT: And I alse use a remote desktop app on my android phone to connect to PC. it's now orking, getting a timeout error:
"failed to connect to 192.1681.1.2 (port 3389) after 6000ms0 -
have you done this partalso fully uninstall one of those two anti-viruses, AVG/Avast, not good for your PC to have both on there even if one is messed up.0
-
-
could be due to installing AVG, it requiring more resources, other than that I am not sure. Wouldn't hurt to remove spybot since you have mbam, may help.
no idea about the phone issue, we did flush your DNS cache but that's perfectly normal/safe to do...0 -
Advertisement
-
thanks man. I'll try that and get back to you.
what antivirus and malware combo do you recommend.
should eset and malware bytes before enough?
i always found eset powerful but light on resources0 -
yeah eset and mbam are great, use a good browser like srware iron and you are good to go
http://www.srware.net/en/software_srware_iron_download.php0 -
Thanks man, really appreciated all your help with this.
Getting late now so tomorrow evening I will install eset, and uninstall avg. hopefully that will solve my two outstanding issues.0 -
ASJ, Just have a quick question regarding Malwarebytes. It regularly blocks the following:
80.82.66.27 (Type: outgoing, Port: XXXXX, Process: firefox.exe)
109.163.230.114 (Type: outgoing, Port: XXXXX, Process: firefox.exe)
The ports change for each entry on the log.
Any ideas what this might be?
Thanks in advance0 -
The first one seems to be from Holland, the latter is Irish. Cant say much more than that. I wouldn't worry bout them if you aren't having any issues.
Probably best to post on the mbam forum if you want a definitive answer on them.0
Advertisement