# Radio adverts playing in background - suspected malware



## binocularface (Feb 28, 2012)

Hi,
I run Windows 7 64bit Home Premium. I am getting random radio style adverts and short bursts of music playing through my PC (over everything else). I suspect this is malware or adware. Any assistance is greatly appreciated.

Regards
B

Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:54:43, on 28/02/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Users\KathTristan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\KathTristan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\KathTristan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\KathTristan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\KathTristan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\KathTristan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\KathTristan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coIEPlg.dll
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\KathTristan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Licensing Console - - C:\Windows\SysWOW64\adbcnsl.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10906 bytes

DDS Txt:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421
Run by KathTristan at 10:49:25 on 2012-02-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6088.3433 [GMT 0:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\spool\drivers\x64\3\EKAiO2MUI.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Windows\TEMP\mrt4EBB.tmp\stdrt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\EgisTec IPS\PMMUpdate.exe
C:\Program Files\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Users\KathTristan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\KathTristan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\KathTristan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\KathTristan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\KathTristan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\KathTristan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\KathTristan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://acer.msn.com
uDefault_Page_URL = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\IPS\IPSBHO.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coIEPlg.dll
uRun: [Google Update] "C:\Users\KathTristan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
StartupFolder: C:\Users\KATHTR~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{F8671C30-CFA5-45E6-957C-6D6528B554C5} : DhcpNameServer = 192.168.1.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coIEPlg.dll
mRun-x64: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun-x64: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
Hosts: 0.0.0.0 localhost 
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20120215.001\BHDrvx64.sys [2012-2-15 1157240]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20120225.003\IDSviA64.sys [2012-2-28 488568]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0502000.00D\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-5-30 36456]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-12-1 13336]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-10-17 244624]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccsvchst.exe [2012-1-31 130008]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-1 2656280]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-4 138360]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
S2 Adobe Licensing Console;Adobe Licensing Console;C:\Windows\SysWOW64\adbcnsl.exe [2012-2-19 690474]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-6-21 173424]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-02-28 10:27:11	388096	----a-r-	C:\Users\KathTristan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-28 10:27:11	--------	d-----w-	C:\Program Files (x86)\Trend Micro
2012-02-27 16:57:40	--------	d-----w-	C:\Users\KathTristan\AppData\Local\{0756F7BF-D790-4FE4-A9A6-FEBE7FEE4044}
2012-02-27 16:57:30	--------	d-----w-	C:\Users\KathTristan\AppData\Local\{0D35CABB-247D-41FC-A518-BDAEFAD24F67}
2012-02-26 23:01:50	--------	d-----w-	C:\Users\KathTristan\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-02-19 20:15:12	--------	d-----w-	C:\Users\KathTristan\AppData\Local\{A903543A-3A4D-4F36-BF0C-31EFE20E9C02}
2012-02-19 20:15:02	--------	d-----w-	C:\Users\KathTristan\AppData\Local\{6C4C167E-61BB-4EB3-B736-2475F6C750C9}
2012-02-19 18:33:55	384	----a-w-	C:\Windows\SysWow64\checkOS.bat
2012-02-19 09:49:02	--------	d-----w-	C:\Users\KathTristan\AppData\Local\CrashDumps
2012-02-19 09:48:33	--------	d-----w-	C:\Users\KathTristan\AppData\Roaming\SongManager
2012-02-19 09:47:43	--------	d-----w-	C:\Program Files (x86)\Conduit
2012-02-19 09:47:36	--------	d-----w-	C:\Program Files (x86)\uTorrent
2012-02-19 09:45:20	225280	----a-w-	C:\Windows\SysWow64\rewire.dll
2012-02-19 09:45:20	--------	d-----w-	C:\Program Files (x86)\VstPlugins
2012-02-19 09:45:13	1554944	----a-w-	C:\Windows\SysWow64\vorbis.acm
2012-02-19 09:43:36	--------	d-----w-	C:\Users\KathTristan\AppData\Roaming\MMFApplications
2012-02-19 09:42:51	690474	----a-w-	C:\Windows\SysWow64\adbcnsl.exe
2012-02-19 07:51:54	509952	----a-w-	C:\Windows\System32\ntshrui.dll
2012-02-19 07:51:54	442880	----a-w-	C:\Windows\SysWow64\ntshrui.dll
2012-02-19 07:51:52	515584	----a-w-	C:\Windows\System32\timedate.cpl
2012-02-19 07:51:52	478720	----a-w-	C:\Windows\SysWow64\timedate.cpl
2012-02-19 07:51:52	3145728	----a-w-	C:\Windows\System32\win32k.sys
2012-02-19 07:51:39	498688	----a-w-	C:\Windows\System32\drivers\afd.sys
2012-02-19 07:51:28	690688	----a-w-	C:\Windows\SysWow64\msvcrt.dll
2012-02-19 07:51:28	634880	----a-w-	C:\Windows\System32\msvcrt.dll
2012-02-13 22:14:50	--------	d-----w-	C:\Program Files (x86)\ASIO4ALL v2
2012-02-13 18:33:33	--------	d-----w-	C:\Program Files (x86)\Outsim
2012-02-13 18:32:18	--------	d-----w-	C:\Program Files (x86)\Image-Line
2012-02-13 14:58:03	--------	d-----w-	C:\Users\KathTristan\AppData\Local\Conduit
2012-02-13 14:57:16	--------	d-----w-	C:\Users\KathTristan\AppData\Roaming\uTorrent
2012-02-12 17:05:28	--------	d-----w-	C:\ProgramData\RosettaStoneLtdServices
2012-02-08 11:06:06	--------	d-----w-	C:\Users\KathTristan\AppData\Local\Diagnostics
2012-02-06 11:31:20	--------	d-----w-	C:\Users\KathTristan\AppData\Roaming\NeatImage PS 64
2012-02-06 10:34:42	--------	d-----w-	C:\Program Files\Neat Image for Photoshop
2012-02-06 09:10:14	--------	d-----w-	C:\Users\KathTristan\AppData\Local\Windows Live
2012-02-06 09:10:14	--------	d-----w-	C:\Users\KathTristan\AppData\Local\{A54A3D9F-93EE-4CD2-8DB4-F1BE92456254}
2012-02-06 09:10:04	--------	d-----w-	C:\Users\KathTristan\AppData\Local\{D63EDA0B-CA14-42D4-820B-F4EF86A6D888}
2012-02-06 09:10:04	--------	d-----w-	C:\Users\KathTristan\AppData\Local\{BD364EF8-BE61-40B1-8752-15202D1B4EE9}
2012-02-06 07:48:19	--------	d-----w-	C:\Windows\WICCodecs
2012-01-31 06:54:18	912504	----a-w-	C:\Windows\System32\drivers\N360x64\0502000.00D\symefa64.sys
2012-01-31 06:54:18	744568	----a-w-	C:\Windows\System32\drivers\N360x64\0502000.00D\srtsp64.sys
2012-01-31 06:54:18	450680	----a-w-	C:\Windows\System32\drivers\N360x64\0502000.00D\symds64.sys
2012-01-31 06:54:18	40568	----a-w-	C:\Windows\System32\drivers\N360x64\0502000.00D\srtspx64.sys
2012-01-31 06:54:18	386168	----a-w-	C:\Windows\System32\drivers\N360x64\0502000.00D\symnets.sys
2012-01-31 06:54:18	171128	----a-r-	C:\Windows\System32\drivers\N360x64\0502000.00D\ironx64.sys
2012-01-31 06:54:12	--------	d-----w-	C:\Windows\System32\drivers\N360x64\0502000.00D
2012-01-29 12:45:26	--------	d-----w-	C:\Users\KathTristan\AppData\Roaming\Garmin
2012-01-29 12:45:19	--------	d-----w-	C:\Program Files\Garmin GPS Plugin
2012-01-29 12:45:18	--------	d-----w-	C:\Program Files (x86)\Garmin GPS Plugin
2012-01-29 12:45:16	--------	d-----w-	C:\Program Files (x86)\Garmin
.
==================== Find3M ====================
.
2012-01-23 19:28:29	174200	----a-w-	C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-12-14 07:11:03	2308096	----a-w-	C:\Windows\System32\jscript9.dll
2011-12-14 07:04:30	1390080	----a-w-	C:\Windows\System32\wininet.dll
2011-12-14 07:03:38	1493504	----a-w-	C:\Windows\System32\inetcpl.cpl
2011-12-14 06:57:28	2382848	----a-w-	C:\Windows\System32\mshtml.tlb
2011-12-14 03:04:54	1798656	----a-w-	C:\Windows\SysWow64\jscript9.dll
2011-12-14 02:57:18	1127424	----a-w-	C:\Windows\SysWow64\wininet.dll
2011-12-14 02:56:58	1427456	----a-w-	C:\Windows\SysWow64\inetcpl.cpl
2011-12-14 02:50:04	2382848	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2011-12-11 00:48:04	177664	----a-w-	C:\Windows\System32\EKAiO2COI07.dll
2011-12-11 00:47:38	1058304	----a-w-	C:\Windows\System32\EKAiO2MON.dll
.
============= FINISH: 10:51:21.16 ===============


----------



## eddie5659 (Mar 19, 2001)

Hiya and welcome to Tech Support Guy, binocularface 

*P2P Warning!*


*IMPORTANT* I notice there are signs of one or more *P2P (Person to Person) File Sharing Programs* on your computer.

* µTorrent
*

Please note that as long as you are using any form of *Peer-to-Peer networking* and *downloading files* from non-documented sources, you can expect infestations of malware to occur 
Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation

I'd like you to read the *Guidelines for P2P Programs* where we explain why it's not a good idea to have them.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

Cyber Education Letter
File sharing infects 500,000 computers 
USAToday

I would recommend that you uninstall the above, however that choice is up to you. If you choose to remove these programs, you can do so via *Control Panel >> Add or Remove Programs*.

*If you decide to keep the program in spite of the risks involved, do not use it until I have finished cleaning your computer and have given you the all clear.*

----------------------------
Now that's out of the way, lets get started 

*Clear Cache/Temp Files*
Download *TFC by OldTimer* to your desktop

 Please double-click *TFC.exe* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*).
It *will close all programs* when run, so make sure you have *saved all your work* before you begin.
Click the *Start* button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. *Let it run uninterrupted to completion*. 
Once it's finished it should *reboot your machine*. If it does not, please *manually reboot the machine* yourself to ensure a complete clean.

Please download Malwarebytes' Anti-Malware from *Here*

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Full Scan*", then click *Scan*.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
*If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.*

*Download and scan with* *SUPERAntiSpyware* Free Edition for Home Users
Double-click *SUPERAntiSpyware.exe* and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "*Yes*". If not, update the definitions before scanning by selecting "*Check for Updates*". (_If you encounter any problems while downloading the updates, manually download and unzip them from here._)
Under "*Configuration and Preferences*", click the *Preferences* button.
Click the *Scanning Control* tab.
Under *Scanner Options* make sure the following are checked _(leave all others unchecked)_:
_Close browsers before scanning._
_Scan for tracking cookies._
_Terminate memory threats before quarantining._

Click the "*Home*" button to leave the control center screen.
On the right, under "*Complete Scan*", choose *Perform Complete Scan*.
Click *Scan your computer*.
On the left, select all *fixed drives*.
Click "*Start Complete Scan*" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "*Continue*".
Make sure everything has a checkmark next to it and click "*Next*".
A notification will appear that "_Quarantine and Removal is Complete_". Click "*Remove Threats*" and then click the "*Finish*" button to return to the main menu.
If asked if you want to reboot, click "*Yes*".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
_Click *View Scan Logs*.
[*]Under Scanner Logs, double-click *SUPERAntiSpyware Scan Log*.
[*]If there are several logs, click the current dated log and press *View log*. A text file will open in your default text editor.
[*]Please copy and paste the Scan Log results in your next reply._
_[*]Click *Close* to exit the program._
_

Please include the *MBAM log and, SUPERAntiSpyware Scan Log and a fresh HijackThis log *in your next reply

eddie_


----------



## binocularface (Feb 28, 2012)

Many thanks Eddie; I have followed your instructions (including removal of P2P software) and logs copied below:

Regards
B

*SUPERAntiSpyware Scan Log
*http://www.superantispyware.com

Generated 03/01/2012 at 00:11 AM

Application Version : 5.0.1144

Core Rules Database Version : 8291
Trace Rules Database Version: 6103

Scan type : Complete Scan
Total Scan Time : 00:49:41

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 536
Memory threats detected : 0
Registry items scanned : 63992
Registry threats detected : 0
File items scanned : 208434
File threats detected : 347

Adware.Tracking Cookie
C:\USERS\KATHTRISTAN\AppData\Roaming\Microsoft\Windows\Cookies\MM97T1ZY.txt [ Cookie:[email protected]/adServe/banners ]
C:\USERS\KATHTRISTAN\Cookies\MM97T1ZY.txt [ Cookie:[email protected]/adServe/banners ]
.collective-media.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.getclicky.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.static.getclicky.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
in.getclicky.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.opodo.122.2o7.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.aimfar.solution.weborama.fr [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www4.smartadserver.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.care2.112.2o7.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.gamesbannernet.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.flybe.db.advertising.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.xiti.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traveladvertising.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.oggifinogi.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traveladvertising.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hearstdigital.122.2o7.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
count.olympus-europa.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.affilibid.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
s10.flagcounter.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
sales.liveperson.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.paypal.112.2o7.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.segainc.112.2o7.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adinterax.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adinterax.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
wstat.wibiya.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adserver.twitpic.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
s09.flagcounter.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traveladvertising.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.web-stat.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.web-stat.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.web-stat.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kantarmedia.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kantarmedia.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.stats.paypal.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rosettastone.112.2o7.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.192com.112.2o7.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
s10.flagcounter.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adserve.forumsmart.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.overture.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
media-mgmt.armorgames.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.saymedia.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
httptrack.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adxvalue.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dmtracker.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trinitymirror.112.2o7.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.game-clicks.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.saymedia.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.unrulymedia.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.gamesbannernet.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www6.addfreestats.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
uk.sitestat.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
uk.sitestat.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.microsoftsto.112.2o7.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
s03.flagcounter.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
static.freewebs.getclicky.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stat.komoona.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stat.komoona.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.msnbc.112.2o7.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yieldmanager.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.uk.at.atwola.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
marksector.rotator.hadj7.adjuggler.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
marksector.rotator.hadj7.adjuggler.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
marksector.rotator.hadj7.adjuggler.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bs.serving-sys.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
005.free-counters.co.uk [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.movescount.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.movescount.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.movescount.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adform.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adxpose.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stat.onestat.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stat.onestat.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.chitika.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mm.chitika.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bs.serving-sys.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.uk.at.atwola.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.uk.at.atwola.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c1.atdmt.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ar.atwola.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.snowfinders.co.uk [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.snowfinders.co.uk [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.snowfinders.co.uk [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.snowfinders.co.uk [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.snowfinders.co.uk [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adserve.forumsmart.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adserve.forumsmart.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
airfrance.front.bannerfactory.ecritel.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.virginmedia.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.steelhousemedia.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.steelhousemedia.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
statse.webtrendslive.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.prd1.netshelter.net [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad2.adfarm1.adition.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\KATHTRISTAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
cdn2.baronsmedia.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\T4SJSE4E ]
content.yieldmanager.edgesuite.net [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\T4SJSE4E ]
ds.serving-sys.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\T4SJSE4E ]
ec.atdmt.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\T4SJSE4E ]
ia.media-imdb.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\T4SJSE4E ]
media.heavy.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\T4SJSE4E ]
onlinebusinessadvertising.us [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\T4SJSE4E ]
s0.2mdn.net [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\T4SJSE4E ]
socialmediaintegration.info [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\T4SJSE4E ]
tag.mediashakers.hiro.tv [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\T4SJSE4E ]
www.countryonmyback.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\T4SJSE4E ]

PUP.SoftonicDownloader
C:\USERS\KATHTRISTAN\DOWNLOADS\SOFTONICDOWNLOADER_FOR_UTORRENT.EXE

*Malwarebytes Anti-Malware 1.60.1.1000*
www.malwarebytes.org

Database version: v2012.02.29.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
KathTristan :: KATHTRISTAN-PC [administrator]

29/02/2012 22:45:01
mbam-log-2012-02-29 (22-45-01).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 338180
Time elapsed: 32 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Logfile of Trend Micro* HijackThis* v2.0.4
Scan saved at 00:15:35, on 01/03/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coIEPlg.dll
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\KathTristan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Licensing Console - - C:\Windows\SysWOW64\adbcnsl.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11269 bytes


----------



## eddie5659 (Mar 19, 2001)

Thanks 

Can you run these for me, to see if any rootkits are present:

Download the latest version of TDSSKiller from *here* and save it to your Desktop.


Doubleclick on *TDSSKiller.exe* to run the application, then click on *Change parameters*.










Check the boxes beside *Verify Driver Digital Signature and Detect TDLFS* file system, then click OK.










Click the *Start Scan* button.










If a suspicious object is detected, the default action will be *Skip*, click on *Continue*.










If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure *Cure* is selected, then click *Continue* => *Reboot now* to finish the cleaning process.










Note: *If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.*

A report will be created in your root directory, (usually C:\ folder) in the form of *"TDSSKiller.[Version]_[Date]_[Time]_log.txt"*. Please copy and paste its contents on your next reply

---------

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan 









On completion of the scan click save log, save it to your desktop and post in your next reply 









eddie


----------



## binocularface (Feb 28, 2012)

Many thanks:

*Here is TDSS rootkit log:*

19:33:45.0734 4588	TDSS rootkit removing tool 2.7.17.0 Feb 29 2012 14:02:24
19:33:47.0364 4588	============================================================
19:33:47.0364 4588	Current date / time: 2012/03/01 19:33:47.0364
19:33:47.0364 4588	SystemInfo:
19:33:47.0364 4588	
19:33:47.0364 4588	OS Version: 6.1.7601 ServicePack: 1.0
19:33:47.0364 4588	Product type: Workstation
19:33:47.0364 4588	ComputerName: KATHTRISTAN-PC
19:33:47.0364 4588	UserName: KathTristan
19:33:47.0364 4588	Windows directory: C:\Windows
19:33:47.0364 4588	System windows directory: C:\Windows
19:33:47.0364 4588	Running under WOW64
19:33:47.0364 4588	Processor architecture: Intel x64
19:33:47.0364 4588	Number of processors: 4
19:33:47.0364 4588	Page size: 0x1000
19:33:47.0364 4588	Boot type: Normal boot
19:33:47.0364 4588	============================================================
19:33:48.0164 4588	Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:33:48.0174 4588	\Device\Harddisk0\DR0:
19:33:48.0174 4588	MBR used
19:33:48.0174 4588	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2000800, BlocksNum 0x32000
19:33:48.0174 4588	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2032800, BlocksNum 0x392E7000
19:33:48.0174 4588	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3B319800, BlocksNum 0x393EC800
19:33:48.0234 4588	Initialize success
19:33:48.0234 4588	============================================================
19:35:08.0563 0124	============================================================
19:35:08.0563 0124	Scan started
19:35:08.0563 0124	Mode: Manual; SigCheck; TDLFS; 
19:35:08.0563 0124	============================================================
19:35:09.0247 0124	1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:35:09.0334 0124	1394ohci - ok
19:35:09.0425 0124	ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:35:09.0445 0124	ACPI - ok
19:35:09.0718 0124	AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:35:09.0805 0124	AcpiPmi - ok
19:35:09.0920 0124	adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
19:35:09.0949 0124	adp94xx - ok
19:35:09.0989 0124	adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
19:35:10.0009 0124	adpahci - ok
19:35:10.0040 0124	adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
19:35:10.0053 0124	adpu320 - ok
19:35:10.0112 0124	AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:35:10.0171 0124	AFD - ok
19:35:10.0185 0124	agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:35:10.0198 0124	agp440 - ok
19:35:10.0208 0124	aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:35:10.0215 0124	aliide - ok
19:35:10.0227 0124	amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:35:10.0234 0124	amdide - ok
19:35:10.0243 0124	AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
19:35:10.0270 0124	AmdK8 - ok
19:35:10.0288 0124	AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
19:35:10.0330 0124	AmdPPM - ok
19:35:10.0358 0124	amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:35:10.0378 0124	amdsata - ok
19:35:10.0422 0124	amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
19:35:10.0432 0124	amdsbs - ok
19:35:10.0453 0124	amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:35:10.0460 0124	amdxata - ok
19:35:10.0494 0124	AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:35:10.0664 0124	AppID - ok
19:35:10.0702 0124	arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
19:35:10.0710 0124	arc - ok
19:35:10.0726 0124	arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
19:35:10.0735 0124	arcsas - ok
19:35:10.0769 0124	AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:35:10.0921 0124	AsyncMac - ok
19:35:10.0988 0124	atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:35:11.0002 0124	atapi - ok
19:35:11.0070 0124	b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
19:35:11.0153 0124	b06bdrv - ok
19:35:11.0173 0124	b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:35:11.0207 0124	b57nd60a - ok
19:35:11.0219 0124	Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:35:11.0257 0124	Beep - ok
19:35:11.0413 0124	BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20120215.001\BHDrvx64.sys
19:35:11.0446 0124	BHDrvx64 - ok
19:35:11.0532 0124	blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
19:35:11.0563 0124	blbdrive - ok
19:35:11.0590 0124	bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:35:11.0626 0124	bowser - ok
19:35:11.0650 0124	BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
19:35:11.0679 0124	BrFiltLo - ok
19:35:11.0697 0124	BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
19:35:11.0709 0124	BrFiltUp - ok
19:35:11.0787 0124	Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:35:11.0845 0124	Brserid - ok
19:35:11.0866 0124	BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:35:11.0888 0124	BrSerWdm - ok
19:35:11.0945 0124	BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:35:11.0972 0124	BrUsbMdm - ok
19:35:11.0994 0124	BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:35:12.0019 0124	BrUsbSer - ok
19:35:12.0039 0124	BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
19:35:12.0066 0124	BTHMODEM - ok
19:35:12.0132 0124	cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:35:12.0170 0124	cdfs - ok
19:35:12.0205 0124	cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
19:35:12.0242 0124	cdrom - ok
19:35:12.0290 0124	circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
19:35:12.0316 0124	circlass - ok
19:35:12.0348 0124	CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:35:12.0364 0124	CLFS - ok
19:35:12.0417 0124	CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
19:35:12.0434 0124	CmBatt - ok
19:35:12.0452 0124	cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:35:12.0459 0124	cmdide - ok
19:35:12.0493 0124	CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
19:35:12.0517 0124	CNG - ok
19:35:12.0529 0124	Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
19:35:12.0536 0124	Compbatt - ok
19:35:12.0554 0124	CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:35:12.0570 0124	CompositeBus - ok
19:35:12.0591 0124	crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
19:35:12.0598 0124	crcdisk - ok
19:35:12.0622 0124	DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:35:12.0664 0124	DfsC - ok
19:35:12.0689 0124	discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:35:12.0725 0124	discache - ok
19:35:12.0759 0124	Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
19:35:12.0766 0124	Disk - ok
19:35:12.0797 0124	drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:35:12.0829 0124	drmkaud - ok
19:35:12.0861 0124	DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:35:12.0882 0124	DXGKrnl - ok
19:35:12.0925 0124	e1cexpress (dc1776d086aa9733b1929a3d979d9fdd) C:\Windows\system32\DRIVERS\e1c62x64.sys
19:35:12.0945 0124	e1cexpress - ok
19:35:13.0016 0124	ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
19:35:13.0113 0124	ebdrv - ok
19:35:13.0194 0124	eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
19:35:13.0204 0124	eeCtrl - ok
19:35:13.0253 0124	elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
19:35:13.0277 0124	elxstor - ok
19:35:13.0319 0124	EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:35:13.0345 0124	EraserUtilRebootDrv - ok
19:35:13.0367 0124	ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:35:13.0408 0124	ErrDev - ok
19:35:13.0439 0124	exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:35:13.0504 0124	exfat - ok
19:35:13.0540 0124	fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:35:13.0599 0124	fastfat - ok
19:35:13.0627 0124	fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
19:35:13.0636 0124	fdc - ok
19:35:13.0658 0124	FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:35:13.0665 0124	FileInfo - ok
19:35:13.0679 0124	Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:35:13.0730 0124	Filetrace - ok
19:35:13.0744 0124	flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
19:35:13.0752 0124	flpydisk - ok
19:35:13.0776 0124	FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:35:13.0786 0124	FltMgr - ok
19:35:13.0811 0124	FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:35:13.0818 0124	FsDepends - ok
19:35:13.0833 0124	Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
19:35:13.0839 0124	Fs_Rec - ok
19:35:13.0849 0124	fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:35:13.0860 0124	fvevol - ok
19:35:13.0876 0124	gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
19:35:13.0883 0124	gagp30kx - ok
19:35:13.0923 0124	GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:35:13.0928 0124	GEARAspiWDM - ok
19:35:13.0982 0124	grmnusb (2ed7ff3e1ada4092632393781518b3a7) C:\Windows\system32\drivers\grmnusb.sys
19:35:14.0012 0124	grmnusb - ok
19:35:14.0026 0124	hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:35:14.0079 0124	hcw85cir - ok
19:35:14.0108 0124	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:35:14.0143 0124	HdAudAddService - ok
19:35:14.0167 0124	HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
19:35:14.0197 0124	HDAudBus - ok
19:35:14.0207 0124	HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
19:35:14.0227 0124	HidBatt - ok
19:35:14.0237 0124	HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
19:35:14.0267 0124	HidBth - ok
19:35:14.0287 0124	HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
19:35:14.0317 0124	HidIr - ok
19:35:14.0357 0124	HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:35:14.0377 0124	HidUsb - ok
19:35:14.0407 0124	HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:35:14.0417 0124	HpSAMD - ok
19:35:14.0427 0124	HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:35:14.0487 0124	HTTP - ok
19:35:14.0517 0124	hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:35:14.0517 0124	hwpolicy - ok
19:35:14.0537 0124	i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
19:35:14.0547 0124	i8042prt - ok
19:35:14.0567 0124	iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\DRIVERS\iaStor.sys
19:35:14.0577 0124	iaStor - ok
19:35:14.0627 0124	iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:35:14.0647 0124	iaStorV - ok
19:35:14.0767 0124	IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20120229.002\IDSvia64.sys
19:35:14.0787 0124	IDSVia64 - ok
19:35:14.0987 0124	igfx (174bcac474de13b2650e444cf124828e) C:\Windows\system32\DRIVERS\igdkmd64.sys
19:35:15.0237 0124	igfx - ok
19:35:15.0267 0124	iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
19:35:15.0277 0124	iirsp - ok
19:35:15.0347 0124	IntcAzAudAddService (82d0c8c47f6a52b695f405661d1df50e) C:\Windows\system32\drivers\RTKVHD64.sys
19:35:15.0377 0124	IntcAzAudAddService - ok
19:35:15.0417 0124	IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
19:35:15.0467 0124	IntcDAud - ok
19:35:15.0477 0124	intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:35:15.0487 0124	intelide - ok
19:35:15.0517 0124	intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:35:15.0547 0124	intelppm - ok
19:35:15.0587 0124	IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:35:15.0627 0124	IpFilterDriver - ok
19:35:15.0647 0124	IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:35:15.0667 0124	IPMIDRV - ok
19:35:15.0707 0124	IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:35:15.0747 0124	IPNAT - ok
19:35:15.0767 0124	IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:35:15.0817 0124	IRENUM - ok
19:35:15.0847 0124	isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:35:15.0847 0124	isapnp - ok
19:35:15.0877 0124	iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:35:15.0907 0124	iScsiPrt - ok
19:35:15.0927 0124	kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:35:15.0937 0124	kbdclass - ok
19:35:15.0947 0124	kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
19:35:15.0967 0124	kbdhid - ok
19:35:15.0997 0124	KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
19:35:16.0007 0124	KSecDD - ok
19:35:16.0017 0124	KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
19:35:16.0027 0124	KSecPkg - ok
19:35:16.0047 0124	ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:35:16.0077 0124	ksthunk - ok
19:35:16.0117 0124	lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:35:16.0167 0124	lltdio - ok
19:35:16.0227 0124	LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
19:35:16.0237 0124	LSI_FC - ok
19:35:16.0257 0124	LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
19:35:16.0267 0124	LSI_SAS - ok
19:35:16.0287 0124	LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
19:35:16.0297 0124	LSI_SAS2 - ok
19:35:16.0307 0124	LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
19:35:16.0317 0124	LSI_SCSI - ok
19:35:16.0337 0124	luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:35:16.0377 0124	luafv - ok
19:35:16.0417 0124	megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
19:35:16.0427 0124	megasas - ok
19:35:16.0447 0124	MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
19:35:16.0457 0124	MegaSR - ok
19:35:16.0487 0124	MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
19:35:16.0487 0124	MEIx64 - ok
19:35:16.0507 0124	Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:35:16.0527 0124	Modem - ok
19:35:16.0547 0124	monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:35:16.0557 0124	monitor - ok
19:35:16.0577 0124	mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:35:16.0587 0124	mouclass - ok
19:35:16.0607 0124	mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
19:35:16.0637 0124	mouhid - ok
19:35:16.0637 0124	mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:35:16.0647 0124	mountmgr - ok
19:35:16.0667 0124	mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:35:16.0677 0124	mpio - ok
19:35:16.0707 0124	mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:35:16.0737 0124	mpsdrv - ok
19:35:16.0757 0124	MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:35:16.0777 0124	MRxDAV - ok
19:35:16.0787 0124	mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:35:16.0837 0124	mrxsmb - ok
19:35:16.0847 0124	mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:35:16.0857 0124	mrxsmb10 - ok
19:35:16.0877 0124	mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:35:16.0897 0124	mrxsmb20 - ok
19:35:16.0917 0124	msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:35:16.0927 0124	msahci - ok
19:35:16.0937 0124	msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:35:16.0947 0124	msdsm - ok
19:35:16.0977 0124	Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:35:17.0007 0124	Msfs - ok
19:35:17.0037 0124	mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:35:17.0067 0124	mshidkmdf - ok
19:35:17.0087 0124	msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:35:17.0097 0124	msisadrv - ok
19:35:17.0127 0124	MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:35:17.0167 0124	MSKSSRV - ok
19:35:17.0197 0124	MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:35:17.0227 0124	MSPCLOCK - ok
19:35:17.0247 0124	MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:35:17.0307 0124	MSPQM - ok
19:35:17.0327 0124	MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:35:17.0337 0124	MsRPC - ok
19:35:17.0357 0124	mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:35:17.0367 0124	mssmbios - ok
19:35:17.0377 0124	MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:35:17.0427 0124	MSTEE - ok
19:35:17.0437 0124	MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
19:35:17.0447 0124	MTConfig - ok
19:35:17.0467 0124	Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:35:17.0477 0124	Mup - ok
19:35:17.0487 0124	mwlPSDFilter (c009123b206c56854f4e88596035231d) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
19:35:17.0487 0124	mwlPSDFilter - ok
19:35:17.0507 0124	mwlPSDNServ (bf3739eeb9f008b1debac115089a53f8) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
19:35:17.0507 0124	mwlPSDNServ - ok
19:35:17.0527 0124	mwlPSDVDisk (38dd143d95e7a01b86f219dda9c28779) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
19:35:17.0537 0124	mwlPSDVDisk - ok
19:35:17.0567 0124	NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:35:17.0607 0124	NativeWifiP - ok
19:35:17.0717 0124	NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20120229.034\ENG64.SYS
19:35:17.0727 0124	NAVENG - ok
19:35:17.0777 0124	NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20120229.034\EX64.SYS
19:35:17.0807 0124	NAVEX15 - ok
19:35:17.0857 0124	NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:35:17.0877 0124	NDIS - ok
19:35:17.0887 0124	NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:35:17.0937 0124	NdisCap - ok
19:35:17.0967 0124	NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:35:17.0987 0124	NdisTapi - ok
19:35:18.0007 0124	Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:35:18.0077 0124	Ndisuio - ok
19:35:18.0087 0124	NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:35:18.0127 0124	NdisWan - ok
19:35:18.0147 0124	NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:35:18.0177 0124	NDProxy - ok
19:35:18.0197 0124	NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:35:18.0237 0124	NetBIOS - ok
19:35:18.0257 0124	NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:35:18.0297 0124	NetBT - ok
19:35:18.0347 0124	netr28x (b72bb9496a126fcfc7fc5945ded9b411) C:\Windows\system32\DRIVERS\netr28x.sys
19:35:18.0377 0124	netr28x - ok
19:35:18.0417 0124	nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
19:35:18.0427 0124	nfrd960 - ok
19:35:18.0457 0124	Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:35:18.0507 0124	Npfs - ok
19:35:18.0527 0124	nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:35:18.0567 0124	nsiproxy - ok
19:35:18.0617 0124	Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:35:18.0647 0124	Ntfs - ok
19:35:18.0687 0124	Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:35:18.0727 0124	Null - ok
19:35:18.0767 0124	nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:35:18.0787 0124	nvraid - ok
19:35:18.0817 0124	nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:35:18.0827 0124	nvstor - ok
19:35:18.0867 0124	nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:35:18.0887 0124	nv_agp - ok
19:35:18.0907 0124	ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:35:18.0917 0124	ohci1394 - ok
19:35:18.0937 0124	Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
19:35:18.0967 0124	Parport - ok
19:35:18.0997 0124	partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
19:35:19.0007 0124	partmgr - ok
19:35:19.0017 0124	pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:35:19.0037 0124	pci - ok
19:35:19.0057 0124	pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:35:19.0067 0124	pciide - ok
19:35:19.0087 0124	pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
19:35:19.0097 0124	pcmcia - ok
19:35:19.0117 0124	pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:35:19.0127 0124	pcw - ok
19:35:19.0147 0124	PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:35:19.0177 0124	PEAUTH - ok
19:35:19.0227 0124	PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:35:19.0267 0124	PptpMiniport - ok
19:35:19.0287 0124	Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
19:35:19.0307 0124	Processor - ok
19:35:19.0327 0124	Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:35:19.0347 0124	Psched - ok
19:35:19.0387 0124	ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
19:35:19.0417 0124	ql2300 - ok
19:35:19.0427 0124	ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
19:35:19.0437 0124	ql40xx - ok
19:35:19.0457 0124	QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:35:19.0487 0124	QWAVEdrv - ok
19:35:19.0507 0124	RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:35:19.0537 0124	RasAcd - ok
19:35:19.0557 0124	RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:35:19.0597 0124	RasAgileVpn - ok
19:35:19.0627 0124	Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:35:19.0647 0124	Rasl2tp - ok
19:35:19.0657 0124	RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:35:19.0687 0124	RasPppoe - ok
19:35:19.0697 0124	RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:35:19.0727 0124	RasSstp - ok
19:35:19.0737 0124	rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:35:19.0777 0124	rdbss - ok
19:35:19.0787 0124	rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
19:35:19.0797 0124	rdpbus - ok
19:35:19.0817 0124	RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:35:19.0837 0124	RDPCDD - ok
19:35:19.0857 0124	RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:35:19.0877 0124	RDPENCDD - ok
19:35:19.0887 0124	RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:35:19.0907 0124	RDPREFMP - ok
19:35:19.0917 0124	RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
19:35:19.0967 0124	RDPWD - ok
19:35:19.0977 0124	rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:35:19.0987 0124	rdyboost - ok
19:35:20.0017 0124	rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:35:20.0047 0124	rspndr - ok
19:35:20.0117 0124	SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
19:35:20.0127 0124	SASDIFSV - ok
19:35:20.0157 0124	SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
19:35:20.0167 0124	SASKUTIL - ok
19:35:20.0187 0124	sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:35:20.0197 0124	sbp2port - ok
19:35:20.0267 0124	scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:35:20.0327 0124	scfilter - ok
19:35:20.0377 0124	secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:35:20.0427 0124	secdrv - ok
19:35:20.0447 0124	Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
19:35:20.0467 0124	Serenum - ok
19:35:20.0487 0124	Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
19:35:20.0517 0124	Serial - ok
19:35:20.0537 0124	sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
19:35:20.0567 0124	sermouse - ok
19:35:20.0587 0124	sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:35:20.0597 0124	sffdisk - ok
19:35:20.0607 0124	sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:35:20.0617 0124	sffp_mmc - ok
19:35:20.0637 0124	sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:35:20.0647 0124	sffp_sd - ok
19:35:20.0667 0124	sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
19:35:20.0687 0124	sfloppy - ok
19:35:20.0717 0124	SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
19:35:20.0727 0124	SiSRaid2 - ok
19:35:20.0747 0124	SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
19:35:20.0757 0124	SiSRaid4 - ok
19:35:20.0787 0124	Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:35:20.0827 0124	Smb - ok
19:35:20.0857 0124	spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:35:20.0857 0124	spldr - ok
19:35:20.0927 0124	SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\N360x64\0502000.00D\SRTSP64.SYS
19:35:20.0957 0124	SRTSP - ok
19:35:20.0987 0124	SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0502000.00D\SRTSPX64.SYS
19:35:20.0987 0124	SRTSPX - ok
19:35:21.0017 0124	srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:35:21.0077 0124	srv - ok
19:35:21.0107 0124	srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:35:21.0127 0124	srv2 - ok
19:35:21.0147 0124	srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:35:21.0177 0124	srvnet - ok
19:35:21.0197 0124	stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
19:35:21.0207 0124	stexstor - ok
19:35:21.0237 0124	swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:35:21.0247 0124	swenum - ok
19:35:21.0337 0124	SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS
19:35:21.0357 0124	SymDS - ok
19:35:21.0387 0124	SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS
19:35:21.0397 0124	SymEFA - ok
19:35:21.0437 0124	SymEvent  (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
19:35:21.0437 0124	SymEvent - ok
19:35:21.0457 0124	SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS
19:35:21.0467 0124	SymIRON - ok
19:35:21.0507 0124	SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS
19:35:21.0517 0124	SymNetS - ok
19:35:21.0577 0124	Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
19:35:21.0637 0124	Tcpip - ok
19:35:21.0677 0124	TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
19:35:21.0707 0124	TCPIP6 - ok
19:35:21.0737 0124	tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:35:21.0777 0124	tcpipreg - ok
19:35:21.0797 0124	TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:35:21.0827 0124	TDPIPE - ok
19:35:21.0847 0124	TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
19:35:21.0877 0124	TDTCP - ok
19:35:21.0897 0124	tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:35:21.0937 0124	tdx - ok
19:35:21.0957 0124	TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:35:21.0967 0124	TermDD - ok
19:35:21.0997 0124	tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:35:22.0027 0124	tssecsrv - ok
19:35:22.0047 0124	TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:35:22.0077 0124	TsUsbFlt - ok
19:35:22.0087 0124	TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
19:35:22.0097 0124	TsUsbGD - ok
19:35:22.0127 0124	tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:35:22.0177 0124	tunnel - ok
19:35:22.0207 0124	uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
19:35:22.0217 0124	uagp35 - ok
19:35:22.0237 0124	udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:35:22.0269 0124	udfs - ok
19:35:22.0289 0124	uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:35:22.0299 0124	uliagpkx - ok
19:35:22.0329 0124	umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
19:35:22.0359 0124	umbus - ok
19:35:22.0379 0124	UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
19:35:22.0399 0124	UmPass - ok
19:35:22.0439 0124	usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
19:35:22.0459 0124	usbaudio - ok
19:35:22.0469 0124	usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:35:22.0489 0124	usbccgp - ok
19:35:22.0499 0124	usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:35:22.0529 0124	usbcir - ok
19:35:22.0549 0124	usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
19:35:22.0569 0124	usbehci - ok
19:35:22.0589 0124	usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
19:35:22.0599 0124	usbhub - ok
19:35:22.0619 0124	usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
19:35:22.0629 0124	usbohci - ok
19:35:22.0659 0124	usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:35:22.0669 0124	usbprint - ok
19:35:22.0709 0124	usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
19:35:22.0729 0124	usbscan - ok
19:35:22.0749 0124	USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:35:22.0789 0124	USBSTOR - ok
19:35:22.0809 0124	usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
19:35:22.0819 0124	usbuhci - ok
19:35:22.0839 0124	vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:35:22.0849 0124	vdrvroot - ok
19:35:22.0859 0124	vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:35:22.0869 0124	vga - ok
19:35:22.0889 0124	VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:35:22.0949 0124	VgaSave - ok
19:35:22.0959 0124	vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:35:22.0969 0124	vhdmp - ok
19:35:22.0989 0124	viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:35:22.0999 0124	viaide - ok
19:35:23.0019 0124	volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:35:23.0019 0124	volmgr - ok
19:35:23.0059 0124	volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:35:23.0099 0124	volmgrx - ok
19:35:23.0109 0124	volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:35:23.0119 0124	volsnap - ok
19:35:23.0149 0124	vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
19:35:23.0159 0124	vsmraid - ok
19:35:23.0179 0124	vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:35:23.0199 0124	vwifibus - ok
19:35:23.0239 0124	vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:35:23.0259 0124	vwififlt - ok
19:35:23.0289 0124	WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
19:35:23.0309 0124	WacomPen - ok
19:35:23.0329 0124	WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:35:23.0369 0124	WANARP - ok
19:35:23.0369 0124	Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:35:23.0389 0124	Wanarpv6 - ok
19:35:23.0499 0124	Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
19:35:23.0509 0124	Wd - ok
19:35:23.0539 0124	Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:35:23.0569 0124	Wdf01000 - ok
19:35:23.0589 0124	WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:35:23.0619 0124	WfpLwf - ok
19:35:23.0699 0124	WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:35:23.0709 0124	WIMMount - ok
19:35:23.0819 0124	WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:35:23.0849 0124	WmiAcpi - ok
19:35:23.0909 0124	ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:35:23.0949 0124	ws2ifsl - ok
19:35:23.0959 0124	WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:35:23.0999 0124	WudfPf - ok
19:35:24.0019 0124	WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:35:24.0049 0124	WUDFRd - ok
19:35:24.0089 0124	MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:35:24.0219 0124	\Device\Harddisk0\DR0 - ok
19:35:24.0219 0124	Boot (0x1200) (0731a84fb58f292a619c79350038aac3) \Device\Harddisk0\DR0\Partition0
19:35:24.0219 0124	\Device\Harddisk0\DR0\Partition0 - ok
19:35:24.0239 0124	Boot (0x1200) (64ae7c607b4a2c525ba72d835b12cd0b) \Device\Harddisk0\DR0\Partition1
19:35:24.0239 0124	\Device\Harddisk0\DR0\Partition1 - ok
19:35:24.0259 0124	Boot (0x1200) (f119c6d0876a92635d3e07dfb19fbc5c) \Device\Harddisk0\DR0\Partition2
19:35:24.0259 0124	\Device\Harddisk0\DR0\Partition2 - ok
19:35:24.0259 0124	============================================================
19:35:24.0259 0124	Scan finished
19:35:24.0259 0124	============================================================
19:35:24.0269 1252	Detected object count: 0
19:35:24.0269 1252	Actual detected object count: 0
19:35:47.0671 4600	Deinitialize success

*And the aswMBR Log*:

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-01 19:36:58
-----------------------------
19:36:58.262 OS Version: Windows x64 6.1.7601 Service Pack 1
19:36:58.262 Number of processors: 4 586 0x2A07
19:36:58.262 ComputerName: KATHTRISTAN-PC UserName: KathTristan
19:36:59.942 Initialize success
19:37:33.362 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:37:33.362 Disk 0 Vendor: WDC_WD10 77.0 Size: 953869MB BusType: 3
19:37:33.372 Disk 0 MBR read successfully
19:37:33.382 Disk 0 MBR scan
19:37:33.382 Disk 0 Windows 7 default MBR code
19:37:33.382 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 16384 MB offset 2048
19:37:33.392 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 33556480
19:37:33.412 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 468430 MB offset 33761280
19:37:33.432 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 468953 MB offset 993105920
19:37:33.462 Disk 0 scanning C:\Windows\system32\drivers
19:37:41.124 Service scanning
19:37:56.344 Modules scanning
19:37:56.344 Disk 0 trace - called modules:
19:37:56.374 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
19:37:56.704 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e31790]
19:37:56.704 3 CLASSPNP.SYS[fffff88001d8643f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005ecb050]
19:37:56.714 Scan finished successfully
19:38:06.204 Disk 0 MBR has been saved successfully to "C:\Users\KathTristan\Desktop\MBR.dat"
19:38:06.204 The log file has been saved successfully to "C:\Users\KathTristan\Desktop\aswMBR.txt"


----------



## eddie5659 (Mar 19, 2001)

Thanks, and they're nice and clean 

Onto the next 

Download ComboFix from one of these locations:

*Link 1*
*Link 2*

** IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop *


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.








Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.

eddie


----------



## binocularface (Feb 28, 2012)

Thanks Eddie;

Unfortunately Combofix seems to get stuck after 'Stage 4 Completed'. I have followed your instructions to the letter and tried reinstalling but get the same issue.


----------



## eddie5659 (Mar 19, 2001)

Okay, lets see what is there with this tool, as it should show other things. Leave ComboFix for now 

Download *OTL* to your Desktop 

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. 
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time and post them in your topic 


eddie


----------



## binocularface (Feb 28, 2012)

Thanks Eddie; here are the logs:

OTL logfile created on: 02/03/2012 06:56:56 - Run 1
OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\KathTristan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.95 Gb Total Physical Memory | 4.15 Gb Available Physical Memory | 69.72% Memory free
11.89 Gb Paging File | 10.06 Gb Available in Paging File | 84.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457.45 Gb Total Space | 380.47 Gb Free Space | 83.17% Space Free | Partition Type: NTFS
Drive D: | 457.96 Gb Total Space | 457.83 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
Drive E: | 612.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: KATHTRISTAN-PC | User Name: KathTristan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/02 06:56:14 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\KathTristan\Desktop\OTL.exe
PRC - [2012/03/02 06:39:05 | 000,372,736 | ---- | M] ( ) -- C:\Windows\Temp\mrt49CB.tmp\stdrt.exe
PRC - [2011/10/12 10:22:02 | 000,218,408 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2011/10/12 10:22:01 | 000,321,832 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
PRC - [2011/10/12 10:22:00 | 000,214,312 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
PRC - [2011/08/31 10:35:01 | 000,185,640 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
PRC - [2011/08/11 03:58:26 | 000,627,304 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2011/06/06 19:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/30 02:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2011/04/22 16:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2011/04/17 00:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccsvchst.exe
PRC - [2011/01/18 03:08:58 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/18 03:08:58 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/12/20 10:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 10:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/11/06 07:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/05/04 19:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

========== Modules (No Company Name) ==========

MOD - [2012/01/23 19:54:29 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/10/12 10:22:01 | 000,321,832 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
MOD - [2011/10/12 10:22:00 | 000,370,984 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2011/08/11 03:58:26 | 000,627,304 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2011/08/11 03:57:22 | 000,151,656 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll

========== Win32 Services (SafeList) ==========

SRV:*64bit:* - [2011/08/11 23:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:*64bit:* - [2011/04/22 16:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:*64bit:* - [2010/09/23 01:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:*64bit:* - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/02/19 09:42:51 | 000,690,474 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysWOW64\adbcnsl.exe -- (Adobe Licensing Console)
SRV - [2011/06/21 19:55:04 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2011/06/06 19:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/30 02:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011/04/17 00:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe -- (N360)
SRV - [2010/12/20 10:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/12/20 10:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/11/06 07:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/05/04 19:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2012/01/23 19:28:29 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:*64bit:* - [2011/10/17 13:39:44 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:*64bit:* - [2011/10/17 13:39:44 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:*64bit:* - [2011/10/17 13:39:44 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:*64bit:* - [2011/07/22 16:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:*64bit:* - [2011/07/14 05:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2011/07/14 05:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2011/07/12 21:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:*64bit:* - [2011/07/06 12:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:*64bit:* - [2011/04/21 01:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symnets.sys -- (SymNetS)
DRV:*64bit:* - [2011/04/10 03:51:06 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:*64bit:* - [2011/03/31 03:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\srtsp64.sys -- (SRTSP)
DRV:*64bit:* - [2011/03/31 03:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:*64bit:* - [2011/03/15 02:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symefa64.sys -- (SymEFA)
DRV:*64bit:* - [2011/01/27 06:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symds64.sys -- (SymDS)
DRV:*64bit:* - [2010/12/20 18:31:00 | 000,316,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R)
DRV:*64bit:* - [2010/11/21 03:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2010/11/21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2010/11/21 03:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:*64bit:* - [2010/11/16 00:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\ironx64.sys -- (SymIRON)
DRV:*64bit:* - [2010/11/06 07:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:*64bit:* - [2010/10/19 08:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:*64bit:* - [2010/10/14 17:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:*64bit:* - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/06/10 20:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:*64bit:* - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:*64bit:* - [2009/05/08 11:08:00 | 000,020,520 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV - [2012/02/18 18:15:55 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20120301.001\EX64.SYS -- (NAVEX15)
DRV - [2012/02/18 18:15:55 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20120301.001\ENG64.SYS -- (NAVENG)
DRV - [2012/02/17 16:28:52 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20120229.002\IDSviA64.sys -- (IDSVia64)
DRV - [2012/02/15 21:50:02 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20120215.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/02/04 19:28:52 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/02/04 19:28:52 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://uk.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=GB&ver=5
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\KathTristan\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\KathTristan\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\IPSFFPlgn\ [2012/02/18 18:11:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\coFFPlgn_2011_7_5_2 [2012/03/02 06:40:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/21 17:33:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2012/01/23 19:29:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KathTristan\AppData\Roaming\Mozilla\Extensions
[2012/02/13 14:58:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KathTristan\AppData\Roaming\Mozilla\Firefox\extensions
[2012/02/19 09:47:44 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\KathTristan\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012/01/24 22:42:28 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\USERS\KATHTRISTAN\APPDATA\ROAMING\THUNDERBIRD\PROFILES\E9NA3W38.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\KATHTRISTAN\APPDATA\ROAMING\THUNDERBIRD\PROFILES\E9NA3W38.DEFAULT\EXTENSIONS\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\KathTristan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\KathTristan\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\KathTristan\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\KathTristan\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\KathTristan\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\KathTristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: AddThis - Share & Bookmark (new) = C:\Users\KathTristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\2.9.5_0\
CHR - Extension: Google Search = C:\Users\KathTristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Gmail = C:\Users\KathTristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/01/23 20:45:57 | 000,001,412 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 0.0.0.0 localhost 
O1 - Hosts: 127.0.0.1 activate.adobe.com 
O1 - Hosts: 127.0.0.1 practivate.adobe.com 
O1 - Hosts: 127.0.0.1 ereg.adobe.com 
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com 
O1 - Hosts: 127.0.0.1 wip3.adobe.com 
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com 
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com 
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com 
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com 
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com 
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com 
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com 
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com 
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com 
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:*64bit:* - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O4:*64bit:* - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:*64bit:* - HKLM..\Run: [EKAIO2StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKAiO2MUI.exe (Eastman Kodak Company)
O4:*64bit:* - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\KathTristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13*64bit:* - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8671C30-CFA5-45E6-957C-6D6528B554C5}: DhcpNameServer = 192.168.1.254
O18:*64bit:* - Protocol\Handler\livecall - No CLSID value found
O18:*64bit:* - Protocol\Handler\msnim - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlmailhtml - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlpg - No CLSID value found
O20:*64bit:* - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:*64bit:* - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/06 22:46:35 | 000,000,040 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4c998251-1c6c-11e1-903f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4c998251-1c6c-11e1-903f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- [2010/12/06 22:46:44 | 228,854,328 | R--- | M] (Rosetta Stone Ltd., .)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = comfile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/02 06:56:20 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\KathTristan\Desktop\OTL.exe
[2012/03/01 21:49:57 | 000,000,000 | --SD | C] -- C:\username123
[2012/03/01 21:46:05 | 004,424,671 | R--- | C] (Swearware) -- C:\Users\KathTristan\Desktop\username123.exe
[2012/03/01 20:59:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/01 20:59:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/01 20:59:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/01 20:59:51 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/01 20:58:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/29 22:36:48 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Roaming\SUPERAntiSpyware.com
[2012/02/29 22:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/02/29 22:36:32 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/02/29 22:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/02/29 22:33:47 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Roaming\Malwarebytes
[2012/02/29 22:33:41 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/02/29 22:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/29 22:33:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/02/29 22:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/28 11:23:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/02/28 11:23:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/02/28 11:23:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/02/28 10:48:56 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\KathTristan\Desktop\dds.com
[2012/02/28 10:27:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/02/28 10:27:11 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/02/27 16:57:40 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Local\{0756F7BF-D790-4FE4-A9A6-FEBE7FEE4044}
[2012/02/27 16:57:30 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Local\{0D35CABB-247D-41FC-A518-BDAEFAD24F67}
[2012/02/26 23:01:50 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/02/26 19:27:25 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\Desktop\Kumlien's etc Hartlepool
[2012/02/25 15:11:27 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/02/24 14:25:16 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\Desktop\Snowfinch
[2012/02/19 20:15:12 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Local\{A903543A-3A4D-4F36-BF0C-31EFE20E9C02}
[2012/02/19 20:15:02 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Local\{6C4C167E-61BB-4EB3-B736-2475F6C750C9}
[2012/02/19 18:45:02 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\Desktop\Red-breasted Goose etc
[2012/02/19 09:49:02 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Local\CrashDumps
[2012/02/19 09:48:33 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Roaming\SongManager
[2012/02/19 09:47:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012/02/19 09:46:40 | 000,735,608 | ---- | C] (BitTorrent, Inc.) -- C:\Users\KathTristan\Desktop\utorrent.exe
[2012/02/19 09:46:12 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
[2012/02/19 09:45:20 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\rewire.dll
[2012/02/19 09:45:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VstPlugins
[2012/02/19 09:45:13 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
[2012/02/19 09:45:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
[2012/02/19 09:43:36 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Roaming\MMFApplications
[2012/02/13 22:14:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASIO4ALL v2
[2012/02/13 18:33:43 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\Documents\Image-Line
[2012/02/13 18:33:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Outsim
[2012/02/13 18:32:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Image-Line
[2012/02/13 14:58:03 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Local\Conduit
[2012/02/12 17:05:28 | 000,000,000 | ---D | C] -- C:\ProgramData\RosettaStoneLtdServices
[2012/02/08 11:06:06 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Local\Diagnostics
[2012/02/06 11:31:20 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Roaming\NeatImage PS 64
[2012/02/06 11:31:20 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\Documents\Neat Image for Photoshop
[2012/02/06 10:34:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neat Image for Photoshop
[2012/02/06 10:34:42 | 000,000,000 | ---D | C] -- C:\Program Files\Neat Image for Photoshop
[2012/02/06 09:10:14 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Local\Windows Live
[2012/02/06 09:10:14 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Local\{A54A3D9F-93EE-4CD2-8DB4-F1BE92456254}
[2012/02/06 09:10:04 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Local\{D63EDA0B-CA14-42D4-820B-F4EF86A6D888}
[2012/02/06 09:10:04 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Local\{BD364EF8-BE61-40B1-8752-15202D1B4EE9}
[2012/02/06 08:05:02 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\Desktop\Ireland 2012 videos
[2012/02/06 07:52:23 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\Desktop\Ireland Feb 2012
[2012/02/06 07:48:19 | 000,000,000 | ---D | C] -- C:\Windows\WICCodecs
[2012/02/06 07:48:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastPictureViewer
[2012/02/01 20:17:17 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\Desktop\Gull stuff
[2012/02/01 18:27:32 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\Desktop\Helvellyn Run, on the way up! - Dougallwebab_files
[2012/02/01 18:26:56 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\Desktop\Helvellyn Run, on the way up! - Dougallweba_files

========== Files - Modified Within 30 Days ==========

[2012/03/02 06:58:50 | 000,000,033 | ---- | M] () -- C:\Windows\SysWow64\deck.ini
[2012/03/02 06:56:14 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\KathTristan\Desktop\OTL.exe
[2012/03/02 06:46:42 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/02 06:46:42 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/02 06:38:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/02 06:38:53 | 492,822,527 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/01 22:37:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2697856359-3395195805-1778775960-1001UA.job
[2012/03/01 22:30:01 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\Acer Registration - Reminder Recall task.job
[2012/03/01 21:46:16 | 004,424,671 | R--- | M] (Swearware) -- C:\Users\KathTristan\Desktop\username123.exe
[2012/03/01 19:38:06 | 000,000,512 | ---- | M] () -- C:\Users\KathTristan\Desktop\MBR.dat
[2012/03/01 07:37:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2697856359-3395195805-1778775960-1001Core.job
[2012/02/29 22:36:35 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/02/29 22:33:41 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/28 11:23:43 | 000,001,250 | ---- | M] () -- C:\Users\KathTristan\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/02/28 11:23:43 | 000,001,226 | ---- | M] () -- C:\Users\KathTristan\Desktop\Spybot - Search & Destroy.lnk
[2012/02/28 10:48:45 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\KathTristan\Desktop\dds.com
[2012/02/28 10:30:56 | 000,002,969 | ---- | M] () -- C:\Users\KathTristan\Desktop\HiJackThis (2).lnk
[2012/02/28 10:27:11 | 000,003,003 | ---- | M] () -- C:\Users\KathTristan\Desktop\HiJackThis.lnk
[2012/02/27 20:52:45 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/27 20:52:45 | 000,628,024 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/27 20:52:45 | 000,110,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/27 16:52:59 | 000,001,456 | ---- | M] () -- C:\Users\KathTristan\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/02/23 13:11:56 | 010,577,547 | ---- | M] () -- C:\Users\KathTristan\Desktop\Bonaparte's Gull - Drain Bay (98).jpg
[2012/02/21 10:28:47 | 002,341,512 | ---- | M] () -- C:\Users\KathTristan\Desktop\Millom proposed works 2011 vBBS Route TREID.jpg
[2012/02/20 07:19:32 | 004,855,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/19 18:33:55 | 000,000,384 | ---- | M] () -- C:\Windows\SysWow64\checkOS.bat
[2012/02/19 09:48:29 | 000,002,066 | ---- | M] () -- C:\Users\KathTristan\Desktop\Deckadance.lnk
[2012/02/19 09:46:41 | 000,735,608 | ---- | M] (BitTorrent, Inc.) -- C:\Users\KathTristan\Desktop\utorrent.exe
[2012/02/19 09:46:12 | 000,001,106 | ---- | M] () -- C:\Users\KathTristan\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2012/02/19 09:45:19 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\FL Studio 10.lnk
[2012/02/19 09:42:51 | 000,690,474 | ---- | M] ( ) -- C:\Windows\SysWow64\adbcnsl.exe
[2012/02/19 08:55:03 | 000,002,441 | ---- | M] () -- C:\Users\KathTristan\Desktop\Google Chrome.lnk
[2012/02/15 17:18:48 | 000,290,116 | ---- | M] () -- C:\Users\KathTristan\Desktop\HumesLeafWarbler13feb2012KatwijkHolland2.mp3
[2012/02/15 17:18:41 | 001,385,169 | ---- | M] () -- C:\Users\KathTristan\Desktop\HumesLeafWarbler13feb2012KatwijkHolland.mp3
[2012/02/10 19:12:26 | 000,568,645 | ---- | M] () -- C:\Users\KathTristan\Desktop\img026.jpg
[2012/02/10 19:12:26 | 000,475,788 | ---- | M] () -- C:\Users\KathTristan\Desktop\img027.jpg
[2012/02/10 19:12:26 | 000,457,051 | ---- | M] () -- C:\Users\KathTristan\Desktop\img025.jpg
[2012/02/10 19:12:25 | 000,652,222 | ---- | M] () -- C:\Users\KathTristan\Desktop\img024.jpg
[2012/02/10 19:12:25 | 000,532,072 | ---- | M] () -- C:\Users\KathTristan\Desktop\img023.jpg
[2012/02/10 19:12:25 | 000,471,426 | ---- | M] () -- C:\Users\KathTristan\Desktop\img021.jpg
[2012/02/10 19:12:25 | 000,459,804 | ---- | M] () -- C:\Users\KathTristan\Desktop\img022.jpg
[2012/02/10 19:12:25 | 000,432,070 | ---- | M] () -- C:\Users\KathTristan\Desktop\img020.jpg
[2012/02/10 18:34:56 | 000,525,034 | ---- | M] () -- C:\Users\KathTristan\Desktop\img028.jpg
[2012/02/10 18:34:56 | 000,522,873 | ---- | M] () -- C:\Users\KathTristan\Desktop\img032.jpg
[2012/02/10 18:34:56 | 000,480,727 | ---- | M] () -- C:\Users\KathTristan\Desktop\img031.jpg
[2012/02/10 18:34:56 | 000,475,350 | ---- | M] () -- C:\Users\KathTristan\Desktop\img030.jpg
[2012/02/10 18:34:56 | 000,439,473 | ---- | M] () -- C:\Users\KathTristan\Desktop\img029.jpg
[2012/02/10 18:29:14 | 000,568,862 | ---- | M] () -- C:\Users\KathTristan\Desktop\img018.jpg
[2012/02/10 18:29:14 | 000,507,217 | ---- | M] () -- C:\Users\KathTristan\Desktop\img019.jpg
[2012/02/10 18:29:14 | 000,491,299 | ---- | M] () -- C:\Users\KathTristan\Desktop\img017.jpg
[2012/02/10 18:29:13 | 000,521,740 | ---- | M] () -- C:\Users\KathTristan\Desktop\img015.jpg
[2012/02/10 16:39:52 | 002,393,997 | ---- | M] () -- C:\Users\KathTristan\Desktop\img011.jpg
[2012/02/10 16:39:52 | 001,979,193 | ---- | M] () -- C:\Users\KathTristan\Desktop\img012.jpg
[2012/02/10 16:39:51 | 002,219,748 | ---- | M] () -- C:\Users\KathTristan\Desktop\img009.jpg
[2012/02/10 16:39:51 | 002,132,644 | ---- | M] () -- C:\Users\KathTristan\Desktop\img007.jpg
[2012/02/10 16:39:51 | 001,954,383 | ---- | M] () -- C:\Users\KathTristan\Desktop\img003.jpg
[2012/02/10 16:39:51 | 001,789,502 | ---- | M] () -- C:\Users\KathTristan\Desktop\img008.jpg
[2012/02/09 17:21:09 | 000,046,419 | ---- | M] () -- C:\Users\KathTristan\Desktop\paymentrequisition_tcm7-89169TristanReid.ods
[2012/02/09 16:41:42 | 000,040,327 | ---- | M] () -- C:\Users\KathTristan\Desktop\Your Booking Confirmation 6G6F6794.eml
[2012/02/09 16:41:26 | 000,125,448 | ---- | M] () -- C:\Users\KathTristan\Desktop\LateRooms.com Booking Confirmation - 17237469R.eml
[2012/02/09 16:33:37 | 000,046,182 | ---- | M] () -- C:\Users\KathTristan\Desktop\paymentrequisition_tcm7-89169.ods
[2012/02/09 12:28:42 | 000,019,719 | ---- | M] () -- C:\Users\KathTristan\Desktop\School-of-scalloped-hamme-007.jpg
[2012/02/08 18:14:41 | 000,180,830 | ---- | M] () -- C:\Users\KathTristan\Desktop\Erin Dress Measurements.zip
[2012/02/08 17:09:38 | 000,012,359 | ---- | M] () -- C:\Users\KathTristan\Desktop\Advertising Contacts.ods
[2012/02/08 09:50:13 | 000,097,717 | ---- | M] () -- C:\Users\KathTristan\Desktop\Caspian-Gull-B-1stw-Seaton-Common-30112011-7.jpg
[2012/02/07 09:22:59 | 000,018,828 | ---- | M] () -- C:\Users\KathTristan\Desktop\_58334605_harlequinharmoniaaxyridismatingmikemajerus.jpg
[2012/02/06 19:46:59 | 000,141,566 | ---- | M] () -- C:\Users\KathTristan\Desktop\jonnyrankin.jpg
[2012/02/03 19:06:15 | 000,019,272 | ---- | M] () -- C:\Users\KathTristan\Desktop\KathRunningabeg.jpg
[2012/02/03 19:04:51 | 000,031,398 | ---- | M] () -- C:\Users\KathTristan\Desktop\KathRunningabe.jpg
[2012/02/03 19:03:14 | 000,021,106 | ---- | M] () -- C:\Users\KathTristan\Desktop\KathRunningahe.jpg
[2012/02/03 19:01:59 | 000,036,030 | ---- | M] () -- C:\Users\KathTristan\Desktop\KathRunningahel.jpg
[2012/02/03 19:01:10 | 000,051,941 | ---- | M] () -- C:\Users\KathTristan\Desktop\KathRunningab.jpg
[2012/02/03 18:58:48 | 000,076,050 | ---- | M] () -- C:\Users\KathTristan\Desktop\KathRunninga.jpg
[2012/02/02 12:08:24 | 000,002,078 | ---- | M] () -- C:\Users\KathTristan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/02/01 18:30:04 | 000,077,897 | ---- | M] () -- C:\Users\KathTristan\Desktop\KathRunning.JPG
[2012/02/01 18:27:32 | 000,051,701 | ---- | M] () -- C:\Users\KathTristan\Desktop\Helvellyn Run, on the way up! - Dougallwebab.htm
[2012/02/01 18:27:32 | 000,024,785 | ---- | M] () -- C:\Users\KathTristan\Desktop\kath1.jpg
[2012/02/01 18:26:56 | 000,051,621 | ---- | M] () -- C:\Users\KathTristan\Desktop\Helvellyn Run, on the way up! - Dougallweba.htm

========== Files Created - No Company Name ==========

[2012/03/01 20:59:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/01 20:59:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/01 20:59:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/01 20:59:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/01 20:59:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/01 19:38:06 | 000,000,512 | ---- | C] () -- C:\Users\KathTristan\Desktop\MBR.dat
[2012/02/29 22:36:35 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/02/29 22:33:41 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/28 11:23:43 | 000,001,250 | ---- | C] () -- C:\Users\KathTristan\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/02/28 11:23:43 | 000,001,226 | ---- | C] () -- C:\Users\KathTristan\Desktop\Spybot - Search & Destroy.lnk
[2012/02/28 10:30:56 | 000,002,969 | ---- | C] () -- C:\Users\KathTristan\Desktop\HiJackThis (2).lnk
[2012/02/28 10:27:11 | 000,003,003 | ---- | C] () -- C:\Users\KathTristan\Desktop\HiJackThis.lnk
[2012/02/23 13:11:51 | 010,577,547 | ---- | C] () -- C:\Users\KathTristan\Desktop\Bonaparte's Gull - Drain Bay (98).jpg
[2012/02/21 10:28:43 | 002,341,512 | ---- | C] () -- C:\Users\KathTristan\Desktop\Millom proposed works 2011 vBBS Route TREID.jpg
[2012/02/19 18:34:47 | 000,000,033 | ---- | C] () -- C:\Windows\SysWow64\deck.ini
[2012/02/19 18:33:55 | 000,000,384 | ---- | C] () -- C:\Windows\SysWow64\checkOS.bat
[2012/02/19 09:48:29 | 000,002,066 | ---- | C] () -- C:\Users\KathTristan\Desktop\Deckadance.lnk
[2012/02/19 09:46:12 | 000,001,106 | ---- | C] () -- C:\Users\KathTristan\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2012/02/19 09:45:19 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\FL Studio 10.lnk
[2012/02/19 09:42:51 | 000,690,474 | ---- | C] (  ) -- C:\Windows\SysWow64\adbcnsl.exe
[2012/02/15 17:18:48 | 000,290,116 | ---- | C] () -- C:\Users\KathTristan\Desktop\HumesLeafWarbler13feb2012KatwijkHolland2.mp3
[2012/02/15 17:18:41 | 001,385,169 | ---- | C] () -- C:\Users\KathTristan\Desktop\HumesLeafWarbler13feb2012KatwijkHolland.mp3
[2012/02/10 19:12:26 | 000,568,645 | ---- | C] () -- C:\Users\KathTristan\Desktop\img026.jpg
[2012/02/10 19:12:26 | 000,475,788 | ---- | C] () -- C:\Users\KathTristan\Desktop\img027.jpg
[2012/02/10 19:12:25 | 000,652,222 | ---- | C] () -- C:\Users\KathTristan\Desktop\img024.jpg
[2012/02/10 19:12:25 | 000,532,072 | ---- | C] () -- C:\Users\KathTristan\Desktop\img023.jpg
[2012/02/10 19:12:25 | 000,471,426 | ---- | C] () -- C:\Users\KathTristan\Desktop\img021.jpg
[2012/02/10 19:12:25 | 000,459,804 | ---- | C] () -- C:\Users\KathTristan\Desktop\img022.jpg
[2012/02/10 19:12:25 | 000,457,051 | ---- | C] () -- C:\Users\KathTristan\Desktop\img025.jpg
[2012/02/10 19:12:25 | 000,432,070 | ---- | C] () -- C:\Users\KathTristan\Desktop\img020.jpg
[2012/02/10 18:34:56 | 000,525,034 | ---- | C] () -- C:\Users\KathTristan\Desktop\img028.jpg
[2012/02/10 18:34:56 | 000,522,873 | ---- | C] () -- C:\Users\KathTristan\Desktop\img032.jpg
[2012/02/10 18:34:56 | 000,480,727 | ---- | C] () -- C:\Users\KathTristan\Desktop\img031.jpg
[2012/02/10 18:34:56 | 000,475,350 | ---- | C] () -- C:\Users\KathTristan\Desktop\img030.jpg
[2012/02/10 18:34:56 | 000,439,473 | ---- | C] () -- C:\Users\KathTristan\Desktop\img029.jpg
[2012/02/10 18:29:14 | 000,568,862 | ---- | C] () -- C:\Users\KathTristan\Desktop\img018.jpg
[2012/02/10 18:29:14 | 000,507,217 | ---- | C] () -- C:\Users\KathTristan\Desktop\img019.jpg
[2012/02/10 18:29:14 | 000,491,299 | ---- | C] () -- C:\Users\KathTristan\Desktop\img017.jpg
[2012/02/10 18:29:13 | 000,521,740 | ---- | C] () -- C:\Users\KathTristan\Desktop\img015.jpg
[2012/02/10 16:39:52 | 001,979,193 | ---- | C] () -- C:\Users\KathTristan\Desktop\img012.jpg
[2012/02/10 16:39:51 | 002,393,997 | ---- | C] () -- C:\Users\KathTristan\Desktop\img011.jpg
[2012/02/10 16:39:51 | 002,219,748 | ---- | C] () -- C:\Users\KathTristan\Desktop\img009.jpg
[2012/02/10 16:39:51 | 001,789,502 | ---- | C] () -- C:\Users\KathTristan\Desktop\img008.jpg
[2012/02/10 16:39:50 | 002,132,644 | ---- | C] () -- C:\Users\KathTristan\Desktop\img007.jpg
[2012/02/10 16:39:50 | 001,954,383 | ---- | C] () -- C:\Users\KathTristan\Desktop\img003.jpg
[2012/02/09 16:48:59 | 000,046,419 | ---- | C] () -- C:\Users\KathTristan\Desktop\paymentrequisition_tcm7-89169TristanReid.ods
[2012/02/09 16:41:42 | 000,040,327 | ---- | C] () -- C:\Users\KathTristan\Desktop\Your Booking Confirmation 6G6F6794.eml
[2012/02/09 16:41:25 | 000,125,448 | ---- | C] () -- C:\Users\KathTristan\Desktop\LateRooms.com Booking Confirmation - 17237469R.eml
[2012/02/09 16:33:34 | 000,046,182 | ---- | C] () -- C:\Users\KathTristan\Desktop\paymentrequisition_tcm7-89169.ods
[2012/02/09 12:28:48 | 000,019,719 | ---- | C] () -- C:\Users\KathTristan\Desktop\School-of-scalloped-hamme-007.jpg
[2012/02/08 18:14:41 | 000,180,830 | ---- | C] () -- C:\Users\KathTristan\Desktop\Erin Dress Measurements.zip
[2012/02/08 17:09:37 | 000,012,359 | ---- | C] () -- C:\Users\KathTristan\Desktop\Advertising Contacts.ods
[2012/02/08 09:50:19 | 000,097,717 | ---- | C] () -- C:\Users\KathTristan\Desktop\Caspian-Gull-B-1stw-Seaton-Common-30112011-7.jpg
[2012/02/07 09:23:04 | 000,018,828 | ---- | C] () -- C:\Users\KathTristan\Desktop\_58334605_harlequinharmoniaaxyridismatingmikemajerus.jpg
[2012/02/06 19:47:12 | 000,141,566 | ---- | C] () -- C:\Users\KathTristan\Desktop\jonnyrankin.jpg
[2012/02/03 19:06:06 | 000,019,272 | ---- | C] () -- C:\Users\KathTristan\Desktop\KathRunningabeg.jpg
[2012/02/03 19:04:49 | 000,031,398 | ---- | C] () -- C:\Users\KathTristan\Desktop\KathRunningabe.jpg
[2012/02/03 19:03:14 | 000,021,106 | ---- | C] () -- C:\Users\KathTristan\Desktop\KathRunningahe.jpg
[2012/02/03 19:01:59 | 000,036,030 | ---- | C] () -- C:\Users\KathTristan\Desktop\KathRunningahel.jpg
[2012/02/03 19:01:09 | 000,051,941 | ---- | C] () -- C:\Users\KathTristan\Desktop\KathRunningab.jpg
[2012/02/03 18:58:45 | 000,076,050 | ---- | C] () -- C:\Users\KathTristan\Desktop\KathRunninga.jpg
[2012/02/03 18:53:57 | 000,024,785 | ---- | C] () -- C:\Users\KathTristan\Desktop\kath1.jpg
[2012/02/01 18:30:04 | 000,077,897 | ---- | C] () -- C:\Users\KathTristan\Desktop\KathRunning.JPG
[2012/02/01 18:27:32 | 000,051,701 | ---- | C] () -- C:\Users\KathTristan\Desktop\Helvellyn Run, on the way up! - Dougallwebab.htm
[2012/02/01 18:26:56 | 000,051,621 | ---- | C] () -- C:\Users\KathTristan\Desktop\Helvellyn Run, on the way up! - Dougallweba.htm
[2012/01/24 21:06:56 | 000,001,456 | ---- | C] () -- C:\Users\KathTristan\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/10/17 13:25:35 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/10/17 13:25:34 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/10/17 13:25:33 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/10/17 13:25:33 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/10/17 13:25:32 | 013,356,032 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

========== LOP Check ==========

[2012/02/26 23:01:50 | 000,000,000 | ---D | M] -- C:\Users\KathTristan\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/01/29 12:45:26 | 000,000,000 | ---D | M] -- C:\Users\KathTristan\AppData\Roaming\Garmin
[2012/02/19 09:43:36 | 000,000,000 | ---D | M] -- C:\Users\KathTristan\AppData\Roaming\MMFApplications
[2012/02/06 11:31:20 | 000,000,000 | ---D | M] -- C:\Users\KathTristan\AppData\Roaming\NeatImage PS 64
[2012/01/23 19:15:45 | 000,000,000 | ---D | M] -- C:\Users\KathTristan\AppData\Roaming\OEM
[2012/01/23 22:20:01 | 000,000,000 | ---D | M] -- C:\Users\KathTristan\AppData\Roaming\OpenOffice.org
[2012/02/19 09:48:33 | 000,000,000 | ---D | M] -- C:\Users\KathTristan\AppData\Roaming\SongManager
[2012/01/23 19:29:31 | 000,000,000 | ---D | M] -- C:\Users\KathTristan\AppData\Roaming\Thunderbird
[2012/03/01 22:30:01 | 000,000,398 | ---- | M] () -- C:\Windows\Tasks\Acer Registration - Reminder Recall task.job
[2012/03/01 16:23:07 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 981 bytes -> C:\Users\KathTristan\Desktop\Your Booking Confirmation 6G6F6794.eml:OECustomProperty
@Alternate Data Stream - 949 bytes -> C:\Users\KathTristan\Desktop\LateRooms.com Booking Confirmation - 17237469R.eml:OECustomProperty
@Alternate Data Stream - 705 bytes -> C:\Users\KathTristan\Desktop\Birecik.eml:OECustomProperty

< End of report >

OTL Extras logfile created on: 02/03/2012 06:56:56 - Run 1
OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\KathTristan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.95 Gb Total Physical Memory | 4.15 Gb Available Physical Memory | 69.72% Memory free
11.89 Gb Paging File | 10.06 Gb Available in Paging File | 84.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457.45 Gb Total Space | 380.47 Gb Free Space | 83.17% Space Free | Partition Type: NTFS
Drive D: | 457.96 Gb Total Space | 457.83 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
Drive E: | 612.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: KATHTRISTAN-PC | User Name: KathTristan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EB418DDD-5365-4381-87F6-D8BBB21CC1CA}" = Garmin Communicator Plugin x64
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Neat Image plug-in for Photoshop_is1" = Neat Image v7.1.0 Pro plug-in for Photoshop (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{14C4C3B6-F1F4-401F-8C86-03E8E19AAC8C}" = clear.fi 
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17079027-EB8A-42C6-9BF8-825B78889F6A}" = Garmin Communicator Plugin
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 30
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}" = Evernote v. 4.5.1
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{31A645FA-7A60-444D-9640-51DCC31B7751}" = FastPictureViewer Codec Pack 3.1.0.53
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37126D87-E4FD-4614-B908-A0BB7ECE3992}" = clear.fi
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{4010ADCB-1347-D570-FCF1-3002CABEBD2F}" = Rosetta Stone TOTALe
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4C774C35-E0AF-72E1-136A-2BF666702268}" = Fooz Kids
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{542DA303-FB91-4731-9F37-6E518368D3B9}" = Windows Live Messenger
"{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}" = Nero Multimedia Suite 10 Essentials
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{820D0BA3-ACD7-4FB9-A3A7-0ADF0C66A4BE}" = Windows Live Messenger
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{82AF3E91-57E1-4754-84D0-40A46E2479AB}" = OpenOffice.org 3.3
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}" = Fooz Kids Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A3389C72-1782-4BB4-BBAA-33345DE52E3F}" = Windows Live Messenger
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.0) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BD0C3887-64E6-41D8-9A38-BC6F34369352}" = Windows Live Messenger
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E8E37C4F-DE01-4286-AFB6-9FBEC8265A1A}" = clear.fi 
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger
"{F35DC85A-E96B-496B-ABE7-F04192824856}" = Windows Live Messenger
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F783464C-C7C6-4E9B-AC40-BC90E5414BAF}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"ASIO4ALL" = ASIO4ALL
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Deckadance" = Deckadance
"FL Studio 10" = FL Studio 10
"FoozKids" = Fooz Kids
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"IL Download Manager" = IL Download Manager
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{37126D87-E4FD-4614-B908-A0BB7ECE3992}" = clear.fi
"Kobo" = Kobo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Mozilla Thunderbird 10.0.2 (x86 en-GB)" = Mozilla Thunderbird 10.0.2 (x86 en-GB)
"N360" = Norton 360
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 18/02/2012 03:27:38 | Computer Name = KathTristan-PC | Source = WinMgmt | ID = 10
Description =

Error - 18/02/2012 11:50:15 | Computer Name = KathTristan-PC | Source = WinMgmt | ID = 10
Description =

Error - 18/02/2012 14:01:39 | Computer Name = KathTristan-PC | Source = System Restore | ID = 8210
Description =

Error - 18/02/2012 14:02:52 | Computer Name = KathTristan-PC | Source = WinMgmt | ID = 10
Description =

Error - 18/02/2012 14:14:29 | Computer Name = KathTristan-PC | Source = WinMgmt | ID = 10
Description =

Error - 18/02/2012 14:35:51 | Computer Name = KathTristan-PC | Source = WinMgmt | ID = 10
Description =

Error - 19/02/2012 03:48:42 | Computer Name = KathTristan-PC | Source = WinMgmt | ID = 10
Description =

Error - 19/02/2012 05:48:45 | Computer Name = KathTristan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Deckadance.exe, version: 0.0.0.0, time 
stamp: 0x4da720b3 Faulting module name: Deckadance.exe, version: 0.0.0.0, time stamp:
0x4da720b3 Exception code: 0xc0000005 Fault offset: 0x000042f3 Faulting process id:
0x13ac Faulting application start time: 0x01cceeeba4517d4e Faulting application path:
C:\Program Files (x86)\VstPlugins\Deckadance\Deckadance.exe Faulting module path:
C:\Program Files (x86)\VstPlugins\Deckadance\Deckadance.exe Report Id: e94403e7-5ade-11e1-bdbb-c89cdc6ef8e3

Error - 19/02/2012 14:35:24 | Computer Name = KathTristan-PC | Source = WinMgmt | ID = 10
Description =

Error - 19/02/2012 17:36:03 | Computer Name = KathTristan-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 28/02/2012 03:45:08 | Computer Name = KathTristan-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Adobe
Licensing Console service to connect.

Error - 28/02/2012 03:45:08 | Computer Name = KathTristan-PC | Source = Service Control Manager | ID = 7000
Description = The Adobe Licensing Console service failed to start due to the following
error: %%1053

Error - 28/02/2012 05:33:46 | Computer Name = KathTristan-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Adobe
Licensing Console service to connect.

Error - 28/02/2012 05:33:46 | Computer Name = KathTristan-PC | Source = Service Control Manager | ID = 7000
Description = The Adobe Licensing Console service failed to start due to the following
error: %%1053

Error - 28/02/2012 08:10:18 | Computer Name = KathTristan-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Adobe
Licensing Console service to connect.

Error - 28/02/2012 08:10:18 | Computer Name = KathTristan-PC | Source = Service Control Manager | ID = 7000
Description = The Adobe Licensing Console service failed to start due to the following
error: %%1053

Error - 28/02/2012 12:28:21 | Computer Name = KathTristan-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Adobe
Licensing Console service to connect.

Error - 28/02/2012 12:28:21 | Computer Name = KathTristan-PC | Source = Service Control Manager | ID = 7000
Description = The Adobe Licensing Console service failed to start due to the following
error: %%1053

Error - 29/02/2012 02:44:32 | Computer Name = KathTristan-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Adobe
Licensing Console service to connect.

Error - 29/02/2012 02:44:32 | Computer Name = KathTristan-PC | Source = Service Control Manager | ID = 7000
Description = The Adobe Licensing Console service failed to start due to the following
error: %%1053

< End of report >


----------



## eddie5659 (Mar 19, 2001)

Just to let you know, I'm off to work in 10 mins, and I'll be back properly on Saturday, as Friday's I'm normally away.

I'll look at this fully then, but before you run Combofix, are you disabling Spybot's TeaTimer?

&#8226;Launch Spybot S&D, go to the Mode menu and make sure "Advanced Mode" is selected.

&#8226;On the left hand side, click on Tools, then click on the Resident Icon in the list.

&#8226;Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.

&#8226;Click on the "System Startup" icon in the List

&#8226;Uncheck the "TeaTimer" box and "OK" any prompts.

&#8226;If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.

&#8226;Exit Spybot S&D when done and reboot your computer.
(When we are done, you can re-enable Teatimer using the same steps but this time place a check next to "Resident TeaTimer" and check the "TeaTimer" box in System Startup.]


----------



## binocularface (Feb 28, 2012)

Many thanks Eddie;

I have tried this again after disabling Spybot's Teatimer and it still does not seem to work.

Just to let you know I will be away until Monday.

Huge thanks.
B


----------



## eddie5659 (Mar 19, 2001)

Okay, firstly do you recognise these? If you do, that's fine, as you have an infection that is sound related 

C:\Users\KathTristan\Desktop\HumesLeafWarbler13feb2012KatwijkHolland2.mp3
C:\Users\KathTristan\Desktop\HumesLeafWarbler13feb2012KatwijkHolland.mp3

However, I think I can see the main culprit, so lets see if we can remove it.

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:OTL
PRC - [2012/03/02 06:39:05 | 000,372,736 | ---- | M] ( ) -- C:\Windows\Temp\mrt49CB.tmp\stdrt.exe
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://uk.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=GB&ver=5
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
[2012/02/19 09:47:44 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\KathTristan\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2012/02/19 09:47:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012/02/19 09:46:40 | 000,735,608 | ---- | C] (BitTorrent, Inc.) -- C:\Users\KathTristan\Desktop\utorrent.exe
[2012/02/13 14:58:03 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Local\Conduit
@Alternate Data Stream - 981 bytes -> C:\Users\KathTristan\Desktop\Your Booking Confirmation 6G6F6794.eml:OECustomProperty
@Alternate Data Stream - 949 bytes -> C:\Users\KathTristan\Desktop\LateRooms.com Booking Confirmation - 17237469R.eml:OECustomProperty
@Alternate Data Stream - 705 bytes -> C:\Users\KathTristan\Desktop\Birecik.eml:OECustomProperty
:Files
ipconfig /flushdns /c
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[emptyjava]
[EMPTYFLASH] 
[CREATERESTOREPOINT] 
[Reboot]
```

Then click the *Run Fix* button at the top 
Click OK.
OTL may ask to reboot the machine. Please do so if asked.

The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.

----

Then, can you run this for me after the above fix has been run:

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:

```
:dir
C:\Windows\TEMP /sub
:filefind
*Conduit
*utorrent
:folderfind
*Conduit
*utorrent
:regfind
*Conduit
*utorrent
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*

eddie


----------



## binocularface (Feb 28, 2012)

Thanks again Eddie!

The logs requested:

*OTL:*

All processes killed
========== OTL ==========
No active process named stdrt.exe was found!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
C:\Users\KathTristan\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\searchplugin folder moved successfully.
C:\Users\KathTristan\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\modules folder moved successfully.
C:\Users\KathTristan\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\META-INF folder moved successfully.
C:\Users\KathTristan\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\defaults folder moved successfully.
C:\Users\KathTristan\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components folder moved successfully.
C:\Users\KathTristan\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome folder moved successfully.
C:\Users\KathTristan\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} folder moved successfully.
127.0.0.1 activate.adobe.com removed from HOSTS file successfully
127.0.0.1 ereg.adobe.com removed from HOSTS file successfully
127.0.0.1 activate.wip3.adobe.com removed from HOSTS file successfully
127.0.0.1 wip3.adobe.com removed from HOSTS file successfully
127.0.0.1 3dns-3.adobe.com removed from HOSTS file successfully
127.0.0.1 3dns-2.adobe.com removed from HOSTS file successfully
127.0.0.1 adobe-dns.adobe.com removed from HOSTS file successfully
127.0.0.1 adobe-dns-2.adobe.com removed from HOSTS file successfully
127.0.0.1 adobe-dns-3.adobe.com removed from HOSTS file successfully
127.0.0.1 activate-sea.adobe.com removed from HOSTS file successfully
127.0.0.1 wwis-dubc1-vip60.adobe.com removed from HOSTS file successfully
127.0.0.1 activate-sjc0.adobe.com removed from HOSTS file successfully
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Program Files (x86)\Conduit\Community Alerts folder moved successfully.
C:\Program Files (x86)\Conduit folder moved successfully.
C:\Users\KathTristan\Desktop\utorrent.exe moved successfully.
C:\Users\KathTristan\AppData\Local\Conduit folder moved successfully.
ADS C:\Users\KathTristan\Desktop\Your Booking Confirmation 6G6F6794.eml:OECustomProperty deleted successfully.
ADS C:\Users\KathTristan\Desktop\LateRooms.com Booking Confirmation - 17237469R.eml:OECustomProperty deleted successfully.
ADS C:\Users\KathTristan\Desktop\Birecik.eml:OECustomProperty deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\KathTristan\Desktop\cmd.bat deleted successfully.
C:\Users\KathTristan\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: KathTristan
->Temp folder emptied: 3982508 bytes
->Temporary Internet Files folder emptied: 43655 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 368984893 bytes
->Flash cache emptied: 11061 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 51431645 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 405.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: KathTristan
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: KathTristan
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.34.0 log created on 03052012_200554

Files\Folders moved on Reboot...
C:\Users\KathTristan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

*System Lookup:*

SystemLook 30.07.11 by jpshortstuff
Log created at 20:09 on 05/03/2012 by KathTristan
Administrator - Elevation successful

========== dir ==========

C:\Windows\TEMP - Parameters: "/sub"

---Files---
fla4C51.tmp	--a---- 0 bytes	[20:09 05/03/2012]	[20:09 05/03/2012]

C:\Windows\TEMP\mrt43D2.tmp	d------	[20:07 05/03/2012]
aviflt.ift	--a---- 24576 bytes	[20:07 05/03/2012]	[20:07 05/03/2012]
bmpflt.ift	--a---- 24576 bytes	[20:07 05/03/2012]	[20:07 05/03/2012]
Download.mfx	--a---- 11264 bytes	[20:07 05/03/2012]	[20:07 05/03/2012]
fliflt.ift	--a---- 28672 bytes	[20:07 05/03/2012]	[20:07 05/03/2012]
Get.mfx	--a---- 12800 bytes	[20:07 05/03/2012]	[20:07 05/03/2012]
gifflt.ift	--a---- 28672 bytes	[20:07 05/03/2012]	[20:07 05/03/2012]
jpgflt.ift	--a---- 94208 bytes	[20:07 05/03/2012]	[20:07 05/03/2012]
kcfile.mfx	--a---- 36864 bytes	[20:07 05/03/2012]	[20:07 05/03/2012]
kcini.mfx	--a---- 28672 bytes	[20:07 05/03/2012]	[20:07 05/03/2012]
kclist.mfx	--a---- 32768 bytes	[20:07 05/03/2012]	[20:07 05/03/2012]
KcWebX.mfx	--a---- 161280 bytes	[20:07 05/03/2012]	[20:07 05/03/2012]
mmfs2.dll	--a---- 307200 bytes	[20:07 05/03/2012]	[20:07 05/03/2012]
pcxflt.ift	--a---- 24576 bytes	[20:07 05/03/2012]	[20:07 05/03/2012]
pngflt.ift	--a---- 81920 bytes	[20:07 05/03/2012]	[20:07 05/03/2012]
Registry2.mfx	--a---- 14336 bytes	[20:07 05/03/2012]	[20:07 05/03/2012]
stdrt.exe	--a---- 372736 bytes	[20:07 05/03/2012]	[20:07 05/03/2012]
tgaflt.ift	--a---- 24576 bytes	[20:07 05/03/2012]	[20:07 05/03/2012]
volume.mfx	--a---- 102400 bytes	[20:07 05/03/2012]	[20:07 05/03/2012]

========== filefind ==========

Searching for "*Conduit"
No files found.

Searching for "*utorrent"
No files found.

========== folderfind ==========

Searching for "*Conduit"
C:\Users\KathTristan\AppData\LocalLow\Conduit	d------	[14:58 13/02/2012]
C:\_OTL\MovedFiles\03052012_200554\C_Program Files (x86)\Conduit	d------	[09:47 19/02/2012]
C:\_OTL\MovedFiles\03052012_200554\C_Users\KathTristan\AppData\Local\Conduit	d------	[14:58 13/02/2012]

Searching for "*utorrent"
No folders found.

========== regfind ==========

Searching for "*Conduit"
No data found.

Searching for "*utorrent"
No data found.

-= EOF =-


----------



## binocularface (Feb 28, 2012)

eddie5659 said:


> Okay, firstly do you recognise these? If you do, that's fine, as you have an infection that is sound related
> 
> C:\Users\KathTristan\Desktop\HumesLeafWarbler13feb2012KatwijkHolland2.mp3
> C:\Users\KathTristan\Desktop\HumesLeafWarbler13feb2012KatwijkHolland.mp3


Yes, I do recognise these files - they are sound files recorded by a friend of mine on a recent trip to the Netherlands.


----------



## eddie5659 (Mar 19, 2001)

Okay, looks like the file is still there.

Can you see if you can run ComboFix in safe mode? Delete the one you have, and download a fresh one but before you save it to your desktop, call it football.exe

Then, reboot to safe mode and try running it again.

See here on how to boot to safemode:

http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/#windows7


----------



## binocularface (Feb 28, 2012)

Thanks Eddie - I ran Combofix in Safemode and here is the log report:

ComboFix 12-03-04.02 - KathTristan 06/03/2012 13:16:42.6.4 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6088.4878 [GMT 0:00]
Running from: c:\users\KathTristan\Desktop\football.exe.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-02-06 to 2012-03-06 )))))))))))))))))))))))))))))))
.
.
2012-03-06 13:19 . 2012-03-06 13:19	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-03-05 20:05 . 2012-03-05 20:05	--------	d-----w-	C:\_OTL
2012-02-29 22:36 . 2012-02-29 22:36	--------	d-----w-	c:\users\KathTristan\AppData\Roaming\SUPERAntiSpyware.com
2012-02-29 22:36 . 2012-02-29 22:43	--------	d-----w-	c:\program files\SUPERAntiSpyware
2012-02-29 22:36 . 2012-02-29 22:36	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2012-02-29 22:33 . 2012-02-29 22:33	--------	d-----w-	c:\users\KathTristan\AppData\Roaming\Malwarebytes
2012-02-29 22:33 . 2012-02-29 22:33	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-29 22:33 . 2012-02-29 22:33	--------	d-----w-	c:\programdata\Malwarebytes
2012-02-29 22:33 . 2011-12-10 15:24	23152	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-02-28 11:23 . 2012-02-28 11:35	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2012-02-28 11:23 . 2012-02-28 11:26	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy
2012-02-28 10:27 . 2012-02-28 10:27	388096	----a-r-	c:\users\KathTristan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-28 10:27 . 2012-02-28 10:27	--------	d-----w-	c:\program files (x86)\Trend Micro
2012-02-26 23:01 . 2012-02-26 23:01	--------	d-----w-	c:\users\KathTristan\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-02-25 15:11 . 2012-02-25 15:11	--------	d-----w-	c:\windows\Sun
2012-02-19 18:33 . 2012-02-19 18:33	384	----a-w-	c:\windows\SysWow64\checkOS.bat
2012-02-19 09:49 . 2012-02-28 11:26	--------	d-----w-	c:\users\KathTristan\AppData\Local\CrashDumps
2012-02-19 09:48 . 2012-02-19 09:48	--------	d-----w-	c:\users\KathTristan\AppData\Roaming\SongManager
2012-02-19 09:45 . 2012-02-19 09:48	--------	d-----w-	c:\program files (x86)\VstPlugins
2012-02-19 09:45 . 2006-06-20 08:56	225280	----a-w-	c:\windows\SysWow64\rewire.dll
2012-02-19 09:45 . 2009-09-15 09:14	1554944	----a-w-	c:\windows\SysWow64\vorbis.acm
2012-02-19 09:43 . 2012-02-19 09:43	--------	d-----w-	c:\users\KathTristan\AppData\Roaming\MMFApplications
2012-02-19 09:42 . 2012-02-19 09:42	690474	----a-w-	c:\windows\SysWow64\adbcnsl.exe
2012-02-19 07:51 . 2012-01-04 10:44	509952	----a-w-	c:\windows\system32\ntshrui.dll
2012-02-19 07:51 . 2012-01-04 08:58	442880	----a-w-	c:\windows\SysWow64\ntshrui.dll
2012-02-19 07:51 . 2012-01-14 04:06	3145728	----a-w-	c:\windows\system32\win32k.sys
2012-02-19 07:51 . 2011-12-30 06:26	515584	----a-w-	c:\windows\system32\timedate.cpl
2012-02-19 07:51 . 2011-12-30 05:27	478720	----a-w-	c:\windows\SysWow64\timedate.cpl
2012-02-19 07:51 . 2011-12-28 03:59	498688	----a-w-	c:\windows\system32\drivers\afd.sys
2012-02-19 07:51 . 2011-12-16 08:46	634880	----a-w-	c:\windows\system32\msvcrt.dll
2012-02-19 07:51 . 2011-12-16 07:52	690688	----a-w-	c:\windows\SysWow64\msvcrt.dll
2012-02-13 22:14 . 2012-02-19 09:46	--------	d-----w-	c:\program files (x86)\ASIO4ALL v2
2012-02-13 18:33 . 2012-02-13 18:33	--------	d-----w-	c:\program files (x86)\Outsim
2012-02-13 18:32 . 2012-02-13 18:33	--------	d-----w-	c:\program files (x86)\Image-Line
2012-02-12 17:05 . 2012-02-12 17:05	--------	d-----w-	c:\programdata\RosettaStoneLtdServices
2012-02-08 11:06 . 2012-02-12 16:55	--------	d-----w-	c:\users\KathTristan\AppData\Local\Diagnostics
2012-02-06 11:31 . 2012-02-06 11:31	--------	d-----w-	c:\users\KathTristan\AppData\Roaming\NeatImage PS 64
2012-02-06 10:34 . 2012-02-06 10:34	--------	d-----w-	c:\program files\Neat Image for Photoshop
2012-02-06 09:10 . 2012-03-05 14:03	--------	d-----w-	c:\users\KathTristan\AppData\Local\Windows Live
2012-02-06 07:48 . 2012-02-06 07:48	--------	d-----w-	c:\windows\WICCodecs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-23 19:28 . 2012-01-23 19:24	174200	----a-w-	c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-01-23 19:26 . 2011-03-29 01:36	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-12-11 00:48 . 2011-12-11 00:48	177664	----a-w-	c:\windows\system32\EKAiO2COI07.dll
2011-12-11 00:47 . 2011-12-11 00:47	1058304	----a-w-	c:\windows\system32\EKAiO2MON.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 5487488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-06-21 341360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-08-31 185640]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2011-08-11 627304]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe" [2011-10-17 247968]
.
c:\users\KathTristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 Adobe Licensing Console;Adobe Licensing Console;c:\windows\SysWOW64\adbcnsl.exe [2012-02-19 690474]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-06-21 173424]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20120215.001\BHDrvx64.sys [2012-02-15 1157240]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20120305.001\IDSvia64.sys [2012-02-17 488568]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-30 36456]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe [2011-04-17 130008]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-06 c:\windows\Tasks\Acer Registration - Reminder Recall task.job
- c:\program files (x86)\Acer\Registration\GREG.exe [2011-05-11 11:30]
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2697856359-3395195805-1778775960-1001Core.job
- c:\users\KathTristan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-23 19:27]
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2697856359-3395195805-1778775960-1001UA.job
- c:\users\KathTristan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-23 19:27]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-14 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-14 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-14 416024]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-11 11580520]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"EKAIO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe" [2011-12-11 3240448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://acer.msn.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: DhcpNameServer = 192.168.1.254
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:08,cf,9d,66,32,f1,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{11D741B8-DD31-4707-B06A-7A68E3D84884}*]
@=hex:99,42,b1,b2,a3,e4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{1A493EAC-93D3-4646-B911-4697A475FF4B}*]
@=hex:d9,29,9c,b4,a3,e4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{20EF7B60-CE85-4048-A409-02CB203268EE}*]
@=hex:c7,ea,52,b4,a3,e4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{242E582C-66A8-478C-8BCA-0AF9F1D38D39}*]
@=hex:f0,82,26,b4,a3,e4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{29638F0C-042B-4B50-A2D2-8E8E7CA71E4F}*]
@=hex:ec,88,a9,b3,a3,e4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{3B84C2D7-708C-48EF-8ED7-0C5FC0F030C6}*]
@=hex:01,84,73,b3,a3,e4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{3B8C523D-E999-4C87-BB58-E03B7F5C67F8}*]
@=hex:3a,52,2d,b3,a3,e4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}*]
@=hex:65,e8,74,b6,a3,e4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{787E3340-6D04-4BF3-BCC2-2AD3630471CE}*]
@=hex:59,2b,a0,b2,a3,e4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{861F5797-5F25-43E6-9510-527D056BC13C}*]
@=hex:36,12,39,b3,a3,e4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{92561398-2ED8-42AF-86E2-66FA8E9DC46E}*]
@=hex:ff,5b,c8,b3,a3,e4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{97A98033-9FA1-4E80-A339-59787B43CC89}*]
@=hex:d3,34,92,b6,a3,e4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}*]
@=hex:61,9b,26,b3,a3,e4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{B67DA794-42D6-4DFE-AE29-0334338228C9}*]
@=hex:d9,8f,d7,b2,a3,e4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C4B20040-7D5A-4558-9E19-B7DF94366F97}*]
@=hex:2b,29,a1,b6,a3,e4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C514227C-0AF4-44BB-816A-E9483A4302C9}*]
@=hex:25,47,01,b4,a3,e4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C55AC07F-5B51-486C-811A-750184298D58}*]
@=hex:08,f3,7d,b4,a3,e4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C7A40493-BF23-4B53-AB2A-4A923B3EE34B}*]
@=hex:20,93,fb,b2,a3,e4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{E14E55A7-29C8-4389-8E5A-3EF964510FCA}*]
@=hex:46,cc,92,b3,a3,e4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{F5E30566-7C8F-4037-A8FF-A7382E251C56}*]
@=hex:6d,a8,e5,b3,a3,e4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\TEMP\mrt4604.tmp\stdrt.exe
c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
c:\program files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-03-06 13:24:01 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-06 13:24
.
Pre-Run: 407,190,560,768 bytes free
Post-Run: 407,078,842,368 bytes free
.
- - End Of File - - 82A4565C6456CF14B76F62651DC998B4


----------



## eddie5659 (Mar 19, 2001)

Okay, there is a file I want to have a better look at, that may be causing the removal problems we're getting.


Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Under the Custom Scan box paste this in


```
netsvcs
%SYSTEMDRIVE%\*.*
%windir%\system32\tasks\*.*
/md5start
stdrt.exe
adbcnsl.exe
netdtect.sys
rca.sys
ip6fw.sys
secdrv.sys
runtime.sys
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys 
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
CREATERESTOREPOINT
```

Then click the *Run Scan* button at the top 
When the scan completes, please copy *(Edit->Select All, Edit->Copy)* the contents and post them in your topic 

Only one log may be produced, which is fine


----------



## binocularface (Feb 28, 2012)

Many thanks Eddie. Here are the log files:

OTL logfile created on: 07/03/2012 19:47:38 - Run 2
OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\KathTristan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.95 Gb Total Physical Memory | 3.89 Gb Available Physical Memory | 65.46% Memory free
11.89 Gb Paging File | 9.76 Gb Available in Paging File | 82.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457.45 Gb Total Space | 378.85 Gb Free Space | 82.82% Space Free | Partition Type: NTFS
Drive D: | 457.96 Gb Total Space | 457.83 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
Drive E: | 612.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: KATHTRISTAN-PC | User Name: KathTristan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/07 16:26:50 | 000,372,736 | ---- | M] ( ) -- C:\Windows\temp\mrt498D.tmp\stdrt.exe
PRC - [2012/03/02 06:56:14 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\KathTristan\Desktop\OTL.exe
PRC - [2011/10/12 10:22:02 | 000,218,408 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2011/10/12 10:22:01 | 000,321,832 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
PRC - [2011/10/12 10:22:00 | 000,214,312 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
PRC - [2011/08/31 10:35:01 | 000,185,640 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
PRC - [2011/08/11 03:58:26 | 000,627,304 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2011/06/06 19:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/30 02:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2011/04/22 16:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2011/04/17 00:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccsvchst.exe
PRC - [2011/01/18 03:08:58 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/18 03:08:58 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/12/20 10:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 10:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/11/06 07:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/05/04 19:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

========== Modules (No Company Name) ==========

MOD - [2012/03/06 11:49:48 | 000,429,040 | ---- | M] () -- C:\Users\KathTristan\AppData\Local\Google\Chrome\Application\17.0.963.66\ppgooglenaclpluginchrome.dll
MOD - [2012/03/06 11:49:46 | 003,772,912 | ---- | M] () -- C:\Users\KathTristan\AppData\Local\Google\Chrome\Application\17.0.963.66\pdf.dll
MOD - [2012/03/06 11:48:22 | 000,122,880 | ---- | M] () -- C:\Users\KathTristan\AppData\Local\Google\Chrome\Application\17.0.963.66\avutil-51.dll
MOD - [2012/03/06 11:48:20 | 000,220,672 | ---- | M] () -- C:\Users\KathTristan\AppData\Local\Google\Chrome\Application\17.0.963.66\avformat-53.dll
MOD - [2012/03/06 11:48:19 | 001,747,456 | ---- | M] () -- C:\Users\KathTristan\AppData\Local\Google\Chrome\Application\17.0.963.66\avcodec-53.dll
MOD - [2012/03/06 08:25:19 | 008,593,056 | ---- | M] () -- C:\Users\KathTristan\AppData\Local\Google\Chrome\Application\17.0.963.66\gcswf32.dll
MOD - [2012/01/23 19:54:29 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/10/12 10:22:01 | 000,321,832 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
MOD - [2011/10/12 10:22:00 | 000,370,984 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2011/08/11 03:58:26 | 000,627,304 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2011/08/11 03:57:22 | 000,151,656 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll

========== Win32 Services (SafeList) ==========

SRV:*64bit:* - [2011/08/11 23:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:*64bit:* - [2011/04/22 16:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:*64bit:* - [2010/09/23 01:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:*64bit:* - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/02/19 09:42:51 | 000,690,474 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysWOW64\adbcnsl.exe -- (Adobe Licensing Console)
SRV - [2011/06/21 19:55:04 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2011/06/06 19:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/30 02:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011/04/17 00:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe -- (N360)
SRV - [2010/12/20 10:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/12/20 10:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/11/06 07:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/05/04 19:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2012/01/23 19:28:29 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:*64bit:* - [2011/10/17 13:39:44 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:*64bit:* - [2011/10/17 13:39:44 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:*64bit:* - [2011/10/17 13:39:44 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:*64bit:* - [2011/07/22 16:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:*64bit:* - [2011/07/14 05:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2011/07/14 05:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2011/07/12 21:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:*64bit:* - [2011/07/06 12:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:*64bit:* - [2011/04/21 01:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symnets.sys -- (SymNetS)
DRV:*64bit:* - [2011/04/10 03:51:06 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:*64bit:* - [2011/03/31 03:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\srtsp64.sys -- (SRTSP)
DRV:*64bit:* - [2011/03/31 03:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:*64bit:* - [2011/03/15 02:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symefa64.sys -- (SymEFA)
DRV:*64bit:* - [2011/01/27 06:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symds64.sys -- (SymDS)
DRV:*64bit:* - [2010/12/20 18:31:00 | 000,316,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R)
DRV:*64bit:* - [2010/11/21 03:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2010/11/21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2010/11/21 03:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:*64bit:* - [2010/11/16 00:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\ironx64.sys -- (SymIRON)
DRV:*64bit:* - [2010/11/06 07:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:*64bit:* - [2010/10/19 08:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:*64bit:* - [2010/10/14 17:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:*64bit:* - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/06/10 20:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:*64bit:* - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:*64bit:* - [2009/05/08 11:08:00 | 000,020,520 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV - [2012/03/06 16:04:10 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20120306.002\IDSviA64.sys -- (IDSVia64)
DRV - [2012/03/02 18:58:01 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20120302.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/02/18 18:15:55 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20120306.036\EX64.SYS -- (NAVEX15)
DRV - [2012/02/18 18:15:55 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20120306.036\ENG64.SYS -- (NAVENG)
DRV - [2012/02/04 19:28:52 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/02/04 19:28:52 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\KathTristan\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\KathTristan\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\IPSFFPlgn\ [2012/02/18 18:11:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\coFFPlgn_2011_7_5_2 [2012/03/07 16:27:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/21 17:33:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2012/01/23 19:29:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KathTristan\AppData\Roaming\Mozilla\Extensions
[2012/03/05 20:05:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KathTristan\AppData\Roaming\Mozilla\Firefox\extensions
[2012/01/24 22:42:28 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\USERS\KATHTRISTAN\APPDATA\ROAMING\THUNDERBIRD\PROFILES\E9NA3W38.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\KATHTRISTAN\APPDATA\ROAMING\THUNDERBIRD\PROFILES\E9NA3W38.DEFAULT\EXTENSIONS\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\KathTristan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\KathTristan\AppData\Local\Google\Chrome\Application\17.0.963.66\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\KathTristan\AppData\Local\Google\Chrome\Application\17.0.963.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\KathTristan\AppData\Local\Google\Chrome\Application\17.0.963.66\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\KathTristan\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\KathTristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: AddThis - Share & Bookmark (new) = C:\Users\KathTristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\2.9.5_0\
CHR - Extension: Google Search = C:\Users\KathTristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Gmail = C:\Users\KathTristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/03/06 13:21:00 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O4:*64bit:* - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:*64bit:* - HKLM..\Run: [EKAIO2StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKAiO2MUI.exe (Eastman Kodak Company)
O4:*64bit:* - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\KathTristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8671C30-CFA5-45E6-957C-6D6528B554C5}: DhcpNameServer = 192.168.1.254
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/06 22:46:35 | 000,000,040 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/06 14:15:43 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/06 13:19:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/05 20:05:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/05 14:02:58 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Local\{F2B94E37-75F4-4270-9E39-0E3A1DA3D0C8}
[2012/03/05 14:02:48 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Local\{16F1AF43-06F0-49E2-A6A9-7358D8A3D959}
[2012/03/02 06:56:20 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\KathTristan\Desktop\OTL.exe
[2012/03/01 20:59:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/01 20:59:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/01 20:59:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/01 20:59:51 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/01 20:58:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/29 22:36:48 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Roaming\SUPERAntiSpyware.com
[2012/02/29 22:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/02/29 22:36:32 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/02/29 22:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/02/29 22:33:47 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Roaming\Malwarebytes
[2012/02/29 22:33:41 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/02/29 22:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/29 22:33:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/02/29 22:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/28 11:23:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/02/28 11:23:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/02/28 11:23:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/02/28 10:48:56 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\KathTristan\Desktop\dds.com
[2012/02/28 10:27:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/02/28 10:27:11 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/02/27 16:57:40 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Local\{0756F7BF-D790-4FE4-A9A6-FEBE7FEE4044}
[2012/02/27 16:57:30 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Local\{0D35CABB-247D-41FC-A518-BDAEFAD24F67}
[2012/02/26 23:01:50 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/02/26 19:27:25 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\Desktop\Kumlien's etc Hartlepool
[2012/02/25 15:11:27 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/02/24 14:25:16 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\Desktop\Snowfinch
[2012/02/19 20:15:12 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Local\{A903543A-3A4D-4F36-BF0C-31EFE20E9C02}
[2012/02/19 20:15:02 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Local\{6C4C167E-61BB-4EB3-B736-2475F6C750C9}
[2012/02/19 18:45:02 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\Desktop\Red-breasted Goose etc
[2012/02/19 10:34:36 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/19 10:34:36 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/19 10:34:35 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/02/19 10:34:35 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/19 10:34:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/19 10:34:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/19 10:34:34 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/02/19 10:34:34 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/02/19 10:34:34 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/02/19 10:34:34 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/19 10:34:34 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/19 09:49:02 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Local\CrashDumps
[2012/02/19 09:48:33 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Roaming\SongManager
[2012/02/19 09:46:12 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
[2012/02/19 09:45:20 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\rewire.dll
[2012/02/19 09:45:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VstPlugins
[2012/02/19 09:45:13 | 001,554,944 | ---- | C] (HMS http://hp.vector.co.jp/authors/VA012897/) -- C:\Windows\SysWow64\vorbis.acm
[2012/02/19 09:45:13 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
[2012/02/19 09:45:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
[2012/02/19 09:43:36 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Roaming\MMFApplications
[2012/02/19 07:51:54 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/02/19 07:51:52 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/02/19 07:51:52 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/02/19 07:51:28 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/13 22:14:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASIO4ALL v2
[2012/02/13 18:33:43 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\Documents\Image-Line
[2012/02/13 18:33:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Outsim
[2012/02/13 18:32:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Image-Line
[2012/02/12 17:05:28 | 000,000,000 | ---D | C] -- C:\ProgramData\RosettaStoneLtdServices
[2012/02/08 11:06:06 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Local\Diagnostics

========== Files - Modified Within 30 Days ==========

[2012/03/07 19:47:57 | 000,000,033 | ---- | M] () -- C:\Windows\SysWow64\deck.ini
[2012/03/07 19:37:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2697856359-3395195805-1778775960-1001UA.job
[2012/03/07 19:30:00 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\Acer Registration - Reminder Recall task.job
[2012/03/07 16:34:27 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/07 16:34:27 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/07 16:26:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/07 16:26:40 | 492,822,527 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/07 07:37:47 | 000,002,441 | ---- | M] () -- C:\Users\KathTristan\Desktop\Google Chrome.lnk
[2012/03/07 07:37:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2697856359-3395195805-1778775960-1001Core.job
[2012/03/07 07:33:30 | 000,002,600 | ---- | M] () -- C:\{7AF810F8-077F-4444-A7AD-48F65DD0C07F}
[2012/03/06 16:42:30 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/06 16:42:30 | 000,628,024 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/06 16:42:30 | 000,110,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/06 13:21:00 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/06 09:13:27 | 000,182,374 | ---- | M] () -- C:\Users\KathTristan\Desktop\BigBirdRaceTeam.jpg
[2012/03/05 20:08:40 | 000,165,376 | ---- | M] () -- C:\Users\KathTristan\Desktop\SystemLook_x64.exe
[2012/03/05 20:06:00 | 010,363,220 | ---- | M] () -- C:\Users\KathTristan\Desktop\Birecik.eml
[2012/03/05 20:05:59 | 000,125,448 | ---- | M] () -- C:\Users\KathTristan\Desktop\LateRooms.com Booking Confirmation - 17237469R.eml
[2012/03/05 20:05:56 | 000,040,327 | ---- | M] () -- C:\Users\KathTristan\Desktop\Your Booking Confirmation 6G6F6794.eml
[2012/03/05 14:01:58 | 003,036,613 | ---- | M] () -- C:\Users\KathTristan\Desktop\Haweswater Mile 8.jpg
[2012/03/02 08:12:12 | 000,182,060 | ---- | M] () -- C:\Users\KathTristan\Desktop\ExpensesTReid.JPG
[2012/03/02 06:56:14 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\KathTristan\Desktop\OTL.exe
[2012/03/01 19:38:06 | 000,000,512 | ---- | M] () -- C:\Users\KathTristan\Desktop\MBR.dat
[2012/02/29 22:36:35 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/02/29 22:33:41 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/28 11:23:43 | 000,001,250 | ---- | M] () -- C:\Users\KathTristan\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/02/28 11:23:43 | 000,001,226 | ---- | M] () -- C:\Users\KathTristan\Desktop\Spybot - Search & Destroy.lnk
[2012/02/28 10:48:45 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\KathTristan\Desktop\dds.com
[2012/02/28 10:30:56 | 000,002,969 | ---- | M] () -- C:\Users\KathTristan\Desktop\HiJackThis (2).lnk
[2012/02/28 10:27:11 | 000,003,003 | ---- | M] () -- C:\Users\KathTristan\Desktop\HiJackThis.lnk
[2012/02/27 16:52:59 | 000,001,456 | ---- | M] () -- C:\Users\KathTristan\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/02/23 13:11:56 | 010,577,547 | ---- | M] () -- C:\Users\KathTristan\Desktop\Bonaparte's Gull - Drain Bay (98).jpg
[2012/02/21 10:28:47 | 002,341,512 | ---- | M] () -- C:\Users\KathTristan\Desktop\Millom proposed works 2011 vBBS Route TREID.jpg
[2012/02/20 07:19:32 | 004,855,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/19 18:33:55 | 000,000,384 | ---- | M] () -- C:\Windows\SysWow64\checkOS.bat
[2012/02/19 09:48:29 | 000,002,066 | ---- | M] () -- C:\Users\KathTristan\Desktop\Deckadance.lnk
[2012/02/19 09:46:12 | 000,001,106 | ---- | M] () -- C:\Users\KathTristan\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2012/02/19 09:45:19 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\FL Studio 10.lnk
[2012/02/19 09:42:51 | 000,690,474 | ---- | M] ( ) -- C:\Windows\SysWow64\adbcnsl.exe
[2012/02/15 17:18:48 | 000,290,116 | ---- | M] () -- C:\Users\KathTristan\Desktop\HumesLeafWarbler13feb2012KatwijkHolland2.mp3
[2012/02/15 17:18:41 | 001,385,169 | ---- | M] () -- C:\Users\KathTristan\Desktop\HumesLeafWarbler13feb2012KatwijkHolland.mp3
[2012/02/10 19:12:26 | 000,568,645 | ---- | M] () -- C:\Users\KathTristan\Desktop\img026.jpg
[2012/02/10 19:12:26 | 000,475,788 | ---- | M] () -- C:\Users\KathTristan\Desktop\img027.jpg
[2012/02/10 19:12:26 | 000,457,051 | ---- | M] () -- C:\Users\KathTristan\Desktop\img025.jpg
[2012/02/10 19:12:25 | 000,652,222 | ---- | M] () -- C:\Users\KathTristan\Desktop\img024.jpg
[2012/02/10 19:12:25 | 000,532,072 | ---- | M] () -- C:\Users\KathTristan\Desktop\img023.jpg
[2012/02/10 19:12:25 | 000,471,426 | ---- | M] () -- C:\Users\KathTristan\Desktop\img021.jpg
[2012/02/10 19:12:25 | 000,459,804 | ---- | M] () -- C:\Users\KathTristan\Desktop\img022.jpg
[2012/02/10 19:12:25 | 000,432,070 | ---- | M] () -- C:\Users\KathTristan\Desktop\img020.jpg
[2012/02/10 18:34:56 | 000,525,034 | ---- | M] () -- C:\Users\KathTristan\Desktop\img028.jpg
[2012/02/10 18:34:56 | 000,522,873 | ---- | M] () -- C:\Users\KathTristan\Desktop\img032.jpg
[2012/02/10 18:34:56 | 000,480,727 | ---- | M] () -- C:\Users\KathTristan\Desktop\img031.jpg
[2012/02/10 18:34:56 | 000,475,350 | ---- | M] () -- C:\Users\KathTristan\Desktop\img030.jpg
[2012/02/10 18:34:56 | 000,439,473 | ---- | M] () -- C:\Users\KathTristan\Desktop\img029.jpg
[2012/02/10 18:29:14 | 000,568,862 | ---- | M] () -- C:\Users\KathTristan\Desktop\img018.jpg
[2012/02/10 18:29:14 | 000,507,217 | ---- | M] () -- C:\Users\KathTristan\Desktop\img019.jpg
[2012/02/10 18:29:14 | 000,491,299 | ---- | M] () -- C:\Users\KathTristan\Desktop\img017.jpg
[2012/02/10 18:29:13 | 000,521,740 | ---- | M] () -- C:\Users\KathTristan\Desktop\img015.jpg
[2012/02/10 16:39:52 | 002,393,997 | ---- | M] () -- C:\Users\KathTristan\Desktop\img011.jpg
[2012/02/10 16:39:52 | 001,979,193 | ---- | M] () -- C:\Users\KathTristan\Desktop\img012.jpg
[2012/02/10 16:39:51 | 002,219,748 | ---- | M] () -- C:\Users\KathTristan\Desktop\img009.jpg
[2012/02/10 16:39:51 | 002,132,644 | ---- | M] () -- C:\Users\KathTristan\Desktop\img007.jpg
[2012/02/10 16:39:51 | 001,954,383 | ---- | M] () -- C:\Users\KathTristan\Desktop\img003.jpg
[2012/02/10 16:39:51 | 001,789,502 | ---- | M] () -- C:\Users\KathTristan\Desktop\img008.jpg
[2012/02/09 17:21:09 | 000,046,419 | ---- | M] () -- C:\Users\KathTristan\Desktop\paymentrequisition_tcm7-89169TristanReid.ods
[2012/02/09 16:33:37 | 000,046,182 | ---- | M] () -- C:\Users\KathTristan\Desktop\paymentrequisition_tcm7-89169.ods
[2012/02/09 12:28:42 | 000,019,719 | ---- | M] () -- C:\Users\KathTristan\Desktop\School-of-scalloped-hamme-007.jpg
[2012/02/08 18:14:41 | 000,180,830 | ---- | M] () -- C:\Users\KathTristan\Desktop\Erin Dress Measurements.zip
[2012/02/08 17:09:38 | 000,012,359 | ---- | M] () -- C:\Users\KathTristan\Desktop\Advertising Contacts.ods
[2012/02/08 09:50:13 | 000,097,717 | ---- | M] () -- C:\Users\KathTristan\Desktop\Caspian-Gull-B-1stw-Seaton-Common-30112011-7.jpg
[2012/02/07 09:22:59 | 000,018,828 | ---- | M] () -- C:\Users\KathTristan\Desktop\_58334605_harlequinharmoniaaxyridismatingmikemajerus.jpg

========== Files Created - No Company Name ==========

[2012/03/07 07:33:29 | 000,002,600 | ---- | C] () -- C:\{7AF810F8-077F-4444-A7AD-48F65DD0C07F}
[2012/03/06 09:13:26 | 000,182,374 | ---- | C] () -- C:\Users\KathTristan\Desktop\BigBirdRaceTeam.jpg
[2012/03/05 20:08:39 | 000,165,376 | ---- | C] () -- C:\Users\KathTristan\Desktop\SystemLook_x64.exe
[2012/03/05 14:04:36 | 003,036,613 | ---- | C] () -- C:\Users\KathTristan\Desktop\Haweswater Mile 8.jpg
[2012/03/02 08:12:12 | 000,182,060 | ---- | C] () -- C:\Users\KathTristan\Desktop\ExpensesTReid.JPG
[2012/03/01 20:59:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/01 20:59:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/01 20:59:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/01 20:59:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/01 20:59:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/01 19:38:06 | 000,000,512 | ---- | C] () -- C:\Users\KathTristan\Desktop\MBR.dat
[2012/02/29 22:36:35 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/02/29 22:33:41 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/28 11:23:43 | 000,001,250 | ---- | C] () -- C:\Users\KathTristan\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/02/28 11:23:43 | 000,001,226 | ---- | C] () -- C:\Users\KathTristan\Desktop\Spybot - Search & Destroy.lnk
[2012/02/28 10:30:56 | 000,002,969 | ---- | C] () -- C:\Users\KathTristan\Desktop\HiJackThis (2).lnk
[2012/02/28 10:27:11 | 000,003,003 | ---- | C] () -- C:\Users\KathTristan\Desktop\HiJackThis.lnk
[2012/02/23 13:11:51 | 010,577,547 | ---- | C] () -- C:\Users\KathTristan\Desktop\Bonaparte's Gull - Drain Bay (98).jpg
[2012/02/21 10:28:43 | 002,341,512 | ---- | C] () -- C:\Users\KathTristan\Desktop\Millom proposed works 2011 vBBS Route TREID.jpg
[2012/02/19 18:34:47 | 000,000,033 | ---- | C] () -- C:\Windows\SysWow64\deck.ini
[2012/02/19 18:33:55 | 000,000,384 | ---- | C] () -- C:\Windows\SysWow64\checkOS.bat
[2012/02/19 09:48:29 | 000,002,066 | ---- | C] () -- C:\Users\KathTristan\Desktop\Deckadance.lnk
[2012/02/19 09:46:12 | 000,001,106 | ---- | C] () -- C:\Users\KathTristan\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2012/02/19 09:45:19 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\FL Studio 10.lnk
[2012/02/19 09:42:51 | 000,690,474 | ---- | C] ( ) -- C:\Windows\SysWow64\adbcnsl.exe
[2012/02/15 17:18:48 | 000,290,116 | ---- | C] () -- C:\Users\KathTristan\Desktop\HumesLeafWarbler13feb2012KatwijkHolland2.mp3
[2012/02/15 17:18:41 | 001,385,169 | ---- | C] () -- C:\Users\KathTristan\Desktop\HumesLeafWarbler13feb2012KatwijkHolland.mp3
[2012/02/10 19:12:26 | 000,568,645 | ---- | C] () -- C:\Users\KathTristan\Desktop\img026.jpg
[2012/02/10 19:12:26 | 000,475,788 | ---- | C] () -- C:\Users\KathTristan\Desktop\img027.jpg
[2012/02/10 19:12:25 | 000,652,222 | ---- | C] () -- C:\Users\KathTristan\Desktop\img024.jpg
[2012/02/10 19:12:25 | 000,532,072 | ---- | C] () -- C:\Users\KathTristan\Desktop\img023.jpg
[2012/02/10 19:12:25 | 000,471,426 | ---- | C] () -- C:\Users\KathTristan\Desktop\img021.jpg
[2012/02/10 19:12:25 | 000,459,804 | ---- | C] () -- C:\Users\KathTristan\Desktop\img022.jpg
[2012/02/10 19:12:25 | 000,457,051 | ---- | C] () -- C:\Users\KathTristan\Desktop\img025.jpg
[2012/02/10 19:12:25 | 000,432,070 | ---- | C] () -- C:\Users\KathTristan\Desktop\img020.jpg
[2012/02/10 18:34:56 | 000,525,034 | ---- | C] () -- C:\Users\KathTristan\Desktop\img028.jpg
[2012/02/10 18:34:56 | 000,522,873 | ---- | C] () -- C:\Users\KathTristan\Desktop\img032.jpg
[2012/02/10 18:34:56 | 000,480,727 | ---- | C] () -- C:\Users\KathTristan\Desktop\img031.jpg
[2012/02/10 18:34:56 | 000,475,350 | ---- | C] () -- C:\Users\KathTristan\Desktop\img030.jpg
[2012/02/10 18:34:56 | 000,439,473 | ---- | C] () -- C:\Users\KathTristan\Desktop\img029.jpg
[2012/02/10 18:29:14 | 000,568,862 | ---- | C] () -- C:\Users\KathTristan\Desktop\img018.jpg
[2012/02/10 18:29:14 | 000,507,217 | ---- | C] () -- C:\Users\KathTristan\Desktop\img019.jpg
[2012/02/10 18:29:14 | 000,491,299 | ---- | C] () -- C:\Users\KathTristan\Desktop\img017.jpg
[2012/02/10 18:29:13 | 000,521,740 | ---- | C] () -- C:\Users\KathTristan\Desktop\img015.jpg
[2012/02/10 16:39:52 | 001,979,193 | ---- | C] () -- C:\Users\KathTristan\Desktop\img012.jpg
[2012/02/10 16:39:51 | 002,393,997 | ---- | C] () -- C:\Users\KathTristan\Desktop\img011.jpg
[2012/02/10 16:39:51 | 002,219,748 | ---- | C] () -- C:\Users\KathTristan\Desktop\img009.jpg
[2012/02/10 16:39:51 | 001,789,502 | ---- | C] () -- C:\Users\KathTristan\Desktop\img008.jpg
[2012/02/10 16:39:50 | 002,132,644 | ---- | C] () -- C:\Users\KathTristan\Desktop\img007.jpg
[2012/02/10 16:39:50 | 001,954,383 | ---- | C] () -- C:\Users\KathTristan\Desktop\img003.jpg
[2012/02/09 16:48:59 | 000,046,419 | ---- | C] () -- C:\Users\KathTristan\Desktop\paymentrequisition_tcm7-89169TristanReid.ods
[2012/02/09 16:41:42 | 000,040,327 | ---- | C] () -- C:\Users\KathTristan\Desktop\Your Booking Confirmation 6G6F6794.eml
[2012/02/09 16:41:25 | 000,125,448 | ---- | C] () -- C:\Users\KathTristan\Desktop\LateRooms.com Booking Confirmation - 17237469R.eml
[2012/02/09 16:33:34 | 000,046,182 | ---- | C] () -- C:\Users\KathTristan\Desktop\paymentrequisition_tcm7-89169.ods
[2012/02/09 12:28:48 | 000,019,719 | ---- | C] () -- C:\Users\KathTristan\Desktop\School-of-scalloped-hamme-007.jpg
[2012/02/08 18:14:41 | 000,180,830 | ---- | C] () -- C:\Users\KathTristan\Desktop\Erin Dress Measurements.zip
[2012/02/08 17:09:37 | 000,012,359 | ---- | C] () -- C:\Users\KathTristan\Desktop\Advertising Contacts.ods
[2012/02/08 09:50:19 | 000,097,717 | ---- | C] () -- C:\Users\KathTristan\Desktop\Caspian-Gull-B-1stw-Seaton-Common-30112011-7.jpg
[2012/02/07 09:23:04 | 000,018,828 | ---- | C] () -- C:\Users\KathTristan\Desktop\_58334605_harlequinharmoniaaxyridismatingmikemajerus.jpg
[2012/01/24 21:06:56 | 000,001,456 | ---- | C] () -- C:\Users\KathTristan\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/10/17 13:25:35 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/10/17 13:25:34 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/10/17 13:25:33 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/10/17 13:25:33 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/10/17 13:25:32 | 013,356,032 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 981 bytes -> C:\Users\KathTristan\Desktop\Your Booking Confirmation 6G6F6794.eml:OECustomProperty
@Alternate Data Stream - 949 bytes -> C:\Users\KathTristan\Desktop\LateRooms.com Booking Confirmation - 17237469R.eml:OECustomProperty
@Alternate Data Stream - 705 bytes -> C:\Users\KathTristan\Desktop\Birecik.eml:OECustomProperty

< End of report >


----------



## binocularface (Feb 28, 2012)

Here is the first one:

OTL logfile created on: 07/03/2012 19:50:33 - Run 2
OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\KathTristan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.95 Gb Total Physical Memory | 3.98 Gb Available Physical Memory | 67.02% Memory free
11.89 Gb Paging File | 9.86 Gb Available in Paging File | 82.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457.45 Gb Total Space | 378.83 Gb Free Space | 82.81% Space Free | Partition Type: NTFS
Drive D: | 457.96 Gb Total Space | 457.83 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
Drive E: | 612.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: KATHTRISTAN-PC | User Name: KathTristan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/07 16:26:50 | 000,372,736 | ---- | M] ( ) -- C:\Windows\temp\mrt498D.tmp\stdrt.exe
PRC - [2012/03/02 06:56:14 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\KathTristan\Desktop\OTL.exe
PRC - [2011/10/12 10:22:02 | 000,218,408 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2011/10/12 10:22:01 | 000,321,832 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
PRC - [2011/10/12 10:22:00 | 000,214,312 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
PRC - [2011/08/31 10:35:01 | 000,185,640 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
PRC - [2011/08/11 03:58:26 | 000,627,304 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2011/06/06 19:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/30 02:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2011/04/22 16:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2011/04/17 00:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccsvchst.exe
PRC - [2011/01/18 03:08:58 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/18 03:08:58 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/12/20 10:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 10:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/11/06 07:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/05/04 19:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

========== Modules (No Company Name) ==========

MOD - [2012/01/23 19:54:29 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/10/12 10:22:01 | 000,321,832 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
MOD - [2011/10/12 10:22:00 | 000,370,984 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2011/08/11 03:58:26 | 000,627,304 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2011/08/11 03:57:22 | 000,151,656 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll

========== Win32 Services (SafeList) ==========

SRV:*64bit:* - [2011/08/11 23:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:*64bit:* - [2011/04/22 16:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:*64bit:* - [2010/09/23 01:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:*64bit:* - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/02/19 09:42:51 | 000,690,474 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysWOW64\adbcnsl.exe -- (Adobe Licensing Console)
SRV - [2011/06/21 19:55:04 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2011/06/06 19:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/30 02:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011/04/17 00:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe -- (N360)
SRV - [2010/12/20 10:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/12/20 10:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/11/06 07:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/05/04 19:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2012/01/23 19:28:29 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:*64bit:* - [2011/10/17 13:39:44 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:*64bit:* - [2011/10/17 13:39:44 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:*64bit:* - [2011/10/17 13:39:44 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:*64bit:* - [2011/07/22 16:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:*64bit:* - [2011/07/14 05:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2011/07/14 05:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2011/07/12 21:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:*64bit:* - [2011/07/06 12:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:*64bit:* - [2011/04/21 01:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symnets.sys -- (SymNetS)
DRV:*64bit:* - [2011/04/10 03:51:06 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:*64bit:* - [2011/03/31 03:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\srtsp64.sys -- (SRTSP)
DRV:*64bit:* - [2011/03/31 03:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:*64bit:* - [2011/03/15 02:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symefa64.sys -- (SymEFA)
DRV:*64bit:* - [2011/01/27 06:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symds64.sys -- (SymDS)
DRV:*64bit:* - [2010/12/20 18:31:00 | 000,316,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R)
DRV:*64bit:* - [2010/11/21 03:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2010/11/21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2010/11/21 03:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:*64bit:* - [2010/11/16 00:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\ironx64.sys -- (SymIRON)
DRV:*64bit:* - [2010/11/06 07:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:*64bit:* - [2010/10/19 08:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:*64bit:* - [2010/10/14 17:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:*64bit:* - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/06/10 20:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:*64bit:* - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:*64bit:* - [2009/05/08 11:08:00 | 000,020,520 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV - [2012/03/06 16:04:10 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20120306.002\IDSviA64.sys -- (IDSVia64)
DRV - [2012/03/02 18:58:01 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20120302.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/02/18 18:15:55 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20120306.036\EX64.SYS -- (NAVEX15)
DRV - [2012/02/18 18:15:55 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20120306.036\ENG64.SYS -- (NAVENG)
DRV - [2012/02/04 19:28:52 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/02/04 19:28:52 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\KathTristan\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\KathTristan\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\IPSFFPlgn\ [2012/02/18 18:11:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\coFFPlgn_2011_7_5_2 [2012/03/07 16:27:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/21 17:33:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2012/01/23 19:29:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KathTristan\AppData\Roaming\Mozilla\Extensions
[2012/03/05 20:05:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KathTristan\AppData\Roaming\Mozilla\Firefox\extensions
[2012/01/24 22:42:28 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\USERS\KATHTRISTAN\APPDATA\ROAMING\THUNDERBIRD\PROFILES\E9NA3W38.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\KATHTRISTAN\APPDATA\ROAMING\THUNDERBIRD\PROFILES\E9NA3W38.DEFAULT\EXTENSIONS\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\KathTristan\AppData\Local\Google\Chrome\Application\17.0.963.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\KathTristan\AppData\Local\Google\Chrome\Application\17.0.963.66\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\KathTristan\AppData\Local\Google\Chrome\Application\17.0.963.66\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\KathTristan\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\KathTristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: AddThis - Share & Bookmark (new) = C:\Users\KathTristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\2.9.5_0\
CHR - Extension: Google Search = C:\Users\KathTristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Gmail = C:\Users\KathTristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/03/06 13:21:00 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O4:*64bit:* - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:*64bit:* - HKLM..\Run: [EKAIO2StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKAiO2MUI.exe (Eastman Kodak Company)
O4:*64bit:* - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\KathTristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8671C30-CFA5-45E6-957C-6D6528B554C5}: DhcpNameServer = 192.168.1.254
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/06 22:46:35 | 000,000,040 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/06 14:15:43 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/06 13:19:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/05 20:05:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/05 14:02:58 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Local\{F2B94E37-75F4-4270-9E39-0E3A1DA3D0C8}
[2012/03/05 14:02:48 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Local\{16F1AF43-06F0-49E2-A6A9-7358D8A3D959}
[2012/03/02 06:56:20 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\KathTristan\Desktop\OTL.exe
[2012/03/01 20:59:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/01 20:59:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/01 20:59:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/01 20:59:51 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/01 20:58:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/29 22:36:48 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Roaming\SUPERAntiSpyware.com
[2012/02/29 22:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/02/29 22:36:32 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/02/29 22:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/02/29 22:33:47 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Roaming\Malwarebytes
[2012/02/29 22:33:41 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/02/29 22:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/29 22:33:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/02/29 22:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/28 11:23:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/02/28 11:23:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/02/28 11:23:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/02/28 10:48:56 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\KathTristan\Desktop\dds.com
[2012/02/28 10:27:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/02/28 10:27:11 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/02/27 16:57:40 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Local\{0756F7BF-D790-4FE4-A9A6-FEBE7FEE4044}
[2012/02/27 16:57:30 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Local\{0D35CABB-247D-41FC-A518-BDAEFAD24F67}
[2012/02/26 23:01:50 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/02/26 19:27:25 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\Desktop\Kumlien's etc Hartlepool
[2012/02/25 15:11:27 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/02/24 14:25:16 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\Desktop\Snowfinch
[2012/02/19 20:15:12 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Local\{A903543A-3A4D-4F36-BF0C-31EFE20E9C02}
[2012/02/19 20:15:02 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Local\{6C4C167E-61BB-4EB3-B736-2475F6C750C9}
[2012/02/19 18:45:02 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\Desktop\Red-breasted Goose etc
[2012/02/19 10:34:36 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/19 10:34:36 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/19 10:34:35 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/02/19 10:34:35 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/19 10:34:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/19 10:34:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/19 10:34:34 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/02/19 10:34:34 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/02/19 10:34:34 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/02/19 10:34:34 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/19 10:34:34 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/19 09:49:02 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Local\CrashDumps
[2012/02/19 09:48:33 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Roaming\SongManager
[2012/02/19 09:46:12 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
[2012/02/19 09:45:20 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\rewire.dll
[2012/02/19 09:45:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VstPlugins
[2012/02/19 09:45:13 | 001,554,944 | ---- | C] (HMS http://hp.vector.co.jp/authors/VA012897/) -- C:\Windows\SysWow64\vorbis.acm
[2012/02/19 09:45:13 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
[2012/02/19 09:45:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
[2012/02/19 09:43:36 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Roaming\MMFApplications
[2012/02/19 07:51:54 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/02/19 07:51:52 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/02/19 07:51:52 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/02/19 07:51:28 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/13 22:14:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASIO4ALL v2
[2012/02/13 18:33:43 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\Documents\Image-Line
[2012/02/13 18:33:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Outsim
[2012/02/13 18:32:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Image-Line
[2012/02/12 17:05:28 | 000,000,000 | ---D | C] -- C:\ProgramData\RosettaStoneLtdServices
[2012/02/08 11:06:06 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Local\Diagnostics

========== Files - Modified Within 30 Days ==========

[2012/03/07 19:49:58 | 000,000,033 | ---- | M] () -- C:\Windows\SysWow64\deck.ini
[2012/03/07 19:37:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2697856359-3395195805-1778775960-1001UA.job
[2012/03/07 19:30:00 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\Acer Registration - Reminder Recall task.job
[2012/03/07 16:34:27 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/07 16:34:27 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/07 16:26:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/07 16:26:40 | 492,822,527 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/07 07:37:47 | 000,002,441 | ---- | M] () -- C:\Users\KathTristan\Desktop\Google Chrome.lnk
[2012/03/07 07:37:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2697856359-3395195805-1778775960-1001Core.job
[2012/03/07 07:33:30 | 000,002,600 | ---- | M] () -- C:\{7AF810F8-077F-4444-A7AD-48F65DD0C07F}
[2012/03/06 16:42:30 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/06 16:42:30 | 000,628,024 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/06 16:42:30 | 000,110,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/06 13:21:00 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/06 09:13:27 | 000,182,374 | ---- | M] () -- C:\Users\KathTristan\Desktop\BigBirdRaceTeam.jpg
[2012/03/05 20:08:40 | 000,165,376 | ---- | M] () -- C:\Users\KathTristan\Desktop\SystemLook_x64.exe
[2012/03/05 20:06:00 | 010,363,220 | ---- | M] () -- C:\Users\KathTristan\Desktop\Birecik.eml
[2012/03/05 20:05:59 | 000,125,448 | ---- | M] () -- C:\Users\KathTristan\Desktop\LateRooms.com Booking Confirmation - 17237469R.eml
[2012/03/05 20:05:56 | 000,040,327 | ---- | M] () -- C:\Users\KathTristan\Desktop\Your Booking Confirmation 6G6F6794.eml
[2012/03/05 14:01:58 | 003,036,613 | ---- | M] () -- C:\Users\KathTristan\Desktop\Haweswater Mile 8.jpg
[2012/03/02 08:12:12 | 000,182,060 | ---- | M] () -- C:\Users\KathTristan\Desktop\ExpensesTReid.JPG
[2012/03/02 06:56:14 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\KathTristan\Desktop\OTL.exe
[2012/03/01 19:38:06 | 000,000,512 | ---- | M] () -- C:\Users\KathTristan\Desktop\MBR.dat
[2012/02/29 22:36:35 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/02/29 22:33:41 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/28 11:23:43 | 000,001,250 | ---- | M] () -- C:\Users\KathTristan\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/02/28 11:23:43 | 000,001,226 | ---- | M] () -- C:\Users\KathTristan\Desktop\Spybot - Search & Destroy.lnk
[2012/02/28 10:48:45 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\KathTristan\Desktop\dds.com
[2012/02/28 10:30:56 | 000,002,969 | ---- | M] () -- C:\Users\KathTristan\Desktop\HiJackThis (2).lnk
[2012/02/28 10:27:11 | 000,003,003 | ---- | M] () -- C:\Users\KathTristan\Desktop\HiJackThis.lnk
[2012/02/27 16:52:59 | 000,001,456 | ---- | M] () -- C:\Users\KathTristan\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/02/23 13:11:56 | 010,577,547 | ---- | M] () -- C:\Users\KathTristan\Desktop\Bonaparte's Gull - Drain Bay (98).jpg
[2012/02/21 10:28:47 | 002,341,512 | ---- | M] () -- C:\Users\KathTristan\Desktop\Millom proposed works 2011 vBBS Route TREID.jpg
[2012/02/20 07:19:32 | 004,855,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/19 18:33:55 | 000,000,384 | ---- | M] () -- C:\Windows\SysWow64\checkOS.bat
[2012/02/19 09:48:29 | 000,002,066 | ---- | M] () -- C:\Users\KathTristan\Desktop\Deckadance.lnk
[2012/02/19 09:46:12 | 000,001,106 | ---- | M] () -- C:\Users\KathTristan\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2012/02/19 09:45:19 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\FL Studio 10.lnk
[2012/02/19 09:42:51 | 000,690,474 | ---- | M] ( ) -- C:\Windows\SysWow64\adbcnsl.exe
[2012/02/15 17:18:48 | 000,290,116 | ---- | M] () -- C:\Users\KathTristan\Desktop\HumesLeafWarbler13feb2012KatwijkHolland2.mp3
[2012/02/15 17:18:41 | 001,385,169 | ---- | M] () -- C:\Users\KathTristan\Desktop\HumesLeafWarbler13feb2012KatwijkHolland.mp3
[2012/02/10 19:12:26 | 000,568,645 | ---- | M] () -- C:\Users\KathTristan\Desktop\img026.jpg
[2012/02/10 19:12:26 | 000,475,788 | ---- | M] () -- C:\Users\KathTristan\Desktop\img027.jpg
[2012/02/10 19:12:26 | 000,457,051 | ---- | M] () -- C:\Users\KathTristan\Desktop\img025.jpg
[2012/02/10 19:12:25 | 000,652,222 | ---- | M] () -- C:\Users\KathTristan\Desktop\img024.jpg
[2012/02/10 19:12:25 | 000,532,072 | ---- | M] () -- C:\Users\KathTristan\Desktop\img023.jpg
[2012/02/10 19:12:25 | 000,471,426 | ---- | M] () -- C:\Users\KathTristan\Desktop\img021.jpg
[2012/02/10 19:12:25 | 000,459,804 | ---- | M] () -- C:\Users\KathTristan\Desktop\img022.jpg
[2012/02/10 19:12:25 | 000,432,070 | ---- | M] () -- C:\Users\KathTristan\Desktop\img020.jpg
[2012/02/10 18:34:56 | 000,525,034 | ---- | M] () -- C:\Users\KathTristan\Desktop\img028.jpg
[2012/02/10 18:34:56 | 000,522,873 | ---- | M] () -- C:\Users\KathTristan\Desktop\img032.jpg
[2012/02/10 18:34:56 | 000,480,727 | ---- | M] () -- C:\Users\KathTristan\Desktop\img031.jpg
[2012/02/10 18:34:56 | 000,475,350 | ---- | M] () -- C:\Users\KathTristan\Desktop\img030.jpg
[2012/02/10 18:34:56 | 000,439,473 | ---- | M] () -- C:\Users\KathTristan\Desktop\img029.jpg
[2012/02/10 18:29:14 | 000,568,862 | ---- | M] () -- C:\Users\KathTristan\Desktop\img018.jpg
[2012/02/10 18:29:14 | 000,507,217 | ---- | M] () -- C:\Users\KathTristan\Desktop\img019.jpg
[2012/02/10 18:29:14 | 000,491,299 | ---- | M] () -- C:\Users\KathTristan\Desktop\img017.jpg
[2012/02/10 18:29:13 | 000,521,740 | ---- | M] () -- C:\Users\KathTristan\Desktop\img015.jpg
[2012/02/10 16:39:52 | 002,393,997 | ---- | M] () -- C:\Users\KathTristan\Desktop\img011.jpg
[2012/02/10 16:39:52 | 001,979,193 | ---- | M] () -- C:\Users\KathTristan\Desktop\img012.jpg
[2012/02/10 16:39:51 | 002,219,748 | ---- | M] () -- C:\Users\KathTristan\Desktop\img009.jpg
[2012/02/10 16:39:51 | 002,132,644 | ---- | M] () -- C:\Users\KathTristan\Desktop\img007.jpg
[2012/02/10 16:39:51 | 001,954,383 | ---- | M] () -- C:\Users\KathTristan\Desktop\img003.jpg
[2012/02/10 16:39:51 | 001,789,502 | ---- | M] () -- C:\Users\KathTristan\Desktop\img008.jpg
[2012/02/09 17:21:09 | 000,046,419 | ---- | M] () -- C:\Users\KathTristan\Desktop\paymentrequisition_tcm7-89169TristanReid.ods
[2012/02/09 16:33:37 | 000,046,182 | ---- | M] () -- C:\Users\KathTristan\Desktop\paymentrequisition_tcm7-89169.ods
[2012/02/09 12:28:42 | 000,019,719 | ---- | M] () -- C:\Users\KathTristan\Desktop\School-of-scalloped-hamme-007.jpg
[2012/02/08 18:14:41 | 000,180,830 | ---- | M] () -- C:\Users\KathTristan\Desktop\Erin Dress Measurements.zip
[2012/02/08 17:09:38 | 000,012,359 | ---- | M] () -- C:\Users\KathTristan\Desktop\Advertising Contacts.ods
[2012/02/08 09:50:13 | 000,097,717 | ---- | M] () -- C:\Users\KathTristan\Desktop\Caspian-Gull-B-1stw-Seaton-Common-30112011-7.jpg
[2012/02/07 09:22:59 | 000,018,828 | ---- | M] () -- C:\Users\KathTristan\Desktop\_58334605_harlequinharmoniaaxyridismatingmikemajerus.jpg

========== Files Created - No Company Name ==========

[2012/03/07 07:33:29 | 000,002,600 | ---- | C] () -- C:\{7AF810F8-077F-4444-A7AD-48F65DD0C07F}
[2012/03/06 09:13:26 | 000,182,374 | ---- | C] () -- C:\Users\KathTristan\Desktop\BigBirdRaceTeam.jpg
[2012/03/05 20:08:39 | 000,165,376 | ---- | C] () -- C:\Users\KathTristan\Desktop\SystemLook_x64.exe
[2012/03/05 14:04:36 | 003,036,613 | ---- | C] () -- C:\Users\KathTristan\Desktop\Haweswater Mile 8.jpg
[2012/03/02 08:12:12 | 000,182,060 | ---- | C] () -- C:\Users\KathTristan\Desktop\ExpensesTReid.JPG
[2012/03/01 20:59:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/01 20:59:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/01 20:59:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/01 20:59:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/01 20:59:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/01 19:38:06 | 000,000,512 | ---- | C] () -- C:\Users\KathTristan\Desktop\MBR.dat
[2012/02/29 22:36:35 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/02/29 22:33:41 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/28 11:23:43 | 000,001,250 | ---- | C] () -- C:\Users\KathTristan\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/02/28 11:23:43 | 000,001,226 | ---- | C] () -- C:\Users\KathTristan\Desktop\Spybot - Search & Destroy.lnk
[2012/02/28 10:30:56 | 000,002,969 | ---- | C] () -- C:\Users\KathTristan\Desktop\HiJackThis (2).lnk
[2012/02/28 10:27:11 | 000,003,003 | ---- | C] () -- C:\Users\KathTristan\Desktop\HiJackThis.lnk
[2012/02/23 13:11:51 | 010,577,547 | ---- | C] () -- C:\Users\KathTristan\Desktop\Bonaparte's Gull - Drain Bay (98).jpg
[2012/02/21 10:28:43 | 002,341,512 | ---- | C] () -- C:\Users\KathTristan\Desktop\Millom proposed works 2011 vBBS Route TREID.jpg
[2012/02/19 18:34:47 | 000,000,033 | ---- | C] () -- C:\Windows\SysWow64\deck.ini
[2012/02/19 18:33:55 | 000,000,384 | ---- | C] () -- C:\Windows\SysWow64\checkOS.bat
[2012/02/19 09:48:29 | 000,002,066 | ---- | C] () -- C:\Users\KathTristan\Desktop\Deckadance.lnk
[2012/02/19 09:46:12 | 000,001,106 | ---- | C] () -- C:\Users\KathTristan\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2012/02/19 09:45:19 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\FL Studio 10.lnk
[2012/02/19 09:42:51 | 000,690,474 | ---- | C] ( ) -- C:\Windows\SysWow64\adbcnsl.exe
[2012/02/15 17:18:48 | 000,290,116 | ---- | C] () -- C:\Users\KathTristan\Desktop\HumesLeafWarbler13feb2012KatwijkHolland2.mp3
[2012/02/15 17:18:41 | 001,385,169 | ---- | C] () -- C:\Users\KathTristan\Desktop\HumesLeafWarbler13feb2012KatwijkHolland.mp3
[2012/02/10 19:12:26 | 000,568,645 | ---- | C] () -- C:\Users\KathTristan\Desktop\img026.jpg
[2012/02/10 19:12:26 | 000,475,788 | ---- | C] () -- C:\Users\KathTristan\Desktop\img027.jpg
[2012/02/10 19:12:25 | 000,652,222 | ---- | C] () -- C:\Users\KathTristan\Desktop\img024.jpg
[2012/02/10 19:12:25 | 000,532,072 | ---- | C] () -- C:\Users\KathTristan\Desktop\img023.jpg
[2012/02/10 19:12:25 | 000,471,426 | ---- | C] () -- C:\Users\KathTristan\Desktop\img021.jpg
[2012/02/10 19:12:25 | 000,459,804 | ---- | C] () -- C:\Users\KathTristan\Desktop\img022.jpg
[2012/02/10 19:12:25 | 000,457,051 | ---- | C] () -- C:\Users\KathTristan\Desktop\img025.jpg
[2012/02/10 19:12:25 | 000,432,070 | ---- | C] () -- C:\Users\KathTristan\Desktop\img020.jpg
[2012/02/10 18:34:56 | 000,525,034 | ---- | C] () -- C:\Users\KathTristan\Desktop\img028.jpg
[2012/02/10 18:34:56 | 000,522,873 | ---- | C] () -- C:\Users\KathTristan\Desktop\img032.jpg
[2012/02/10 18:34:56 | 000,480,727 | ---- | C] () -- C:\Users\KathTristan\Desktop\img031.jpg
[2012/02/10 18:34:56 | 000,475,350 | ---- | C] () -- C:\Users\KathTristan\Desktop\img030.jpg
[2012/02/10 18:34:56 | 000,439,473 | ---- | C] () -- C:\Users\KathTristan\Desktop\img029.jpg
[2012/02/10 18:29:14 | 000,568,862 | ---- | C] () -- C:\Users\KathTristan\Desktop\img018.jpg
[2012/02/10 18:29:14 | 000,507,217 | ---- | C] () -- C:\Users\KathTristan\Desktop\img019.jpg
[2012/02/10 18:29:14 | 000,491,299 | ---- | C] () -- C:\Users\KathTristan\Desktop\img017.jpg
[2012/02/10 18:29:13 | 000,521,740 | ---- | C] () -- C:\Users\KathTristan\Desktop\img015.jpg
[2012/02/10 16:39:52 | 001,979,193 | ---- | C] () -- C:\Users\KathTristan\Desktop\img012.jpg
[2012/02/10 16:39:51 | 002,393,997 | ---- | C] () -- C:\Users\KathTristan\Desktop\img011.jpg
[2012/02/10 16:39:51 | 002,219,748 | ---- | C] () -- C:\Users\KathTristan\Desktop\img009.jpg
[2012/02/10 16:39:51 | 001,789,502 | ---- | C] () -- C:\Users\KathTristan\Desktop\img008.jpg
[2012/02/10 16:39:50 | 002,132,644 | ---- | C] () -- C:\Users\KathTristan\Desktop\img007.jpg
[2012/02/10 16:39:50 | 001,954,383 | ---- | C] () -- C:\Users\KathTristan\Desktop\img003.jpg
[2012/02/09 16:48:59 | 000,046,419 | ---- | C] () -- C:\Users\KathTristan\Desktop\paymentrequisition_tcm7-89169TristanReid.ods
[2012/02/09 16:41:42 | 000,040,327 | ---- | C] () -- C:\Users\KathTristan\Desktop\Your Booking Confirmation 6G6F6794.eml
[2012/02/09 16:41:25 | 000,125,448 | ---- | C] () -- C:\Users\KathTristan\Desktop\LateRooms.com Booking Confirmation - 17237469R.eml
[2012/02/09 16:33:34 | 000,046,182 | ---- | C] () -- C:\Users\KathTristan\Desktop\paymentrequisition_tcm7-89169.ods
[2012/02/09 12:28:48 | 000,019,719 | ---- | C] () -- C:\Users\KathTristan\Desktop\School-of-scalloped-hamme-007.jpg
[2012/02/08 18:14:41 | 000,180,830 | ---- | C] () -- C:\Users\KathTristan\Desktop\Erin Dress Measurements.zip
[2012/02/08 17:09:37 | 000,012,359 | ---- | C] () -- C:\Users\KathTristan\Desktop\Advertising Contacts.ods
[2012/02/08 09:50:19 | 000,097,717 | ---- | C] () -- C:\Users\KathTristan\Desktop\Caspian-Gull-B-1stw-Seaton-Common-30112011-7.jpg
[2012/02/07 09:23:04 | 000,018,828 | ---- | C] () -- C:\Users\KathTristan\Desktop\_58334605_harlequinharmoniaaxyridismatingmikemajerus.jpg
[2012/01/24 21:06:56 | 000,001,456 | ---- | C] () -- C:\Users\KathTristan\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/10/17 13:25:35 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/10/17 13:25:34 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/10/17 13:25:33 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/10/17 13:25:33 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/10/17 13:25:32 | 013,356,032 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2011/10/17 13:29:30 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/03/06 13:24:02 | 000,020,960 | ---- | M] () -- C:\ComboFix.txt
[2012/03/07 16:26:40 | 492,822,527 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/07 16:26:46 | 2088,755,199 | -HS- | M] () -- C:\pagefile.sys
[2012/03/01 19:35:47 | 000,080,364 | ---- | M] () -- C:\TDSSKiller.2.7.17.0_01.03.2012_19.33.45_log.txt
[2012/03/07 07:33:30 | 000,002,600 | ---- | M] () -- C:\{7AF810F8-077F-4444-A7AD-48F65DD0C07F}

< %windir%\system32\tasks\*.* >

< MD5 for: ADBCNSL.EXE >
[2012/02/19 09:42:51 | 000,690,474 | ---- | M] ( ) MD5=5204C43D66C95C89DB0FF54F08A0A85B -- C:\Users\KathTristan\AppData\Local\Temp\adbcnsl.exe
[2012/02/19 09:42:51 | 000,690,474 | ---- | M] ( ) MD5=5204C43D66C95C89DB0FF54F08A0A85B -- C:\Windows\SysWOW64\adbcnsl.exe

< MD5 for: AGP440.SYS >
[2009/07/14 01:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 01:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 01:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: AHCIX86S.SYS >
[2010/09/24 01:48:00 | 000,222,288 | ---- | M] (Advanced Micro Devices, Inc) MD5=A3F4FEE7E8C40242FD6CD77DAE51370F -- C:\OEM\Preload\Autorun\DRV\AMD VGA Generic Driver\Packages\Drivers\SBDrv\SB8xx\RAID\W7\ahcix86s.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 01:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll
[2009/07/14 01:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 01:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 01:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll
[2009/07/14 01:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 01:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2010/11/06 07:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010/11/06 07:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_710b330fb3531234\iaStor.sys

< MD5 for: IASTORV.SYS >
[2010/11/21 03:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/21 03:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/07/14 05:35:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/07/14 05:35:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/07/14 05:35:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/07/14 05:35:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2010/11/21 03:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\ERDNT\cache64\netlogon.dll
[2010/11/21 03:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/21 03:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/21 03:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache86\netlogon.dll
[2010/11/21 03:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/21 03:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2011/07/14 05:35:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/07/14 05:35:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/07/14 05:35:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/07/14 05:35:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/21 03:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/21 03:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2010/11/21 03:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache86\scecli.dll
[2010/11/21 03:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/21 03:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/21 03:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\ERDNT\cache64\scecli.dll
[2010/11/21 03:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/21 03:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SECDRV.SYS >
[2009/06/10 20:37:19 | 000,023,040 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) MD5=3EA8A16169C26AFBEB544E0E48421186 -- C:\Windows\SysNative\drivers\secdrv.sys
[2009/06/10 20:37:19 | 000,023,040 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) MD5=3EA8A16169C26AFBEB544E0E48421186 -- C:\Windows\winsxs\amd64_macrovision-protection-safedisc_31bf3856ad364e35_6.1.7600.16385_none_b9a1c8f4d6f69273\secdrv.sys

< MD5 for: STDRT.EXE >
[2012/03/06 14:15:42 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\temp\mrt43D2.tmp\stdrt.exe
[2012/03/06 15:48:10 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\temp\mrt43E2.tmp\stdrt.exe
[2012/03/06 17:55:14 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\temp\mrt4597.tmp\stdrt.exe
[2012/03/06 13:20:24 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\temp\mrt4604.tmp\stdrt.exe
[2012/03/07 16:26:50 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\temp\mrt498D.tmp\stdrt.exe
[2012/03/07 09:20:43 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\temp\mrt4A58.tmp\stdrt.exe
[2012/03/07 14:45:15 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\temp\mrt5070.tmp\stdrt.exe
[2012/03/07 06:45:48 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\temp\mrt5188.tmp\stdrt.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 981 bytes -> C:\Users\KathTristan\Desktop\Your Booking Confirmation 6G6F6794.eml:OECustomProperty
@Alternate Data Stream - 949 bytes -> C:\Users\KathTristan\Desktop\LateRooms.com Booking Confirmation - 17237469R.eml:OECustomProperty
@Alternate Data Stream - 705 bytes -> C:\Users\KathTristan\Desktop\Birecik.eml:OECustomProperty

< End of report >


----------



## eddie5659 (Mar 19, 2001)

Okay, there is something that may work, but before we start lets create a restore point and a backup:

Go to Control Panel and open up System.

In there, in the left pane, click *System protection*.
Click the *System Protection* tab, and then click *Create*.
In the *System Protection* dialog box, type a description, and then click *Create.*

Then, lets make a backup of the registry:

*Backing Up Your Registry*
Download *ERUNT* 
_(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)_
Install *ERUNT* by following the prompts
_(use the default install settings but say no to the portion that asks you to add *ERUNT* to the start-up folder, if you like you can enable this option later)_
Start *ERUNT*
_(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)_
Choose a location for the backup
_(the default location is C:\WINDOWS\ERDNT which is acceptable)._
Make sure that at least the first two check boxes are ticked
Press *OK*
Press *YES* to create the folder.










-------

Then, can you save this for me, and upload them as follows:

Download suspicious file packer from http://www.safer-networking.org/en/tools/index.html (direct download http://www.safer-networking.org/files/sfp.zip )

Unzip it to desktop, open it & paste in the contents of the quote box below, press next & it will create an archive (zip/cab file) on desktop

please upload that to http://www.thespykiller.co.uk/index.php?board=1.0 so we can examine the files

Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the windows press send to upload the file



> *
> C:\Users\KathTristan\AppData\Local\Temp\adbcnsl.exe
> C:\Windows\SysWOW64\adbcnsl.exe
> C:\Windows\temp\mrt43D2.tmp\stdrt.exe
> *


Let me know when they're uploaded 

If some can't be found, do the ones you can, and let me know which ones didn't upload 

-------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open *notepad* and copy/paste the text in the quotebox below into it:



> File::
> C:\Users\KathTristan\AppData\Local\Temp\adbcnsl.exe
> C:\Windows\SysWOW64\adbcnsl.exe
> Folder::
> ...


Save this as *CFScript.txt*, in the same location as ComboFix.exe










Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.

--------

eddie


----------



## binocularface (Feb 28, 2012)

Many thanks Eddie. The uploaded files can be found here:
http://thespykiller.co.uk/index.php?topic=9901.0

Here is the combofix log:

ComboFix 12-03-07.05 - KathTristan 08/03/2012 10:02:04.7.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6088.4194 [GMT 0:00]
Running from: c:\users\KathTristan\Desktop\rugby.exe
Command switches used :: c:\users\KathTristan\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\KathTristan\AppData\Local\Temp\adbcnsl.exe"
"c:\windows\SysWOW64\adbcnsl.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWOW64\adbcnsl.exe
c:\windows\temp\mrt43D2.tmp
c:\windows\temp\mrt43D2.tmp\aviflt.ift
c:\windows\temp\mrt43D2.tmp\bmpflt.ift
c:\windows\temp\mrt43D2.tmp\Download.mfx
c:\windows\temp\mrt43D2.tmp\fliflt.ift
c:\windows\temp\mrt43D2.tmp\Get.mfx
c:\windows\temp\mrt43D2.tmp\gifflt.ift
c:\windows\temp\mrt43D2.tmp\jpgflt.ift
c:\windows\temp\mrt43D2.tmp\kcfile.mfx
c:\windows\temp\mrt43D2.tmp\kcini.mfx
c:\windows\temp\mrt43D2.tmp\kclist.mfx
c:\windows\temp\mrt43D2.tmp\KcWebX.mfx
c:\windows\temp\mrt43D2.tmp\mmfs2.dll
c:\windows\temp\mrt43D2.tmp\pcxflt.ift
c:\windows\temp\mrt43D2.tmp\pngflt.ift
c:\windows\temp\mrt43D2.tmp\Registry2.mfx
c:\windows\temp\mrt43D2.tmp\stdrt.exe
c:\windows\temp\mrt43D2.tmp\tgaflt.ift
c:\windows\temp\mrt43D2.tmp\volume.mfx
c:\windows\temp\mrt43E2.tmp
c:\windows\temp\mrt43E2.tmp\aviflt.ift
c:\windows\temp\mrt43E2.tmp\bmpflt.ift
c:\windows\temp\mrt43E2.tmp\Download.mfx
c:\windows\temp\mrt43E2.tmp\fliflt.ift
c:\windows\temp\mrt43E2.tmp\Get.mfx
c:\windows\temp\mrt43E2.tmp\gifflt.ift
c:\windows\temp\mrt43E2.tmp\jpgflt.ift
c:\windows\temp\mrt43E2.tmp\kcfile.mfx
c:\windows\temp\mrt43E2.tmp\kcini.mfx
c:\windows\temp\mrt43E2.tmp\kclist.mfx
c:\windows\temp\mrt43E2.tmp\KcWebX.mfx
c:\windows\temp\mrt43E2.tmp\mmfs2.dll
c:\windows\temp\mrt43E2.tmp\pcxflt.ift
c:\windows\temp\mrt43E2.tmp\pngflt.ift
c:\windows\temp\mrt43E2.tmp\Registry2.mfx
c:\windows\temp\mrt43E2.tmp\stdrt.exe
c:\windows\temp\mrt43E2.tmp\tgaflt.ift
c:\windows\temp\mrt43E2.tmp\volume.mfx
c:\windows\temp\mrt4597.tmp
c:\windows\temp\mrt4597.tmp\aviflt.ift
c:\windows\temp\mrt4597.tmp\bmpflt.ift
c:\windows\temp\mrt4597.tmp\Download.mfx
c:\windows\temp\mrt4597.tmp\fliflt.ift
c:\windows\temp\mrt4597.tmp\Get.mfx
c:\windows\temp\mrt4597.tmp\gifflt.ift
c:\windows\temp\mrt4597.tmp\jpgflt.ift
c:\windows\temp\mrt4597.tmp\kcfile.mfx
c:\windows\temp\mrt4597.tmp\kcini.mfx
c:\windows\temp\mrt4597.tmp\kclist.mfx
c:\windows\temp\mrt4597.tmp\KcWebX.mfx
c:\windows\temp\mrt4597.tmp\mmfs2.dll
c:\windows\temp\mrt4597.tmp\pcxflt.ift
c:\windows\temp\mrt4597.tmp\pngflt.ift
c:\windows\temp\mrt4597.tmp\Registry2.mfx
c:\windows\temp\mrt4597.tmp\stdrt.exe
c:\windows\temp\mrt4597.tmp\tgaflt.ift
c:\windows\temp\mrt4597.tmp\volume.mfx
c:\windows\temp\mrt4604.tmp
c:\windows\temp\mrt4604.tmp\aviflt.ift
c:\windows\temp\mrt4604.tmp\bmpflt.ift
c:\windows\temp\mrt4604.tmp\Download.mfx
c:\windows\temp\mrt4604.tmp\fliflt.ift
c:\windows\temp\mrt4604.tmp\Get.mfx
c:\windows\temp\mrt4604.tmp\gifflt.ift
c:\windows\temp\mrt4604.tmp\jpgflt.ift
c:\windows\temp\mrt4604.tmp\kcfile.mfx
c:\windows\temp\mrt4604.tmp\kcini.mfx
c:\windows\temp\mrt4604.tmp\kclist.mfx
c:\windows\temp\mrt4604.tmp\KcWebX.mfx
c:\windows\temp\mrt4604.tmp\mmfs2.dll
c:\windows\temp\mrt4604.tmp\pcxflt.ift
c:\windows\temp\mrt4604.tmp\pngflt.ift
c:\windows\temp\mrt4604.tmp\Registry2.mfx
c:\windows\temp\mrt4604.tmp\stdrt.exe
c:\windows\temp\mrt4604.tmp\tgaflt.ift
c:\windows\temp\mrt4604.tmp\volume.mfx
c:\windows\temp\mrt498D.tmp
c:\windows\temp\mrt498D.tmp\aviflt.ift
c:\windows\temp\mrt498D.tmp\bmpflt.ift
c:\windows\temp\mrt498D.tmp\Download.mfx
c:\windows\temp\mrt498D.tmp\fliflt.ift
c:\windows\temp\mrt498D.tmp\Get.mfx
c:\windows\temp\mrt498D.tmp\gifflt.ift
c:\windows\temp\mrt498D.tmp\jpgflt.ift
c:\windows\temp\mrt498D.tmp\kcfile.mfx
c:\windows\temp\mrt498D.tmp\kcini.mfx
c:\windows\temp\mrt498D.tmp\kclist.mfx
c:\windows\temp\mrt498D.tmp\KcWebX.mfx
c:\windows\temp\mrt498D.tmp\mmfs2.dll
c:\windows\temp\mrt498D.tmp\pcxflt.ift
c:\windows\temp\mrt498D.tmp\pngflt.ift
c:\windows\temp\mrt498D.tmp\Registry2.mfx
c:\windows\temp\mrt498D.tmp\stdrt.exe
c:\windows\temp\mrt498D.tmp\tgaflt.ift
c:\windows\temp\mrt498D.tmp\volume.mfx
c:\windows\temp\mrt4A58.tmp
c:\windows\temp\mrt4A58.tmp\aviflt.ift
c:\windows\temp\mrt4A58.tmp\bmpflt.ift
c:\windows\temp\mrt4A58.tmp\Download.mfx
c:\windows\temp\mrt4A58.tmp\fliflt.ift
c:\windows\temp\mrt4A58.tmp\Get.mfx
c:\windows\temp\mrt4A58.tmp\gifflt.ift
c:\windows\temp\mrt4A58.tmp\jpgflt.ift
c:\windows\temp\mrt4A58.tmp\kcfile.mfx
c:\windows\temp\mrt4A58.tmp\kcini.mfx
c:\windows\temp\mrt4A58.tmp\kclist.mfx
c:\windows\temp\mrt4A58.tmp\KcWebX.mfx
c:\windows\temp\mrt4A58.tmp\mmfs2.dll
c:\windows\temp\mrt4A58.tmp\pcxflt.ift
c:\windows\temp\mrt4A58.tmp\pngflt.ift
c:\windows\temp\mrt4A58.tmp\Registry2.mfx
c:\windows\temp\mrt4A58.tmp\stdrt.exe
c:\windows\temp\mrt4A58.tmp\tgaflt.ift
c:\windows\temp\mrt4A58.tmp\volume.mfx
c:\windows\temp\mrt5070.tmp
c:\windows\temp\mrt5070.tmp\aviflt.ift
c:\windows\temp\mrt5070.tmp\bmpflt.ift
c:\windows\temp\mrt5070.tmp\Download.mfx
c:\windows\temp\mrt5070.tmp\fliflt.ift
c:\windows\temp\mrt5070.tmp\Get.mfx
c:\windows\temp\mrt5070.tmp\gifflt.ift
c:\windows\temp\mrt5070.tmp\jpgflt.ift
c:\windows\temp\mrt5070.tmp\kcfile.mfx
c:\windows\temp\mrt5070.tmp\kcini.mfx
c:\windows\temp\mrt5070.tmp\kclist.mfx
c:\windows\temp\mrt5070.tmp\KcWebX.mfx
c:\windows\temp\mrt5070.tmp\mmfs2.dll
c:\windows\temp\mrt5070.tmp\pcxflt.ift
c:\windows\temp\mrt5070.tmp\pngflt.ift
c:\windows\temp\mrt5070.tmp\Registry2.mfx
c:\windows\temp\mrt5070.tmp\stdrt.exe
c:\windows\temp\mrt5070.tmp\tgaflt.ift
c:\windows\temp\mrt5070.tmp\volume.mfx
c:\windows\temp\mrt5188.tmp
c:\windows\temp\mrt5188.tmp\aviflt.ift
c:\windows\temp\mrt5188.tmp\bmpflt.ift
c:\windows\temp\mrt5188.tmp\Download.mfx
c:\windows\temp\mrt5188.tmp\fliflt.ift
c:\windows\temp\mrt5188.tmp\Get.mfx
c:\windows\temp\mrt5188.tmp\gifflt.ift
c:\windows\temp\mrt5188.tmp\jpgflt.ift
c:\windows\temp\mrt5188.tmp\kcfile.mfx
c:\windows\temp\mrt5188.tmp\kcini.mfx
c:\windows\temp\mrt5188.tmp\kclist.mfx
c:\windows\temp\mrt5188.tmp\KcWebX.mfx
c:\windows\temp\mrt5188.tmp\mmfs2.dll
c:\windows\temp\mrt5188.tmp\pcxflt.ift
c:\windows\temp\mrt5188.tmp\pngflt.ift
c:\windows\temp\mrt5188.tmp\Registry2.mfx
c:\windows\temp\mrt5188.tmp\stdrt.exe
c:\windows\temp\mrt5188.tmp\tgaflt.ift
c:\windows\temp\mrt5188.tmp\volume.mfx
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Adobe Licensing Console
.
.
((((((((((((((((((((((((( Files Created from 2012-02-08 to 2012-03-08 )))))))))))))))))))))))))))))))
.
.
2012-03-08 10:05 . 2012-03-08 10:05	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-03-08 09:26 . 2012-03-08 09:26	--------	d-----w-	c:\program files (x86)\ERUNT
2012-03-05 20:05 . 2012-03-05 20:05	--------	d-----w-	C:\_OTL
2012-02-29 22:36 . 2012-02-29 22:36	--------	d-----w-	c:\users\KathTristan\AppData\Roaming\SUPERAntiSpyware.com
2012-02-29 22:36 . 2012-02-29 22:43	--------	d-----w-	c:\program files\SUPERAntiSpyware
2012-02-29 22:36 . 2012-02-29 22:36	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2012-02-29 22:33 . 2012-02-29 22:33	--------	d-----w-	c:\users\KathTristan\AppData\Roaming\Malwarebytes
2012-02-29 22:33 . 2012-02-29 22:33	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-29 22:33 . 2012-02-29 22:33	--------	d-----w-	c:\programdata\Malwarebytes
2012-02-29 22:33 . 2011-12-10 15:24	23152	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-02-28 11:23 . 2012-02-28 11:35	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2012-02-28 11:23 . 2012-02-28 11:26	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy
2012-02-28 10:27 . 2012-02-28 10:27	388096	----a-r-	c:\users\KathTristan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-28 10:27 . 2012-02-28 10:27	--------	d-----w-	c:\program files (x86)\Trend Micro
2012-02-26 23:01 . 2012-02-26 23:01	--------	d-----w-	c:\users\KathTristan\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-02-25 15:11 . 2012-02-25 15:11	--------	d-----w-	c:\windows\Sun
2012-02-19 18:33 . 2012-02-19 18:33	384	----a-w-	c:\windows\SysWow64\checkOS.bat
2012-02-19 09:49 . 2012-02-28 11:26	--------	d-----w-	c:\users\KathTristan\AppData\Local\CrashDumps
2012-02-19 09:48 . 2012-02-19 09:48	--------	d-----w-	c:\users\KathTristan\AppData\Roaming\SongManager
2012-02-19 09:45 . 2012-02-19 09:48	--------	d-----w-	c:\program files (x86)\VstPlugins
2012-02-19 09:45 . 2006-06-20 08:56	225280	----a-w-	c:\windows\SysWow64\rewire.dll
2012-02-19 09:45 . 2009-09-15 09:14	1554944	----a-w-	c:\windows\SysWow64\vorbis.acm
2012-02-19 09:43 . 2012-02-19 09:43	--------	d-----w-	c:\users\KathTristan\AppData\Roaming\MMFApplications
2012-02-19 07:51 . 2012-01-04 10:44	509952	----a-w-	c:\windows\system32\ntshrui.dll
2012-02-19 07:51 . 2012-01-04 08:58	442880	----a-w-	c:\windows\SysWow64\ntshrui.dll
2012-02-19 07:51 . 2012-01-14 04:06	3145728	----a-w-	c:\windows\system32\win32k.sys
2012-02-19 07:51 . 2011-12-30 06:26	515584	----a-w-	c:\windows\system32\timedate.cpl
2012-02-19 07:51 . 2011-12-30 05:27	478720	----a-w-	c:\windows\SysWow64\timedate.cpl
2012-02-19 07:51 . 2011-12-28 03:59	498688	----a-w-	c:\windows\system32\drivers\afd.sys
2012-02-19 07:51 . 2011-12-16 08:46	634880	----a-w-	c:\windows\system32\msvcrt.dll
2012-02-19 07:51 . 2011-12-16 07:52	690688	----a-w-	c:\windows\SysWow64\msvcrt.dll
2012-02-13 22:14 . 2012-02-19 09:46	--------	d-----w-	c:\program files (x86)\ASIO4ALL v2
2012-02-13 18:33 . 2012-02-13 18:33	--------	d-----w-	c:\program files (x86)\Outsim
2012-02-13 18:32 . 2012-02-13 18:33	--------	d-----w-	c:\program files (x86)\Image-Line
2012-02-12 17:05 . 2012-02-12 17:05	--------	d-----w-	c:\programdata\RosettaStoneLtdServices
2012-02-08 11:06 . 2012-02-12 16:55	--------	d-----w-	c:\users\KathTristan\AppData\Local\Diagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-23 19:28 . 2012-01-23 19:24	174200	----a-w-	c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-01-23 19:26 . 2011-03-29 01:36	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-12-11 00:48 . 2011-12-11 00:48	177664	----a-w-	c:\windows\system32\EKAiO2COI07.dll
2011-12-11 00:47 . 2011-12-11 00:47	1058304	----a-w-	c:\windows\system32\EKAiO2MON.dll
.
.
((((((((((((((((((((((((((((( [email protected]_13.21.02 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-02-17 06:55 . 2012-03-06 13:21	32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-02-17 06:55 . 2012-03-08 09:57	32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-11-21 03:09 . 2012-03-08 09:53	39410 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-08 09:53	34796 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-01-24 03:11 . 2012-03-08 09:53	8136 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2697856359-3395195805-1778775960-1001_UserData.bin
+ 2012-03-08 10:06 . 2012-03-08 10:06	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-06 13:20 . 2012-03-06 13:20	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-07 20:59 . 2012-03-08 10:01	308912 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\MMFApplications\msdc1.dll
+ 2012-02-21 17:32 . 2012-03-08 09:51	262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-02-21 17:32 . 2012-03-06 13:20	262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:54 . 2012-03-06 13:20	147456 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-08 09:51	147456 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-06 13:20	131072 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-08 09:51	131072 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-01-23 22:16 . 2012-03-07 11:25	215024 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2012-03-04 18:24	628024 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-06 16:42	628024 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-03-04 18:24	110208 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-03-06 16:42	110208 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-03-08 10:05	360280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-03-06 13:14	360280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-08 09:26 . 2005-10-20 12:02	163328 c:\windows\ERDNT\08-03-2012\ERDNT.EXE
- 2009-07-14 04:54 . 2012-03-06 13:20	1835008 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-08 09:51	1835008 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-01-23 19:54 . 2012-03-06 13:14	1041456 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2697856359-3395195805-1778775960-1001-8192.dat
+ 2012-01-23 19:54 . 2012-03-08 10:05	1041456 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2697856359-3395195805-1778775960-1001-8192.dat
+ 2011-10-17 14:02 . 2012-03-08 10:05	1247724 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
- 2011-10-17 14:02 . 2012-03-06 13:14	1247724 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2012-03-08 09:26 . 2012-03-08 09:26	2445312 c:\windows\ERDNT\08-03-2012\Users\00000002\UsrClass.dat
+ 2012-03-08 09:26 . 2012-03-08 09:26	1925120 c:\windows\ERDNT\08-03-2012\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 5487488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-06-21 341360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-08-31 185640]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2011-08-11 627304]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe" [2011-10-17 247968]
.
c:\users\KathTristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-06-21 173424]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20120302.001\BHDrvx64.sys [2012-03-02 1157240]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20120307.002\IDSvia64.sys [2012-03-06 488568]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-30 36456]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe [2011-04-17 130008]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-08 c:\windows\Tasks\Acer Registration - Reminder Recall task.job
- c:\program files (x86)\Acer\Registration\GREG.exe [2011-05-11 11:30]
.
2012-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2697856359-3395195805-1778775960-1001Core.job
- c:\users\KathTristan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-23 19:27]
.
2012-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2697856359-3395195805-1778775960-1001UA.job
- c:\users\KathTristan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-23 19:27]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-14 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-14 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-14 416024]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-11 11580520]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"EKAIO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe" [2011-12-11 3240448]
"combofix"="c:\rugby\CF7977.3XE" [2010-11-21 345088]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://acer.msn.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: DhcpNameServer = 192.168.1.254
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:08,cf,9d,66,32,f1,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{11D741B8-DD31-4707-B06A-7A68E3D84884}*]
@=hex:99,42,b1,b2,a3,e4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{1A493EAC-93D3-4646-B911-4697A475FF4B}*]
@=hex:d9,29,9c,b4,a3,e4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{20EF7B60-CE85-4048-A409-02CB203268EE}*]
@=hex:c7,ea,52,b4,a3,e4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{242E582C-66A8-478C-8BCA-0AF9F1D38D39}*]
@=hex:f0,82,26,b4,a3,e4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{29638F0C-042B-4B50-A2D2-8E8E7CA71E4F}*]
@=hex:ec,88,a9,b3,a3,e4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{3B84C2D7-708C-48EF-8ED7-0C5FC0F030C6}*]
@=hex:01,84,73,b3,a3,e4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{3B8C523D-E999-4C87-BB58-E03B7F5C67F8}*]
@=hex:3a,52,2d,b3,a3,e4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}*]
@=hex:65,e8,74,b6,a3,e4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{787E3340-6D04-4BF3-BCC2-2AD3630471CE}*]
@=hex:59,2b,a0,b2,a3,e4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{861F5797-5F25-43E6-9510-527D056BC13C}*]
@=hex:36,12,39,b3,a3,e4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{92561398-2ED8-42AF-86E2-66FA8E9DC46E}*]
@=hex:ff,5b,c8,b3,a3,e4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{97A98033-9FA1-4E80-A339-59787B43CC89}*]
@=hex:d3,34,92,b6,a3,e4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}*]
@=hex:61,9b,26,b3,a3,e4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{B67DA794-42D6-4DFE-AE29-0334338228C9}*]
@=hex:d9,8f,d7,b2,a3,e4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C4B20040-7D5A-4558-9E19-B7DF94366F97}*]
@=hex:2b,29,a1,b6,a3,e4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C514227C-0AF4-44BB-816A-E9483A4302C9}*]
@=hex:25,47,01,b4,a3,e4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C55AC07F-5B51-486C-811A-750184298D58}*]
@=hex:08,f3,7d,b4,a3,e4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C7A40493-BF23-4B53-AB2A-4A923B3EE34B}*]
@=hex:20,93,fb,b2,a3,e4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{E14E55A7-29C8-4389-8E5A-3EF964510FCA}*]
@=hex:46,cc,92,b3,a3,e4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{F5E30566-7C8F-4037-A8FF-A7382E251C56}*]
@=hex:6d,a8,e5,b3,a3,e4,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
c:\program files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-03-08 10:09:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-08 10:09
ComboFix2.txt 2012-03-06 13:24
.
Pre-Run: 405,642,199,040 bytes free
Post-Run: 405,216,378,880 bytes free
.
- - End Of File - - 3413A12A8C88546734178519C4772DFB


----------



## eddie5659 (Mar 19, 2001)

Okay, can you re0run SystemLookUp again, with the following code:


```
:dir
C:\Windows\TEMP /sub
:filefind
*adbcnsl.exe
*stdrt.exe
```
and post the log 

Also, has the adverts stopped?


----------



## binocularface (Feb 28, 2012)

Huge thanks Eddie 



eddie5659 said:


> Okay, can you re0run SystemLookUp again, with the following code:
> 
> 
> ```
> ...


SystemLook 30.07.11 by jpshortstuff
Log created at 13:09 on 08/03/2012 by KathTristan
Administrator - Elevation successful

========== dir ==========

C:\Windows\TEMP - Parameters: "/sub"

---Files---
None found.

No folders found.

========== filefind ==========

Searching for "*adbcnsl.exe"
No files found.

Searching for "*stdrt.exe"
No files found.

-= EOF =-



eddie5659 said:


> Also, has the adverts stopped?


Yes it has, many thanks.

Regards
B


----------



## eddie5659 (Mar 19, 2001)

Just so I know, did it stop after the last fix, using the combofix CFScript?

Its a new infection out there, so any info is good info


----------



## binocularface (Feb 28, 2012)

Many thanks for all your help curing my PC :up:



eddie5659 said:


> Just so I know, did it stop after the last fix, using the combofix CFScript?


Yes it did seem to stop after the last fix.

Huge thanks 

Regards
B


----------



## eddie5659 (Mar 19, 2001)

Excellent :up:

There is still some leftovers to remove of the conduit stuff, plus we have a database of files etc, so any info on certain files is very useful, as this can help many malware experts in the future. These entries are legit, but we try and compile a list of good/bad, to help everyone 

So, I'll carry on to remove the remains etc 

----

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:Files
C:\Users\KathTristan\AppData\LocalLow\Conduit
ipconfig /flushdns /c
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[emptyjava]
[EMPTYFLASH] 
[CREATERESTOREPOINT] 
[Reboot]
```

Then click the *Run Fix* button at the top 
Click OK.
OTL may ask to reboot the machine. Please do so if asked.

The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.

------------------

Also, can you run this code in SystemLook:


```
:file
C:\Program Files (x86)\Evernote\Evernote\Resource.dll
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
```
And post the log.

------------

Please go to *here* to run an online scannner from ESET.

 Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to *YES, I accept the Terms of Use.*
Click *Start*
When asked, allow the activex control to install
Click *Start*
Make sure that the option *Remove found threats* is *unticked*, and the option *Scan unwanted applications* is *checked*
Click on *Advanced Settings* and ensure these options are ticked:
*Scan for potentially unwanted applications*
*Scan for potentially unsafe applications*
*Enable Anti-Stealth Technology*

Click *Scan*
Wait for the scan to finish
If any threats were found, click the *'List of found threats' *, then click* Export to text file...*. 
Save it to your desktop, then please copy and paste that log as a reply to this topic.

--------------

Download *OTS* to your Desktop and double-click on it to run it 

Make sure you close all other programs and *don't* use the PC while the scan runs. 
Now click the *Run Scan* button on the toolbar. Make sure not to use the PC while the program is running or it will freeze. 
When the scan is complete Notepad will open with the report file loaded in it. 
Click the *Format* menu and make sure that *Wordwrap* is not checked. If it is then click on it to uncheck it. 
Use the Add Reply button and post the information back here in an *attachment*. I will review it when it comes in. The last line is *< End of Report >*, so make sure that is the last line in the attached report.

*Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way*

eddie


----------



## eddie5659 (Mar 19, 2001)

Hi

There may be a few other remains of the other infection still, upon further analysis. Can you also run this in OTL:


Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Under the Custom Scan box paste this in


```
/md5start
regsrv.exe
/md5stop
CREATERESTOREPOINT
```

Then click the *Run Scan* button at the top 
When the scan completes, please copy *(Edit->Select All, Edit->Copy)* the contents and post them in your topic 

Only one log may be produced, which is fine


----------



## eddie5659 (Mar 19, 2001)

Also, can you run this with SystemLook:


```
:reg
HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\PCI /sub
:regfind
HKLM\SYSTEM\CurrentControlSet\Services\FLEXnet Licensing Manager
:filefind
*tubelist.dat
*update.dat
*regsrv.exe
:file
tubelist.dat
update.dat
regsrv.exe
```
and post the log. If its too long, just upload and attach it


----------



## binocularface (Feb 28, 2012)

Thanks again Eddie 



eddie5659 said:


> ----Run OTL
> The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.


All processes killed
========== FILES ==========
File\Folder C:\Users\KathTristan\AppData\LocalLow\Conduit not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\KathTristan\Desktop\cmd.bat deleted successfully.
C:\Users\KathTristan\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: KathTristan
->Temp folder emptied: 6421277 bytes
->Temporary Internet Files folder emptied: 36507 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 18102782 bytes
->Flash cache emptied: 1046 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 23.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: KathTristan
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: KathTristan
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.34.0 log created on 03092012_131408

Files\Folders moved on Reboot...
C:\Users\KathTristan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

------------------



eddie5659 said:


> Also, can you run this code in SystemLook:
> 
> 
> ```
> ...


SystemLook 30.07.11 by jpshortstuff
Log created at 13:18 on 09/03/2012 by KathTristan
Administrator - Elevation successful

========== file ==========

C:\Program Files (x86)\Evernote\Evernote\Resource.dll - File found and opened.
MD5: FB31C8808580946597C6F36EB589A939
Created at 03:02 on 22/09/2011
Modified at 03:02 on 22/09/2011
Size: 35840 bytes
Attributes: --a----
FileDescription: Evernote IE/OL Clipper Resources
FileVersion: 4,5,1,5451
ProductVersion: 4,5,1,5451
OriginalFilename: Resource.dll
InternalName: IEOLResource
ProductName: Evernote®
CompanyName: Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041
LegalCopyright: Copyright © 2003-2010 Evernote Corporation.
All rights reserved.

C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe - File found and opened.
MD5: DD1B7367E4B2C9F8795854132606CC36
Created at 22:35 on 01/12/2011
Modified at 10:22 on 12/10/2011
Size: 321832 bytes
Attributes: --a----
FileDescription: DMREngine
FileVersion: 1.2.4221 
ProductVersion: 1.2.4221 
OriginalFilename: DMREngine.exe
InternalName: DMREngine
ProductName: CyberLink DMREngine
CompanyName: CyberLink
LegalCopyright: Copyright c 2008
Comments:

C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe - File found and opened.
MD5: C4FF7B3B8C85DFE5069F220BBBCF42E1
Created at 22:35 on 01/12/2011
Modified at 10:22 on 12/10/2011
Size: 214312 bytes
Attributes: --a----
FileDescription: CLMSService
FileVersion: 2.0.4217 
ProductVersion: 2.0.4217 
OriginalFilename: CLMSService.exe
InternalName: CLMSService
ProductName: CyberLink CLMSService
CompanyName: CyberLink
LegalCopyright: Copyright (C) 2004-2006

-= EOF =-

------------



eddie5659 said:


> Please go to *here* to run an online scannner from ESET.
> 
> [*]If any threats were found, click the *'List of found threats' *, then click* Export to text file...*.
> [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.


No threats found!

--------------

OTS file attached!


----------



## binocularface (Feb 28, 2012)

Thanks again Eddie 



eddie5659 said:


> Hi
> 
> There may be a few other remains of the other infection still, upon further analysis. Can you also run this in OTL:
> 
> ...


Log from the first scan here:

OTL logfile created on: 09/03/2012 17:00:53 - Run 3
OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\KathTristan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.95 Gb Total Physical Memory | 4.34 Gb Available Physical Memory | 72.92% Memory free
11.89 Gb Paging File | 10.19 Gb Available in Paging File | 85.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457.45 Gb Total Space | 373.80 Gb Free Space | 81.71% Space Free | Partition Type: NTFS
Drive D: | 457.96 Gb Total Space | 457.83 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
Drive E: | 612.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: KATHTRISTAN-PC | User Name: KathTristan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/02 06:56:14 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\KathTristan\Desktop\OTL.exe
PRC - [2011/10/12 10:22:02 | 000,218,408 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2011/10/12 10:22:01 | 000,321,832 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
PRC - [2011/10/12 10:22:00 | 000,214,312 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
PRC - [2011/08/31 10:35:01 | 000,185,640 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
PRC - [2011/08/11 03:58:26 | 000,627,304 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2011/06/06 19:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/30 02:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2011/04/22 16:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2011/04/17 00:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccsvchst.exe
PRC - [2011/01/18 03:08:58 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/18 03:08:58 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/12/20 10:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 10:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/11/06 07:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/05/04 19:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2009/12/02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009/12/02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

========== Modules (No Company Name) ==========

MOD - [2012/01/23 19:54:29 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/10/12 10:22:01 | 000,321,832 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
MOD - [2011/10/12 10:22:00 | 000,370,984 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2011/08/11 03:58:26 | 000,627,304 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2011/08/11 03:57:22 | 000,151,656 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll

========== Win32 Services (SafeList) ==========

SRV:*64bit:* - [2011/08/11 23:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:*64bit:* - [2011/04/22 16:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:*64bit:* - [2010/09/23 01:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:*64bit:* - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/06/21 19:55:04 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2011/06/06 19:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/30 02:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011/04/17 00:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe -- (N360)
SRV - [2010/12/20 10:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/12/20 10:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/11/06 07:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/05/04 19:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009/12/02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2012/01/23 19:28:29 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:*64bit:* - [2011/10/17 13:39:44 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:*64bit:* - [2011/10/17 13:39:44 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:*64bit:* - [2011/10/17 13:39:44 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:*64bit:* - [2011/07/22 16:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:*64bit:* - [2011/07/14 05:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2011/07/14 05:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2011/07/12 21:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:*64bit:* - [2011/07/06 12:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:*64bit:* - [2011/04/21 01:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symnets.sys -- (SymNetS)
DRV:*64bit:* - [2011/04/10 03:51:06 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:*64bit:* - [2011/03/31 03:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\srtsp64.sys -- (SRTSP)
DRV:*64bit:* - [2011/03/31 03:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:*64bit:* - [2011/03/15 02:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symefa64.sys -- (SymEFA)
DRV:*64bit:* - [2011/01/27 06:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symds64.sys -- (SymDS)
DRV:*64bit:* - [2010/12/20 18:31:00 | 000,316,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R)
DRV:*64bit:* - [2010/11/21 03:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2010/11/21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2010/11/21 03:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:*64bit:* - [2010/11/16 00:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\ironx64.sys -- (SymIRON)
DRV:*64bit:* - [2010/11/06 07:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:*64bit:* - [2010/10/19 08:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:*64bit:* - [2010/10/14 17:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:*64bit:* - [2009/12/02 22:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:*64bit:* - [2009/12/02 22:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:*64bit:* - [2009/12/02 22:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:*64bit:* - [2009/12/02 22:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:*64bit:* - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/06/10 20:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:*64bit:* - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:*64bit:* - [2009/05/08 11:08:00 | 000,020,520 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV - [2012/03/06 16:04:10 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20120308.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/03/02 18:58:01 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20120302.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/02/18 18:15:55 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20120308.033\EX64.SYS -- (NAVEX15)
DRV - [2012/02/18 18:15:55 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20120308.033\ENG64.SYS -- (NAVENG)
DRV - [2012/02/04 19:28:52 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/02/04 19:28:52 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\KathTristan\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\KathTristan\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\IPSFFPlgn\ [2012/02/18 18:11:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\coFFPlgn_2011_7_5_2 [2012/03/09 16:43:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/21 17:33:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2012/01/23 19:29:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KathTristan\AppData\Roaming\Mozilla\Extensions
[2012/03/05 20:05:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KathTristan\AppData\Roaming\Mozilla\Firefox\extensions
[2012/01/24 22:42:28 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\USERS\KATHTRISTAN\APPDATA\ROAMING\THUNDERBIRD\PROFILES\E9NA3W38.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\KATHTRISTAN\APPDATA\ROAMING\THUNDERBIRD\PROFILES\E9NA3W38.DEFAULT\EXTENSIONS\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\KathTristan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\KathTristan\AppData\Local\Google\Chrome\Application\17.0.963.78\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\KathTristan\AppData\Local\Google\Chrome\Application\17.0.963.78\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\KathTristan\AppData\Local\Google\Chrome\Application\17.0.963.78\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\KathTristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: AddThis - Share & Bookmark (new) = C:\Users\KathTristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\2.9.7_0\
CHR - Extension: Google Search = C:\Users\KathTristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Gmail = C:\Users\KathTristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/03/09 13:14:09 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O4:*64bit:* - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:*64bit:* - HKLM..\Run: [EKAIO2StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKAiO2MUI.exe (Eastman Kodak Company)
O4:*64bit:* - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\KathTristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8671C30-CFA5-45E6-957C-6D6528B554C5}: DhcpNameServer = 192.168.1.254
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/06 22:46:35 | 000,000,040 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/09 16:12:56 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Local\ElevatedDiagnostics
[2012/03/09 13:32:50 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2012/03/09 10:54:52 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/03/09 10:48:17 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Roaming\SoftGrid Client
[2012/03/09 10:48:17 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Local\SoftGrid Client
[2012/03/09 10:48:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
[2012/03/09 10:47:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/03/09 10:47:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2012/03/09 10:47:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/03/09 10:47:43 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Roaming\TP
[2012/03/08 10:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/03/08 10:16:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/03/08 10:10:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/08 10:09:07 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/08 09:40:15 | 000,518,656 | ---- | C] (Safer Networking Limited) -- C:\Users\KathTristan\Desktop\sfp.exe
[2012/03/08 09:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/03/08 09:26:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/03/05 20:05:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/05 14:02:58 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Local\{F2B94E37-75F4-4270-9E39-0E3A1DA3D0C8}
[2012/03/05 14:02:48 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Local\{16F1AF43-06F0-49E2-A6A9-7358D8A3D959}
[2012/03/02 06:56:20 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\KathTristan\Desktop\OTL.exe
[2012/03/01 20:59:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/01 20:59:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/01 20:59:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/01 20:59:51 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/01 20:58:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/29 22:36:48 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Roaming\SUPERAntiSpyware.com
[2012/02/29 22:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/02/29 22:36:32 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/02/29 22:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/02/29 22:33:47 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Roaming\Malwarebytes
[2012/02/29 22:33:41 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/02/29 22:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/29 22:33:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/02/29 22:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/28 11:23:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/02/28 11:23:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/02/28 11:23:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/02/28 10:48:56 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\KathTristan\Desktop\dds.com
[2012/02/28 10:27:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/02/28 10:27:11 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/02/27 16:57:40 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Local\{0756F7BF-D790-4FE4-A9A6-FEBE7FEE4044}
[2012/02/27 16:57:30 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Local\{0D35CABB-247D-41FC-A518-BDAEFAD24F67}
[2012/02/26 23:01:50 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/02/26 19:27:25 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\Desktop\Kumlien's etc Hartlepool
[2012/02/25 15:11:27 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/02/24 14:25:16 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\Desktop\Snowfinch
[2012/02/19 20:15:12 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Local\{A903543A-3A4D-4F36-BF0C-31EFE20E9C02}
[2012/02/19 20:15:02 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Local\{6C4C167E-61BB-4EB3-B736-2475F6C750C9}
[2012/02/19 18:45:02 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\Desktop\Red-breasted Goose etc
[2012/02/19 10:34:36 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/19 10:34:36 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/19 10:34:35 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/02/19 10:34:35 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/19 10:34:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/19 10:34:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/19 10:34:34 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/02/19 10:34:34 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/02/19 10:34:34 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/02/19 10:34:34 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/19 10:34:34 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/19 09:49:02 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Local\CrashDumps
[2012/02/19 09:48:33 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Roaming\SongManager
[2012/02/19 09:46:12 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
[2012/02/19 09:45:20 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\rewire.dll
[2012/02/19 09:45:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VstPlugins
[2012/02/19 09:45:13 | 001,554,944 | ---- | C] (HMS http://hp.vector.co.jp/authors/VA012897/) -- C:\Windows\SysWow64\vorbis.acm
[2012/02/19 09:45:13 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
[2012/02/19 09:45:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
[2012/02/19 09:43:36 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\AppData\Roaming\MMFApplications
[2012/02/19 07:51:54 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/02/19 07:51:52 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/02/19 07:51:52 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/02/19 07:51:28 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/13 22:14:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASIO4ALL v2
[2012/02/13 18:33:43 | 000,000,000 | ---D | C] -- C:\Users\KathTristan\Documents\Image-Line
[2012/02/13 18:33:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Outsim
[2012/02/13 18:32:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Image-Line
[2012/02/12 17:05:28 | 000,000,000 | ---D | C] -- C:\ProgramData\RosettaStoneLtdServices

========== Files - Modified Within 30 Days ==========

[2012/03/09 17:00:00 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\Acer Registration - Reminder Recall task.job
[2012/03/09 16:50:17 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/09 16:50:17 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/09 16:42:57 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/09 16:42:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/09 16:42:41 | 492,822,527 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/09 16:37:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2697856359-3395195805-1778775960-1001UA.job
[2012/03/09 16:21:02 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/09 14:48:09 | 000,003,576 | ---- | M] () -- C:\{40A2AC87-3D5C-4415-B260-C06E404A174C}
[2012/03/09 13:14:09 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/03/09 11:07:30 | 000,017,048 | ---- | M] () -- C:\Users\KathTristan\Desktop\Invoice1.ods
[2012/03/09 11:07:07 | 000,066,900 | ---- | M] () -- C:\Users\KathTristan\Desktop\Invoice0100TREIDGULLFEST2012.pdf
[2012/03/09 10:47:59 | 000,734,810 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/09 10:47:59 | 000,628,468 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/09 10:47:59 | 000,110,394 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/09 10:34:55 | 000,111,066 | ---- | M] () -- C:\Users\KathTristan\Desktop\FlightReceiptTREID.pdf
[2012/03/09 07:43:35 | 000,002,441 | ---- | M] () -- C:\Users\KathTristan\Desktop\Google Chrome.lnk
[2012/03/09 07:42:48 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2697856359-3395195805-1778775960-1001Core.job
[2012/03/08 10:17:19 | 000,002,176 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/03/08 10:15:40 | 000,000,848 | ---- | M] () -- C:\Users\KathTristan\Desktop\Millom Proposed main and outfall.kmz
[2012/03/08 10:15:36 | 000,000,826 | ---- | M] () -- C:\Users\KathTristan\Desktop\Millom proposed works and compound.kmz
[2012/03/08 10:01:39 | 000,000,033 | ---- | M] () -- C:\Windows\SysWow64\deck.ini
[2012/03/08 09:40:37 | 001,259,609 | ---- | M] () -- C:\Users\KathTristan\Desktop\requested-files[2012-03-08_09_40].cab
[2012/03/08 09:40:08 | 000,518,656 | ---- | M] (Safer Networking Limited) -- C:\Users\KathTristan\Desktop\sfp.exe
[2012/03/08 09:28:56 | 001,259,609 | ---- | M] () -- C:\Users\KathTristan\Desktop\requested-files[2012-03-08_09_28].cab
[2012/03/08 09:26:09 | 000,000,892 | ---- | M] () -- C:\Users\KathTristan\Desktop\NTREGOPT.lnk
[2012/03/08 09:26:09 | 000,000,873 | ---- | M] () -- C:\Users\KathTristan\Desktop\ERUNT.lnk
[2012/03/07 07:33:30 | 000,002,600 | ---- | M] () -- C:\{7AF810F8-077F-4444-A7AD-48F65DD0C07F}
[2012/03/06 16:42:30 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/06 09:13:27 | 000,182,374 | ---- | M] () -- C:\Users\KathTristan\Desktop\BigBirdRaceTeam.jpg
[2012/03/05 20:08:40 | 000,165,376 | ---- | M] () -- C:\Users\KathTristan\Desktop\SystemLook_x64.exe
[2012/03/05 20:06:00 | 010,363,220 | ---- | M] () -- C:\Users\KathTristan\Desktop\Birecik.eml
[2012/03/05 20:05:59 | 000,125,448 | ---- | M] () -- C:\Users\KathTristan\Desktop\LateRooms.com Booking Confirmation - 17237469R.eml
[2012/03/05 20:05:56 | 000,040,327 | ---- | M] () -- C:\Users\KathTristan\Desktop\Your Booking Confirmation 6G6F6794.eml
[2012/03/05 14:01:58 | 003,036,613 | ---- | M] () -- C:\Users\KathTristan\Desktop\Haweswater Mile 8.jpg
[2012/03/02 08:12:12 | 000,182,060 | ---- | M] () -- C:\Users\KathTristan\Desktop\ExpensesTReid.JPG
[2012/03/02 06:56:14 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\KathTristan\Desktop\OTL.exe
[2012/03/01 19:38:06 | 000,000,512 | ---- | M] () -- C:\Users\KathTristan\Desktop\MBR.dat
[2012/02/29 22:36:35 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/02/29 22:33:41 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/28 11:23:43 | 000,001,250 | ---- | M] () -- C:\Users\KathTristan\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/02/28 11:23:43 | 000,001,226 | ---- | M] () -- C:\Users\KathTristan\Desktop\Spybot - Search & Destroy.lnk
[2012/02/28 10:48:45 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\KathTristan\Desktop\dds.com
[2012/02/28 10:30:56 | 000,002,969 | ---- | M] () -- C:\Users\KathTristan\Desktop\HiJackThis (2).lnk
[2012/02/28 10:27:11 | 000,003,003 | ---- | M] () -- C:\Users\KathTristan\Desktop\HiJackThis.lnk
[2012/02/27 16:52:59 | 000,001,456 | ---- | M] () -- C:\Users\KathTristan\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/02/23 13:11:56 | 010,577,547 | ---- | M] () -- C:\Users\KathTristan\Desktop\Bonaparte's Gull - Drain Bay (98).jpg
[2012/02/21 10:28:47 | 002,341,512 | ---- | M] () -- C:\Users\KathTristan\Desktop\Millom proposed works 2011 vBBS Route TREID.jpg
[2012/02/20 07:19:32 | 004,855,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/19 18:33:55 | 000,000,384 | ---- | M] () -- C:\Windows\SysWow64\checkOS.bat
[2012/02/19 09:48:29 | 000,002,066 | ---- | M] () -- C:\Users\KathTristan\Desktop\Deckadance.lnk
[2012/02/19 09:46:12 | 000,001,106 | ---- | M] () -- C:\Users\KathTristan\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2012/02/19 09:45:19 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\FL Studio 10.lnk
[2012/02/15 17:18:48 | 000,290,116 | ---- | M] () -- C:\Users\KathTristan\Desktop\HumesLeafWarbler13feb2012KatwijkHolland2.mp3
[2012/02/15 17:18:41 | 001,385,169 | ---- | M] () -- C:\Users\KathTristan\Desktop\HumesLeafWarbler13feb2012KatwijkHolland.mp3
[2012/02/10 19:12:26 | 000,568,645 | ---- | M] () -- C:\Users\KathTristan\Desktop\img026.jpg
[2012/02/10 19:12:26 | 000,475,788 | ---- | M] () -- C:\Users\KathTristan\Desktop\img027.jpg
[2012/02/10 19:12:26 | 000,457,051 | ---- | M] () -- C:\Users\KathTristan\Desktop\img025.jpg
[2012/02/10 19:12:25 | 000,652,222 | ---- | M] () -- C:\Users\KathTristan\Desktop\img024.jpg
[2012/02/10 19:12:25 | 000,532,072 | ---- | M] () -- C:\Users\KathTristan\Desktop\img023.jpg
[2012/02/10 19:12:25 | 000,471,426 | ---- | M] () -- C:\Users\KathTristan\Desktop\img021.jpg
[2012/02/10 19:12:25 | 000,459,804 | ---- | M] () -- C:\Users\KathTristan\Desktop\img022.jpg
[2012/02/10 19:12:25 | 000,432,070 | ---- | M] () -- C:\Users\KathTristan\Desktop\img020.jpg
[2012/02/10 18:34:56 | 000,525,034 | ---- | M] () -- C:\Users\KathTristan\Desktop\img028.jpg
[2012/02/10 18:34:56 | 000,522,873 | ---- | M] () -- C:\Users\KathTristan\Desktop\img032.jpg
[2012/02/10 18:34:56 | 000,480,727 | ---- | M] () -- C:\Users\KathTristan\Desktop\img031.jpg
[2012/02/10 18:34:56 | 000,475,350 | ---- | M] () -- C:\Users\KathTristan\Desktop\img030.jpg
[2012/02/10 18:34:56 | 000,439,473 | ---- | M] () -- C:\Users\KathTristan\Desktop\img029.jpg
[2012/02/10 18:29:14 | 000,568,862 | ---- | M] () -- C:\Users\KathTristan\Desktop\img018.jpg
[2012/02/10 18:29:14 | 000,507,217 | ---- | M] () -- C:\Users\KathTristan\Desktop\img019.jpg
[2012/02/10 18:29:14 | 000,491,299 | ---- | M] () -- C:\Users\KathTristan\Desktop\img017.jpg
[2012/02/10 18:29:13 | 000,521,740 | ---- | M] () -- C:\Users\KathTristan\Desktop\img015.jpg
[2012/02/10 16:39:52 | 002,393,997 | ---- | M] () -- C:\Users\KathTristan\Desktop\img011.jpg
[2012/02/10 16:39:52 | 001,979,193 | ---- | M] () -- C:\Users\KathTristan\Desktop\img012.jpg
[2012/02/10 16:39:51 | 002,219,748 | ---- | M] () -- C:\Users\KathTristan\Desktop\img009.jpg
[2012/02/10 16:39:51 | 002,132,644 | ---- | M] () -- C:\Users\KathTristan\Desktop\img007.jpg
[2012/02/10 16:39:51 | 001,954,383 | ---- | M] () -- C:\Users\KathTristan\Desktop\img003.jpg
[2012/02/10 16:39:51 | 001,789,502 | ---- | M] () -- C:\Users\KathTristan\Desktop\img008.jpg
[2012/02/09 17:21:09 | 000,046,419 | ---- | M] () -- C:\Users\KathTristan\Desktop\paymentrequisition_tcm7-89169TristanReid.ods
[2012/02/09 16:33:37 | 000,046,182 | ---- | M] () -- C:\Users\KathTristan\Desktop\paymentrequisition_tcm7-89169.ods
[2012/02/09 12:28:42 | 000,019,719 | ---- | M] () -- C:\Users\KathTristan\Desktop\School-of-scalloped-hamme-007.jpg
[2012/02/08 18:14:41 | 000,180,830 | ---- | M] () -- C:\Users\KathTristan\Desktop\Erin Dress Measurements.zip
[2012/02/08 17:09:38 | 000,012,359 | ---- | M] () -- C:\Users\KathTristan\Desktop\Advertising Contacts.ods

========== Files Created - No Company Name ==========

[2012/03/09 14:48:09 | 000,003,576 | ---- | C] () -- C:\{40A2AC87-3D5C-4415-B260-C06E404A174C}
[2012/03/09 10:50:18 | 000,066,900 | ---- | C] () -- C:\Users\KathTristan\Desktop\Invoice0100TREIDGULLFEST2012.pdf
[2012/03/09 10:47:59 | 000,734,810 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/09 10:47:15 | 000,017,048 | ---- | C] () -- C:\Users\KathTristan\Desktop\Invoice1.ods
[2012/03/09 10:34:55 | 000,111,066 | ---- | C] () -- C:\Users\KathTristan\Desktop\FlightReceiptTREID.pdf
[2012/03/08 10:17:19 | 000,002,176 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/03/08 10:16:49 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/08 10:16:49 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/08 10:15:40 | 000,000,848 | ---- | C] () -- C:\Users\KathTristan\Desktop\Millom Proposed main and outfall.kmz
[2012/03/08 10:15:34 | 000,000,826 | ---- | C] () -- C:\Users\KathTristan\Desktop\Millom proposed works and compound.kmz
[2012/03/08 09:40:37 | 001,259,609 | ---- | C] () -- C:\Users\KathTristan\Desktop\requested-files[2012-03-08_09_40].cab
[2012/03/08 09:28:56 | 001,259,609 | ---- | C] () -- C:\Users\KathTristan\Desktop\requested-files[2012-03-08_09_28].cab
[2012/03/08 09:26:09 | 000,000,892 | ---- | C] () -- C:\Users\KathTristan\Desktop\NTREGOPT.lnk
[2012/03/08 09:26:09 | 000,000,873 | ---- | C] () -- C:\Users\KathTristan\Desktop\ERUNT.lnk
[2012/03/07 07:33:29 | 000,002,600 | ---- | C] () -- C:\{7AF810F8-077F-4444-A7AD-48F65DD0C07F}
[2012/03/06 09:13:26 | 000,182,374 | ---- | C] () -- C:\Users\KathTristan\Desktop\BigBirdRaceTeam.jpg
[2012/03/05 20:08:39 | 000,165,376 | ---- | C] () -- C:\Users\KathTristan\Desktop\SystemLook_x64.exe
[2012/03/05 14:04:36 | 003,036,613 | ---- | C] () -- C:\Users\KathTristan\Desktop\Haweswater Mile 8.jpg
[2012/03/02 08:12:12 | 000,182,060 | ---- | C] () -- C:\Users\KathTristan\Desktop\ExpensesTReid.JPG
[2012/03/01 20:59:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/01 20:59:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/01 20:59:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/01 20:59:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/01 20:59:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/01 19:38:06 | 000,000,512 | ---- | C] () -- C:\Users\KathTristan\Desktop\MBR.dat
[2012/02/29 22:36:35 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/02/29 22:33:41 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/28 11:23:43 | 000,001,250 | ---- | C] () -- C:\Users\KathTristan\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/02/28 11:23:43 | 000,001,226 | ---- | C] () -- C:\Users\KathTristan\Desktop\Spybot - Search & Destroy.lnk
[2012/02/28 10:30:56 | 000,002,969 | ---- | C] () -- C:\Users\KathTristan\Desktop\HiJackThis (2).lnk
[2012/02/28 10:27:11 | 000,003,003 | ---- | C] () -- C:\Users\KathTristan\Desktop\HiJackThis.lnk
[2012/02/23 13:11:51 | 010,577,547 | ---- | C] () -- C:\Users\KathTristan\Desktop\Bonaparte's Gull - Drain Bay (98).jpg
[2012/02/21 10:28:43 | 002,341,512 | ---- | C] () -- C:\Users\KathTristan\Desktop\Millom proposed works 2011 vBBS Route TREID.jpg
[2012/02/19 18:34:47 | 000,000,033 | ---- | C] () -- C:\Windows\SysWow64\deck.ini
[2012/02/19 18:33:55 | 000,000,384 | ---- | C] () -- C:\Windows\SysWow64\checkOS.bat
[2012/02/19 09:48:29 | 000,002,066 | ---- | C] () -- C:\Users\KathTristan\Desktop\Deckadance.lnk
[2012/02/19 09:46:12 | 000,001,106 | ---- | C] () -- C:\Users\KathTristan\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2012/02/19 09:45:19 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\FL Studio 10.lnk
[2012/02/15 17:18:48 | 000,290,116 | ---- | C] () -- C:\Users\KathTristan\Desktop\HumesLeafWarbler13feb2012KatwijkHolland2.mp3
[2012/02/15 17:18:41 | 001,385,169 | ---- | C] () -- C:\Users\KathTristan\Desktop\HumesLeafWarbler13feb2012KatwijkHolland.mp3
[2012/02/10 19:12:26 | 000,568,645 | ---- | C] () -- C:\Users\KathTristan\Desktop\img026.jpg
[2012/02/10 19:12:26 | 000,475,788 | ---- | C] () -- C:\Users\KathTristan\Desktop\img027.jpg
[2012/02/10 19:12:25 | 000,652,222 | ---- | C] () -- C:\Users\KathTristan\Desktop\img024.jpg
[2012/02/10 19:12:25 | 000,532,072 | ---- | C] () -- C:\Users\KathTristan\Desktop\img023.jpg
[2012/02/10 19:12:25 | 000,471,426 | ---- | C] () -- C:\Users\KathTristan\Desktop\img021.jpg
[2012/02/10 19:12:25 | 000,459,804 | ---- | C] () -- C:\Users\KathTristan\Desktop\img022.jpg
[2012/02/10 19:12:25 | 000,457,051 | ---- | C] () -- C:\Users\KathTristan\Desktop\img025.jpg
[2012/02/10 19:12:25 | 000,432,070 | ---- | C] () -- C:\Users\KathTristan\Desktop\img020.jpg
[2012/02/10 18:34:56 | 000,525,034 | ---- | C] () -- C:\Users\KathTristan\Desktop\img028.jpg
[2012/02/10 18:34:56 | 000,522,873 | ---- | C] () -- C:\Users\KathTristan\Desktop\img032.jpg
[2012/02/10 18:34:56 | 000,480,727 | ---- | C] () -- C:\Users\KathTristan\Desktop\img031.jpg
[2012/02/10 18:34:56 | 000,475,350 | ---- | C] () -- C:\Users\KathTristan\Desktop\img030.jpg
[2012/02/10 18:34:56 | 000,439,473 | ---- | C] () -- C:\Users\KathTristan\Desktop\img029.jpg
[2012/02/10 18:29:14 | 000,568,862 | ---- | C] () -- C:\Users\KathTristan\Desktop\img018.jpg
[2012/02/10 18:29:14 | 000,507,217 | ---- | C] () -- C:\Users\KathTristan\Desktop\img019.jpg
[2012/02/10 18:29:14 | 000,491,299 | ---- | C] () -- C:\Users\KathTristan\Desktop\img017.jpg
[2012/02/10 18:29:13 | 000,521,740 | ---- | C] () -- C:\Users\KathTristan\Desktop\img015.jpg
[2012/02/10 16:39:52 | 001,979,193 | ---- | C] () -- C:\Users\KathTristan\Desktop\img012.jpg
[2012/02/10 16:39:51 | 002,393,997 | ---- | C] () -- C:\Users\KathTristan\Desktop\img011.jpg
[2012/02/10 16:39:51 | 002,219,748 | ---- | C] () -- C:\Users\KathTristan\Desktop\img009.jpg
[2012/02/10 16:39:51 | 001,789,502 | ---- | C] () -- C:\Users\KathTristan\Desktop\img008.jpg
[2012/02/10 16:39:50 | 002,132,644 | ---- | C] () -- C:\Users\KathTristan\Desktop\img007.jpg
[2012/02/10 16:39:50 | 001,954,383 | ---- | C] () -- C:\Users\KathTristan\Desktop\img003.jpg
[2012/02/09 16:48:59 | 000,046,419 | ---- | C] () -- C:\Users\KathTristan\Desktop\paymentrequisition_tcm7-89169TristanReid.ods
[2012/02/09 16:41:42 | 000,040,327 | ---- | C] () -- C:\Users\KathTristan\Desktop\Your Booking Confirmation 6G6F6794.eml
[2012/02/09 16:41:25 | 000,125,448 | ---- | C] () -- C:\Users\KathTristan\Desktop\LateRooms.com Booking Confirmation - 17237469R.eml
[2012/02/09 16:33:34 | 000,046,182 | ---- | C] () -- C:\Users\KathTristan\Desktop\paymentrequisition_tcm7-89169.ods
[2012/02/09 12:28:48 | 000,019,719 | ---- | C] () -- C:\Users\KathTristan\Desktop\School-of-scalloped-hamme-007.jpg
[2012/02/08 18:14:41 | 000,180,830 | ---- | C] () -- C:\Users\KathTristan\Desktop\Erin Dress Measurements.zip
[2012/02/08 17:09:37 | 000,012,359 | ---- | C] () -- C:\Users\KathTristan\Desktop\Advertising Contacts.ods
[2012/01/24 21:06:56 | 000,001,456 | ---- | C] () -- C:\Users\KathTristan\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/10/17 13:25:35 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/10/17 13:25:34 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/10/17 13:25:33 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/10/17 13:25:33 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/10/17 13:25:32 | 013,356,032 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 981 bytes -> C:\Users\KathTristan\Desktop\Your Booking Confirmation 6G6F6794.eml:OECustomProperty
@Alternate Data Stream - 949 bytes -> C:\Users\KathTristan\Desktop\LateRooms.com Booking Confirmation - 17237469R.eml:OECustomProperty
@Alternate Data Stream - 705 bytes -> C:\Users\KathTristan\Desktop\Birecik.eml:OECustomProperty

< End of report >


----------



## binocularface (Feb 28, 2012)

eddie5659 said:


> Hi
> 
> There may be a few other remains of the other infection still, upon further analysis. Can you also run this in OTL:
> 
> ...


Many thanks Eddie; both logs attached.

Regards
B


----------



## binocularface (Feb 28, 2012)

Thanks Eddie



eddie5659 said:


> Also, can you run this with SystemLook:
> 
> 
> ```
> ...


Here is the log:

SystemLook 30.07.11 by jpshortstuff
Log created at 17:20 on 09/03/2012 by KathTristan
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\PCI]
(Unable to open key - key not found)

========== regfind ==========

Searching for "HKLM\SYSTEM\CurrentControlSet\Services\FLEXnet Licensing Manager"
No data found.

========== filefind ==========

Searching for "*tubelist.dat"
No files found.

Searching for "*update.dat"
No files found.

Searching for "*regsrv.exe"
No files found.

========== file ==========

tubelist.dat - Unable to find/read file.

update.dat - Unable to find/read file.

regsrv.exe - Unable to find/read file.

-= EOF =-


----------



## eddie5659 (Mar 19, 2001)

That's fantastic, thank you for posting all of this :up:

Good news, as you probably already know, is that its all gone now 

Is the computer running okay now? If it is, we'll remove the tools we've used, but I'll wait until you reply 

eddie


----------



## eddie5659 (Mar 19, 2001)

May have a couple of other things to do, as a clear up. 

Just creating a fix, and I'll be back either tonight or tomorrow


----------



## eddie5659 (Mar 19, 2001)

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open *notepad* and copy/paste the text in the quotebox below into it:



> RegNull::
> [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{11D741B8-DD31-4707-B06A-7A68E3D84884}*]
> [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{1A493EAC-93D3-4646-B911-4697A475FF4B}*]
> [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{20EF7B60-CE85-4048-A409-02CB203268EE}*]
> ...


Save this as *CFScript.txt*, in the same location as ComboFix.exe










Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.

eddie


----------



## binocularface (Feb 28, 2012)

Many thanks again Eddie; apologies for the late response, but I have been away.

Here is the requested log text:

ComboFix 12-03-15.02 - KathTristan 15/03/2012 10:23:29.8.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6088.4588 [GMT 0:00]
Running from: c:\users\KathTristan\Desktop\Birding.exe
Command switches used :: c:\users\KathTristan\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-15 to 2012-03-15 )))))))))))))))))))))))))))))))
.
.
2012-03-15 10:26 . 2012-03-15 10:26	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-03-14 08:19 . 2011-11-19 15:20	5559152	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-14 08:19 . 2011-11-19 14:50	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 08:19 . 2011-11-19 14:50	3913584	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 06:33 . 2012-02-10 06:36	1544192	----a-w-	c:\windows\system32\DWrite.dll
2012-03-14 06:33 . 2012-02-10 05:38	1077248	----a-w-	c:\windows\SysWow64\DWrite.dll
2012-03-14 06:33 . 2012-02-03 04:34	3145728	----a-w-	c:\windows\system32\win32k.sys
2012-03-14 06:33 . 2012-01-25 06:38	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-03-14 06:33 . 2012-01-25 06:38	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-03-14 06:33 . 2012-01-25 06:33	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-03-14 06:33 . 2012-02-17 06:38	1031680	----a-w-	c:\windows\system32\rdpcore.dll
2012-03-14 06:33 . 2012-02-17 05:34	826880	----a-w-	c:\windows\SysWow64\rdpcore.dll
2012-03-14 06:33 . 2012-02-17 04:58	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-14 06:33 . 2012-02-17 04:57	23552	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-03-09 16:12 . 2012-03-09 16:12	--------	d-----w-	c:\users\KathTristan\AppData\Local\ElevatedDiagnostics
2012-03-09 13:32 . 2012-03-09 13:33	--------	d-----w-	c:\programdata\VirtualizedApplications
2012-03-09 10:54 . 2012-03-09 10:54	--------	d-----r-	C:\MSOCache
2012-03-09 10:48 . 2012-03-14 14:46	--------	d-----w-	c:\users\KathTristan\AppData\Roaming\SoftGrid Client
2012-03-09 10:48 . 2012-03-09 10:48	--------	d-----w-	c:\users\KathTristan\AppData\Local\SoftGrid Client
2012-03-09 10:47 . 2012-03-10 11:52	--------	d-----w-	c:\program files (x86)\Microsoft Application Virtualization Client
2012-03-09 10:47 . 2012-03-09 10:48	--------	d-----w-	c:\users\KathTristan\AppData\Roaming\TP
2012-03-08 10:16 . 2012-03-08 10:17	--------	d-----w-	c:\program files (x86)\Google
2012-03-08 09:26 . 2012-03-08 09:26	--------	d-----w-	c:\program files (x86)\ERUNT
2012-03-05 20:05 . 2012-03-05 20:05	--------	d-----w-	C:\_OTL
2012-02-29 22:36 . 2012-02-29 22:36	--------	d-----w-	c:\users\KathTristan\AppData\Roaming\SUPERAntiSpyware.com
2012-02-29 22:36 . 2012-02-29 22:43	--------	d-----w-	c:\program files\SUPERAntiSpyware
2012-02-29 22:36 . 2012-02-29 22:36	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2012-02-29 22:33 . 2012-02-29 22:33	--------	d-----w-	c:\users\KathTristan\AppData\Roaming\Malwarebytes
2012-02-29 22:33 . 2012-02-29 22:33	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-29 22:33 . 2012-02-29 22:33	--------	d-----w-	c:\programdata\Malwarebytes
2012-02-29 22:33 . 2011-12-10 15:24	23152	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-02-28 11:23 . 2012-02-28 11:35	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2012-02-28 11:23 . 2012-02-28 11:26	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy
2012-02-28 10:27 . 2012-02-28 10:27	388096	----a-r-	c:\users\KathTristan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-28 10:27 . 2012-02-28 10:27	--------	d-----w-	c:\program files (x86)\Trend Micro
2012-02-26 23:01 . 2012-02-26 23:01	--------	d-----w-	c:\users\KathTristan\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-02-25 15:11 . 2012-02-25 15:11	--------	d-----w-	c:\windows\Sun
2012-02-19 18:33 . 2012-02-19 18:33	384	----a-w-	c:\windows\SysWow64\checkOS.bat
2012-02-19 09:49 . 2012-03-12 18:36	--------	d-----w-	c:\users\KathTristan\AppData\Local\CrashDumps
2012-02-19 09:48 . 2012-02-19 09:48	--------	d-----w-	c:\users\KathTristan\AppData\Roaming\SongManager
2012-02-19 09:45 . 2012-02-19 09:48	--------	d-----w-	c:\program files (x86)\VstPlugins
2012-02-19 09:45 . 2006-06-20 08:56	225280	----a-w-	c:\windows\SysWow64\rewire.dll
2012-02-19 09:45 . 2009-09-15 09:14	1554944	----a-w-	c:\windows\SysWow64\vorbis.acm
2012-02-19 09:43 . 2012-02-19 09:43	--------	d-----w-	c:\users\KathTristan\AppData\Roaming\MMFApplications
2012-02-19 07:51 . 2012-01-04 10:44	509952	----a-w-	c:\windows\system32\ntshrui.dll
2012-02-19 07:51 . 2012-01-04 08:58	442880	----a-w-	c:\windows\SysWow64\ntshrui.dll
2012-02-19 07:51 . 2011-12-30 06:26	515584	----a-w-	c:\windows\system32\timedate.cpl
2012-02-19 07:51 . 2011-12-30 05:27	478720	----a-w-	c:\windows\SysWow64\timedate.cpl
2012-02-19 07:51 . 2011-12-28 03:59	498688	----a-w-	c:\windows\system32\drivers\afd.sys
2012-02-19 07:51 . 2011-12-16 08:46	634880	----a-w-	c:\windows\system32\msvcrt.dll
2012-02-19 07:51 . 2011-12-16 07:52	690688	----a-w-	c:\windows\SysWow64\msvcrt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-23 19:28 . 2012-01-23 19:24	174200	----a-w-	c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-01-23 19:26 . 2011-03-29 01:36	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((( [email protected]_13.21.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-17 06:55 . 2012-03-08 09:57	32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-02-17 06:55 . 2012-03-06 13:21	32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2009-07-14 00:21 . 2009-07-14 01:41	88064 c:\windows\system32\WpdMtpUS.dll
+ 2010-11-21 03:09 . 2012-03-13 18:43	40712 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-15 09:14	34868 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:30 . 2012-01-30 12:05	86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-03-13 16:43	86016 c:\windows\system32\DriverStore\infpub.dat
+ 2010-11-21 03:23 . 2010-11-21 03:23	41984 c:\windows\system32\drivers\winusb.sys
+ 2011-10-01 08:30 . 2011-10-01 08:30	22376 c:\windows\system32\drivers\Sftvollh.sys
+ 2011-10-01 08:30 . 2011-10-01 08:30	25960 c:\windows\system32\drivers\Sftredirlh.sys
+ 2009-07-14 04:46 . 2012-03-14 16:21	93232 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-11-21 23:57 . 2011-11-21 23:57	68880 c:\windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll
+ 2011-11-21 22:31 . 2011-11-21 22:31	57616 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-02-19 22:45 . 2012-02-19 22:45	94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-02-19 22:45 . 2012-02-19 22:45	78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-02-19 22:45 . 2012-02-19 22:45	81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-01-24 17:16 . 2011-01-24 17:16	14336 c:\windows\Installer\c2e37.msp
+ 2012-03-08 10:16 . 2012-03-08 10:16	25600 c:\windows\Installer\609b5.msi
+ 2012-03-10 11:52 . 2012-03-10 11:52	89952 c:\windows\Installer\{90140000-006D-0409-1000-0000000FF1CE}\cvhicon.exe
+ 2012-03-08 10:17 . 2012-03-08 10:17	65536 c:\windows\Installer\{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2012-03-08 10:17 . 2012-03-08 10:17	65536 c:\windows\Installer\{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2012-03-08 10:17 . 2012-03-08 10:17	65536 c:\windows\Installer\{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2012-03-08 10:17 . 2012-03-08 10:17	65536 c:\windows\Installer\{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2012-03-08 10:17 . 2012-03-08 10:17	65536 c:\windows\Installer\{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2012-03-08 10:17 . 2012-03-08 10:17	65536 c:\windows\Installer\{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2012-03-08 10:17 . 2012-03-08 10:17	65536 c:\windows\Installer\{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}\ARPPRODUCTICON.exe
+ 2012-03-10 08:28 . 2012-03-10 08:28	10240 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Serializ#\f137c53afae3903f20eba1fa0f8f8dad\System.Xml.Serialization.ni.dll
+ 2012-03-10 08:28 . 2012-03-10 08:28	43520 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Pres#\ef151d5b49d8b0d0052d05fc56d25107\System.Windows.Presentation.ni.dll
+ 2012-03-10 08:28 . 2012-03-10 08:28	86016 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Applicat#\c5b08a1a9a7a97922af50f30b5e32268\System.Web.ApplicationServices.ni.dll
+ 2012-03-10 08:26 . 2012-03-10 08:26	97792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn.Contra#\5b53a87f7799ee5454e4fb8faece3a82\System.AddIn.Contract.ni.dll
+ 2012-03-10 08:25 . 2012-03-10 08:25	14336 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualC\a4e98103e5d36bf22ef19c64442543f2\Microsoft.VisualC.ni.dll
+ 2012-03-10 08:24 . 2012-03-10 08:24	10752 c:\windows\assembly\NativeImages_v4.0.30319_64\dfsvc\cbd21f19057f07ec2cb55b2bef91f344\dfsvc.ni.exe
+ 2012-03-10 08:24 . 2012-03-10 08:24	58368 c:\windows\assembly\NativeImages_v4.0.30319_64\Accessibility\52890eb2a4f8d822bff7e9cddc713fb5\Accessibility.ni.dll
+ 2012-03-10 08:09 . 2012-03-10 08:09	96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\9a3f2f7233160bfcb2fd278d05da630c\UIAutomationProvider.ni.dll
+ 2012-03-10 08:28 . 2012-03-10 08:28	35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\931e299528cf8cb4c1b7321e5be5fb1e\System.Windows.Presentation.ni.dll
+ 2012-03-10 08:10 . 2012-03-10 08:10	71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\89383b658e1538a95c9004e5b30fff39\System.Web.ApplicationServices.ni.dll
+ 2012-03-10 08:10 . 2012-03-10 08:10	82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\5173df5175ccade890b8e0117297fdae\System.ServiceModel.Channels.ni.dll
+ 2012-03-10 08:09 . 2012-03-10 08:09	78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\541d664486e505282e6805462b288507\System.AddIn.Contract.ni.dll
+ 2012-03-10 08:09 . 2012-03-10 08:09	11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\bf2bfecb57a7987d05968d7494512ce8\Microsoft.VisualC.ni.dll
+ 2012-03-10 08:08 . 2012-03-10 08:08	44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\cbc5e9834f47c0aaa4808764ac2afd11\Accessibility.ni.dll
+ 2012-02-06 22:53 . 2012-03-09 16:41	3072 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-02-06 22:53 . 2012-03-06 08:14	3072 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-01-24 03:11 . 2012-03-15 09:14	8912 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2697856359-3395195805-1778775960-1001_UserData.bin
+ 2012-03-15 10:27 . 2012-03-15 10:27	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-06 13:20 . 2012-03-06 13:20	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-15 10:27 . 2012-03-15 10:27	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-06 13:20 . 2012-03-06 13:20	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-10 08:28 . 2012-03-10 08:28	9216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Serializ#\1d9f36e98e17e1f594b25f42269801ac\System.Xml.Serialization.ni.dll
+ 2012-03-10 08:08 . 2012-03-10 08:08	9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\ae8a2abe6e9b5931480460c20967b216\dfsvc.ni.exe
+ 2012-03-07 20:59 . 2012-03-08 10:01	308912 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\MMFApplications\msdc1.dll
+ 2012-02-21 17:32 . 2012-03-08 09:51	262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-02-21 17:32 . 2012-03-06 13:20	262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:54 . 2012-03-06 13:20	147456 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-14 16:14	147456 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-06 13:20	131072 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-14 16:14	131072 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 00:21 . 2009-07-14 01:41	297984 c:\windows\system32\WpdMtp.dll
+ 2012-01-23 22:16 . 2012-03-15 10:13	221420 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 02:36 . 2012-03-12 13:08	628468 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-12 13:08	110394 c:\windows\system32\perfc009.dat
- 2009-07-14 05:30 . 2012-01-30 12:05	143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-03-13 16:43	143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2011-10-01 08:30 . 2011-10-01 08:30	268648 c:\windows\system32\drivers\Sftplaylh.sys
+ 2011-10-01 08:30 . 2011-10-01 08:30	764264 c:\windows\system32\drivers\Sftfslh.sys
+ 2009-07-14 05:01 . 2012-03-15 10:26	360280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-03-06 13:14	360280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-01-26 23:20 . 2012-03-12 14:21	361048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-19-16384.dat
- 2012-01-26 23:20 . 2012-02-24 14:56	361048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-19-16384.dat
+ 2011-11-21 23:57 . 2011-11-21 23:57	598784 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SOS.dll
+ 2011-11-21 22:31 . 2011-11-21 22:31	518400 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
+ 2011-11-21 22:31 . 2011-11-21 22:31	957200 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-02-19 22:45 . 2012-02-19 22:45	269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-02-19 22:45 . 2012-02-19 22:45	334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-02-19 22:45 . 2012-02-19 22:45	109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-02-19 22:45 . 2012-02-19 22:45	246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-02-19 22:45 . 2012-02-19 22:45	170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2010-02-28 02:33 . 2010-02-28 02:33	821664 c:\windows\Installer\$PatchCache$\Managed\00004109D60090400100000000F01FEC\14.0.4763\CVHSVC.EXE
+ 2010-02-28 02:33 . 2010-02-28 02:33	379808 c:\windows\Installer\$PatchCache$\Managed\00004109D60090400100000000F01FEC\14.0.4763\CVHBS.EXE
+ 2012-03-08 09:26 . 2005-10-20 12:02	163328 c:\windows\ERDNT\08-03-2012\ERDNT.EXE
+ 2012-03-10 08:28 . 2012-03-10 08:28	336896 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\d05858dd730eef93a5e4a3cc88dd4ec3\WindowsFormsIntegration.ni.dll
+ 2012-03-10 08:26 . 2012-03-10 08:26	231424 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationTypes\b2a2a1fb4e1313088250b334b3af2a15\UIAutomationTypes.ni.dll
+ 2012-03-10 08:26 . 2012-03-10 08:26	122368 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationProvider\89414bab411eb27c7c181df81b4d36a5\UIAutomationProvider.ni.dll
+ 2012-03-10 08:28 . 2012-03-10 08:28	645120 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClient\cd55f47d44c3695862bc047b8e86fcd3\UIAutomationClient.ni.dll
+ 2012-03-10 08:25 . 2012-03-10 08:25	528896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Linq\910d557d55f4fc7bb51ace0546bd3c50\System.Xml.Linq.ni.dll
+ 2012-03-10 08:26 . 2012-03-10 08:26	256000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Inpu#\dcb9e1eaa1491094f79c3288b8c78830\System.Windows.Input.Manipulations.ni.dll
+ 2012-03-10 08:26 . 2012-03-10 08:26	903168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Transactions\922f3f17f5112441e77f9d3d56d5b753\System.Transactions.ni.dll
+ 2012-03-10 08:28 . 2012-03-10 08:28	281088 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\73874670b92afbde73b23e8a1200eede\System.ServiceProcess.ni.dll
+ 2012-03-10 08:28 . 2012-03-10 08:28	517120 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\909c8d76773648809478644ac50a21eb\System.ServiceModel.Routing.ni.dll
+ 2012-03-10 08:28 . 2012-03-10 08:28	108032 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\26db69101f5bcf148fd962f00c0e78dd\System.ServiceModel.Channels.ni.dll
+ 2012-03-10 08:24 . 2012-03-10 08:24	946688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Security\878946615037b9d5f09916c598420dc1\System.Security.ni.dll
+ 2012-03-10 08:26 . 2012-03-10 08:26	376832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\73cc698ccc98e37f53cdbff3687a921c\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-03-10 08:26 . 2012-03-10 08:26	987648 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Remo#\b73b4f0282ef46505b3e59702ded433b\System.Runtime.Remoting.ni.dll
+ 2012-03-10 08:24 . 2012-03-10 08:24	176640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\8064e773b9addf027658899e27e94c7b\System.Numerics.ni.dll
+ 2012-03-10 08:27 . 2012-03-10 08:27	933376 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Net\a46d5472536da900435885b28a19eda8\System.Net.ni.dll
+ 2012-03-10 08:27 . 2012-03-10 08:27	781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\ae0089b9135614de304ebe288fa6fca8\System.Messaging.ni.dll
+ 2012-03-10 08:27 . 2012-03-10 08:27	521728 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management.I#\3ad050d3f47352421e05b7707ddd3524\System.Management.Instrumentation.ni.dll
+ 2012-03-10 08:27 . 2012-03-10 08:27	531456 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IO.Log\87efa405cd384d2c47380467fcd7ea86\System.IO.Log.ni.dll
+ 2012-03-10 08:27 . 2012-03-10 08:27	290816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityMode#\50ccc897ad714e66f750ca1e51e0ffde\System.IdentityModel.Selectors.ni.dll
+ 2012-03-10 08:26 . 2012-03-10 08:26	348672 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\7b06b84cb3b99a3ab22adb2a3f6376e6\System.EnterpriseServices.Wrapper.dll
+ 2012-03-10 08:24 . 2012-03-10 08:24	512000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Dynamic\cbc3e5d028dd347a294096f068a053d4\System.Dynamic.ni.dll
+ 2012-03-10 08:27 . 2012-03-10 08:27	632832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\1ae0a8a9eb92ccaf900f5911740b2c3c\System.DirectoryServices.Protocols.ni.dll
+ 2012-03-10 08:27 . 2012-03-10 08:27	141824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Device\9edded64312f5cbae54a093eca246aaa\System.Device.ni.dll
+ 2012-03-10 08:26 . 2012-03-10 08:26	176128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.DataSet#\db296a100034c7dee5f80219f0542df7\System.Data.DataSetExtensions.ni.dll
+ 2012-03-10 08:26 . 2012-03-10 08:26	181760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\0f771cbf8b32ae1618f4cd4266337b3c\System.Configuration.Install.ni.dll
+ 2012-03-10 08:26 . 2012-03-10 08:26	255488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\501ad39b1ef6f43e8dc92a4efa7c35ea\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-03-10 08:26 . 2012-03-10 08:26	865792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn\f8c6e4854178bb4d928c8aec1c04648d\System.AddIn.ni.dll
+ 2012-03-10 08:26 . 2012-03-10 08:26	560640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.D#\3503e3c2a87db97b720c0ed8a5d59f61\System.Activities.DurableInstancing.ni.dll
+ 2012-03-10 08:24 . 2012-03-10 08:24	432128 c:\windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\30cf4fc2c247cf490879f5436c63017c\SMSvcHost.ni.exe
+ 2012-03-10 08:26 . 2012-03-10 08:26	185344 c:\windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\b4f75962376771b6b6d39279d780abba\SMDiagnostics.ni.dll
+ 2012-03-10 08:25 . 2012-03-10 08:25	428032 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\eaca48940ac6976d39d5de4d5b42fed6\PresentationFramework.Royale.ni.dll
+ 2012-03-10 08:25 . 2012-03-10 08:25	802304 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\bdb41ce9ab6d561ddb8107255daaee30\PresentationFramework.Luna.ni.dll
+ 2012-03-10 08:25 . 2012-03-10 08:25	622592 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\78310f7eef84b5f9ca4bf32798bd77f9\PresentationFramework.Aero.ni.dll
+ 2012-03-10 08:25 . 2012-03-10 08:25	349184 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\64b86aebea22fd357f22384757caed3f\PresentationFramework.Classic.ni.dll
+ 2012-03-10 08:25 . 2012-03-10 08:25	289280 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\5a7e968020fcc15deaead9c8f27feeab\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-03-10 08:24 . 2012-03-10 08:24	600064 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\16bf3be602620d349b25e6c2d08199a3\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-03-10 08:24 . 2012-03-10 08:24	279552 c:\windows\assembly\NativeImages_v4.0.30319_64\CustomMarshalers\f6b9abf9cd43524102ad9be82b7136d0\CustomMarshalers.ni.dll
+ 2012-03-10 08:28 . 2012-03-10 08:28	253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\2e1468ce2858baafbab0482a638eb251\WindowsFormsIntegration.ni.dll
+ 2012-03-10 08:09 . 2012-03-10 08:09	196096 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\3229ca959686fc6c4e3ef5a9dd285cd4\UIAutomationTypes.ni.dll
+ 2012-03-10 08:28 . 2012-03-10 08:28	484352 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\fa5ac28e670cb4917e8f3f22c059724b\UIAutomationClient.ni.dll
+ 2012-03-10 08:09 . 2012-03-10 08:09	393216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\706f0cbe7c279c059b52ad8b4bd248d8\System.Xml.Linq.ni.dll
+ 2012-03-10 08:09 . 2012-03-10 08:09	189440 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\77cd8b170b07f428c98896e35eb556f3\System.Windows.Input.Manipulations.ni.dll
+ 2012-03-10 08:09 . 2012-03-10 08:09	649728 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\678637ab7a50a87b13c287992ef7fbd8\System.Transactions.ni.dll
+ 2012-03-10 08:10 . 2012-03-10 08:10	221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\9a1e3b04442d5c7ec79946335b412b8b\System.ServiceProcess.ni.dll
+ 2012-03-10 08:10 . 2012-03-10 08:10	369664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\4808a59d1eb0e6484162f9a4a2eda748\System.ServiceModel.Routing.ni.dll
+ 2012-03-09 23:16 . 2012-03-09 23:16	736768 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\68e9fba708d531093efed0d06fc255ae\System.Security.ni.dll
+ 2012-03-10 08:09 . 2012-03-10 08:09	311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8242a11970b6c106bc860a168fbf0d3c\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-03-10 08:09 . 2012-03-10 08:09	762880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\4017661cfa4a173b878d7e2a949c3a9e\System.Runtime.Remoting.ni.dll
+ 2012-03-09 23:16 . 2012-03-09 23:16	145408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\db65b5a04bb376ef4df08803ec27c12e\System.Numerics.ni.dll
+ 2012-03-10 08:10 . 2012-03-10 08:10	657408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\89e476c433069af1957535a158feac9a\System.Net.ni.dll
+ 2012-03-10 08:10 . 2012-03-10 08:10	626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\0a7f81c69a451afc1c29f406af951b4e\System.Messaging.ni.dll
+ 2012-03-10 08:10 . 2012-03-10 08:10	395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\04fec0e57becb283fbeddf031f2e201a\System.Management.Instrumentation.ni.dll
+ 2012-03-10 08:10 . 2012-03-10 08:10	413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\5495c14e5629c89453853fa2a6e6fd3a\System.IO.Log.ni.dll
+ 2012-03-10 08:10 . 2012-03-10 08:10	229888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\6886e37c6d37f6d2523fe10dd02ce983\System.IdentityModel.Selectors.ni.dll
+ 2012-03-10 08:09 . 2012-03-10 08:09	236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\dfa641de28b73dda041bf7f47972b5eb\System.EnterpriseServices.Wrapper.dll
+ 2012-03-10 08:09 . 2012-03-10 08:09	787456 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\dfa641de28b73dda041bf7f47972b5eb\System.EnterpriseServices.ni.dll
+ 2012-03-09 23:16 . 2012-03-09 23:16	377856 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\7612a70db260ea55fe72f57cee028092\System.Dynamic.ni.dll
+ 2012-03-10 08:10 . 2012-03-10 08:10	470528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\d754996afc55c4ad30377765fb1af5f7\System.DirectoryServices.Protocols.ni.dll
+ 2012-03-10 08:10 . 2012-03-10 08:10	913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\cf4a74f7bb940cfede8c0758026211a9\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-03-10 08:10 . 2012-03-10 08:10	112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\77372a2fb9e95c02b2d76efcbed718bd\System.Device.ni.dll
+ 2012-03-10 08:09 . 2012-03-10 08:09	134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\623ae2e1d7735e14f9adb9d830f29d29\System.Data.DataSetExtensions.ni.dll
+ 2012-03-09 23:16 . 2012-03-09 23:16	982528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\6757251401cd9c17d5e608db6e5f964a\System.Configuration.ni.dll
+ 2012-03-10 08:09 . 2012-03-10 08:09	148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\522ff751bd7c2d6560abd743c967eeef\System.Configuration.Install.ni.dll
+ 2012-03-10 08:09 . 2012-03-10 08:09	194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\90cc58de90e1d3cbb4a4c06600096331\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-03-09 23:16 . 2012-03-09 23:16	693760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\521d371ccd63aba119d74e1352fda6dc\System.ComponentModel.Composition.ni.dll
+ 2012-03-10 08:09 . 2012-03-10 08:09	617984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\4281a2e60037fa6e043569d2b70ed864\System.AddIn.ni.dll
+ 2012-03-10 08:09 . 2012-03-10 08:09	411136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\8e122e72de21cfbf2e41e6a338844415\System.Activities.DurableInstancing.ni.dll
+ 2012-03-10 08:08 . 2012-03-10 08:08	317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\abec8eb49acd9d3dad8066795b9d095d\SMSvcHost.ni.exe
+ 2012-03-10 08:09 . 2012-03-10 08:09	143360 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\4e6da16e44ef441e463e006185b1b5d8\SMDiagnostics.ni.dll
+ 2012-03-09 23:16 . 2012-03-09 23:16	309760 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\ec80c61fa0d532d78f0b50eec27a4a1f\PresentationFramework.Classic.ni.dll
+ 2012-03-09 23:16 . 2012-03-09 23:16	755712 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\ec69ab111679b2775127815726f87a7d\PresentationFramework.Luna.ni.dll
+ 2012-03-09 23:16 . 2012-03-09 23:16	387072 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e5cd234a62bbdaafdd21857a7cc3a28a\PresentationFramework.Royale.ni.dll
+ 2012-03-09 23:16 . 2012-03-09 23:16	595968 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1c5b741f270fccb3b527b4fc3a8431f3\PresentationFramework.Aero.ni.dll
+ 2012-03-10 08:09 . 2012-03-10 08:09	219136 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\60f7a1e06e2318791bd9888994572d4f\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-03-10 08:09 . 2012-03-10 08:09	418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\b25cf7ec03eb047aecbe2fcc842b3471\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-03-10 08:09 . 2012-03-10 08:09	194048 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\ed336359eb1b1312b935f4692e71474b\CustomMarshalers.ni.dll
+ 2011-10-01 08:30 . 2011-10-01 08:30	1122152 c:\windows\SysWOW64\sftldr_wow64.dll
- 2009-07-14 04:54 . 2012-03-06 13:20	1835008 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-14 16:14	1835008 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-10-01 08:30 . 2011-10-01 08:30	1765736 c:\windows\system32\sftldr.dll
- 2009-07-14 04:45 . 2012-02-20 07:19	4855840 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:45 . 2012-03-14 09:19	4855840 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 00:22 . 2009-07-14 01:41	1195008 c:\windows\system32\drivers\UMDF\WpdMtpDr.dll
- 2009-07-14 04:45 . 2012-02-20 07:22	7188300 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-03-14 09:22	7188300 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-01-23 19:54 . 2012-03-15 10:26	1041456 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2697856359-3395195805-1778775960-1001-8192.dat
- 2012-01-23 19:54 . 2012-03-06 13:14	1041456 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2697856359-3395195805-1778775960-1001-8192.dat
+ 2012-01-23 19:54 . 2012-03-14 14:46	1235532 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2697856359-3395195805-1778775960-1001-4096.dat
+ 2011-10-17 14:02 . 2012-03-08 10:05	1247724 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
- 2011-10-17 14:02 . 2012-03-06 13:14	1247724 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2011-11-21 22:31 . 2011-11-21 22:31	3512072 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.dll
+ 2011-11-21 23:57 . 2011-11-21 23:57	4970768 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorlib.dll
+ 2011-11-21 23:57 . 2011-11-21 23:57	1455376 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll
+ 2011-11-21 23:57 . 2011-11-21 23:57	1515792 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscordacwks.dll
+ 2011-11-21 23:57 . 2011-11-21 23:57	9793280 c:\windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
+ 2011-11-21 22:31 . 2011-11-21 22:31	3512072 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
+ 2011-11-21 22:31 . 2011-11-21 22:31	5201168 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
+ 2011-11-21 22:31 . 2011-11-21 22:31	1143568 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll
+ 2011-11-21 22:31 . 2011-11-21 22:31	6727424 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	4970768 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-02-19 22:46 . 2012-02-19 22:46	3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2012-02-19 22:45 . 2012-02-19 22:45	2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-02-19 22:45 . 2012-02-19 22:45	3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2012-02-19 22:45 . 2012-02-19 22:45	2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-02-04 00:39 . 2012-02-04 00:39	1328128 c:\windows\Installer\609bc.msi
+ 2010-02-28 02:33 . 2010-02-28 02:33	3207072 c:\windows\Installer\$PatchCache$\Managed\00004109D60090400100000000F01FEC\14.0.4763\CVH.EXE
+ 2010-02-28 02:33 . 2010-02-28 02:33	4817336 c:\windows\Installer\$PatchCache$\Managed\00004109D60090400100000000F01FEC\14.0.4763\CVH.DLL
+ 2012-03-08 09:26 . 2012-03-08 09:26	2445312 c:\windows\ERDNT\08-03-2012\Users\00000002\UsrClass.dat
+ 2012-03-08 09:26 . 2012-03-08 09:26	1925120 c:\windows\ERDNT\08-03-2012\Users\00000001\ntuser.dat
+ 2012-03-10 08:25 . 2012-03-10 08:25	5237248 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\02198c29552545c7d7e7a95ab39488e5\WindowsBase.ni.dll
+ 2012-03-10 08:28 . 2012-03-10 08:28	1430016 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClients#\d1d48cd30cd275b06fad70778798cae7\UIAutomationClientsideProviders.ni.dll
+ 2012-03-10 08:24 . 2012-03-10 08:24	7037952 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml\ecdcf3d1d7bc90546464d70a4bee843d\System.Xml.ni.dll
+ 2012-03-10 08:25 . 2012-03-10 08:25	2449408 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\3a9670f473f8f9291ca256d9a15fc281\System.Xaml.ni.dll
+ 2012-03-10 08:28 . 2012-03-10 08:28	5627904 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\455d5edfdc989057a8fea7bc88a02ef6\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-03-10 08:28 . 2012-03-10 08:28	2236416 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services\bd044dc068adc34e430faa820e5c5e44\System.Web.Services.ni.dll
+ 2012-03-10 08:28 . 2012-03-10 08:28	2735616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Speech\561e5a115d6d7ade93236df74d61af84\System.Speech.ni.dll
+ 2012-03-10 08:27 . 2012-03-10 08:27	1918976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\4606cac0ba2d406b4ddefca21a3db1eb\System.ServiceModel.Activities.ni.dll
+ 2012-03-10 08:28 . 2012-03-10 08:28	1579008 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\28b5d075cf252a24a6b007ff5941dce1\System.ServiceModel.Discovery.ni.dll
+ 2012-03-10 08:26 . 2012-03-10 08:26	3412992 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\1a361129f93a8190d8797b7c680baecc\System.Runtime.Serialization.ni.dll
+ 2012-03-10 08:26 . 2012-03-10 08:26	1348096 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Dura#\2c57eff357f1bc56d0367f04adcf6d76\System.Runtime.DurableInstancing.ni.dll
+ 2012-03-10 08:26 . 2012-03-10 08:26	1467392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\7668fa73a73410f2e00d341a8684e28a\System.Printing.ni.dll
+ 2012-03-10 08:27 . 2012-03-10 08:27	1470464 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management\2280764a011295483642b17fe5d2b1f7\System.Management.ni.dll
+ 2012-03-10 08:27 . 2012-03-10 08:27	1416192 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityModel\a77730a57cc54142f1ecbb1e85060e5f\System.IdentityModel.ni.dll
+ 2012-03-10 08:26 . 2012-03-10 08:26	1098752 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\7b06b84cb3b99a3ab22adb2a3f6376e6\System.EnterpriseServices.ni.dll
+ 2012-03-10 08:25 . 2012-03-10 08:25	2290176 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\5b5fe518d1a632afaae9f24dd18cee2f\System.Drawing.ni.dll
+ 2012-03-10 08:27 . 2012-03-10 08:27	1217024 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\60390cb3abc6f1d85a572c156d39fc02\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-03-10 08:26 . 2012-03-10 08:26	1622528 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\5eaf17b571cf9fb6f159a0c92d6244ab\System.DirectoryServices.ni.dll
+ 2012-03-10 08:26 . 2012-03-10 08:26	2402816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\0ce1b3a9a0192c2cdb16d848e78e6688\System.Deployment.ni.dll
+ 2012-03-10 08:26 . 2012-03-10 08:26	8601600 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data\ca4a0bde02b2eb73d2e9f22925719ecf\System.Data.ni.dll
+ 2012-03-10 08:24 . 2012-03-10 08:24	3390976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\657b967b5fd7819f273f5704197ce97e\System.Data.SqlXml.ni.dll
+ 2012-03-10 08:27 . 2012-03-10 08:27	1799168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\930a4b48234d358f2758f075be0684c5\System.Data.Services.Client.ni.dll
+ 2012-03-10 08:27 . 2012-03-10 08:27	3386880 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Linq\0ba3ab7e136a52fcba260ad7893ede32\System.Data.Linq.ni.dll
+ 2012-03-10 08:24 . 2012-03-10 08:24	1257472 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\c24ce44b45c0e0c0961a9755f192eb3a\System.Configuration.ni.dll
+ 2012-03-10 08:26 . 2012-03-10 08:26	1007616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\5a66bc1859e864d87b81e31438a5f07d\System.ComponentModel.Composition.ni.dll
+ 2012-03-10 08:26 . 2012-03-10 08:26	5695488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities\f25d1dde40ef0128d9e5163d142bd2e2\System.Activities.ni.dll
+ 2012-03-10 08:26 . 2012-03-10 08:26 5048832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\26671ab09e54e0ecfd23012e32cb6383\System.Activities.Presentation.ni.dll
+ 2012-03-10 08:26 . 2012-03-10 08:26	2064896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.C#\e9f6686e336507594e33cad6ed7814cd\System.Activities.Core.Presentation.ni.dll
+ 2012-03-10 08:26 . 2012-03-10 08:26	4233216 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\9c49a7b6fb133a307e3804ca7ba35d16\ReachFramework.ni.dll
+ 2012-03-10 08:25 . 2012-03-10 08:25	2056192 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\68d02e44d8b1f23c21a116119fbb65d0\PresentationUI.ni.dll
+ 2012-03-10 08:25 . 2012-03-10 08:25	1838080 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\b18f859bfbbe0897cade0aa931c22477\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-03-10 08:24 . 2012-03-10 08:24	2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\1903f5de0c7c33993c55319d4fc3062e\Microsoft.VisualBasic.ni.dll
+ 2012-03-10 08:24 . 2012-03-10 08:24	1623040 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\15b88fefd6d638f01856a68c14e2ab9b\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-03-10 08:24 . 2012-03-10 08:24	1526784 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\2d92f0cffe052f601c1bca1f52425fef\Microsoft.Transactions.Bridge.ni.dll
+ 2012-03-10 08:27 . 2012-03-10 08:27	3313664 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\0fbfc1087f7622c5b6b06f88fce1a45e\Microsoft.JScript.ni.dll
+ 2012-03-10 08:24 . 2012-03-10 08:24	2009600 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\83f53b455553f5ad67e756f6762dc3b4\Microsoft.CSharp.ni.dll
+ 2012-03-09 23:16 . 2012-03-09 23:16	3858432 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\c0c7b3ff43f1b29cad7dde24bdbd5b79\WindowsBase.ni.dll
+ 2012-03-10 08:28 . 2012-03-10 08:28	1063424 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\75c3f67e1911f5b2b7f0e2d7349d7d3f\UIAutomationClientsideProviders.ni.dll
+ 2012-03-09 23:16 . 2012-03-09 23:16	9091584 c:\windows\assembly\NativeImages_v4.0.30319_32\System\57e066d0b97757dbd26d59302c3d701a\System.ni.dll
+ 2012-03-09 23:16 . 2012-03-09 23:16	5617664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\68345d6b57fe33c9a94fe6a72ab5e85e\System.Xml.ni.dll
+ 2012-03-10 08:09 . 2012-03-10 08:09	1782272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b9942cb07813f553f6d6374dd4541362\System.Xaml.ni.dll
+ 2012-03-10 08:28 . 2012-03-10 08:28	4545024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\c2ed38a4852d1795a28630b943132a8f\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-03-10 08:10 . 2012-03-10 08:10	1885696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\ed3c3da0975b58d65c97de64ad12b67f\System.Web.Services.ni.dll
+ 2012-03-10 08:10 . 2012-03-10 08:10	2012160 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\ebf81a3c4b84173e4c261b53c36dc2c7\System.Speech.ni.dll
+ 2012-03-10 08:10 . 2012-03-10 08:10	1140736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\bd56724925a1ac99f75696295cbb078a\System.ServiceModel.Discovery.ni.dll
+ 2012-03-10 08:10 . 2012-03-10 08:10	1393152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\1a9500e548a617a7ff96d4260554e4d5\System.ServiceModel.Activities.ni.dll
+ 2012-03-10 08:09 . 2012-03-10 08:09	2647040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\ca261c617636f2ff269d6233b19f97b8\System.Runtime.Serialization.ni.dll
+ 2012-03-10 08:09 . 2012-03-10 08:09	1021952 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e4f2a7b1e685e937ccefac6ff0a36b27\System.Runtime.DurableInstancing.ni.dll
+ 2012-03-10 08:09 . 2012-03-10 08:09	1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\03109a409036c6e939bc9881f9e60b37\System.Printing.ni.dll
+ 2012-03-10 08:10 . 2012-03-10 08:10	1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\eef171dee81858018c3956485fff7ba7\System.Management.ni.dll
+ 2012-03-10 08:10 . 2012-03-10 08:10	1072640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\38f1dee7d3bebfb9bf83898f598ea4c2\System.IdentityModel.ni.dll
+ 2012-03-09 23:16 . 2012-03-09 23:16	1653248 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2c958d61dd28474ec780db9d18d266ae\System.Drawing.ni.dll
+ 2012-03-10 08:09 . 2012-03-10 08:09	1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\45e9729f55f25e4c70f7ea3cfc0a8087\System.DirectoryServices.ni.dll
+ 2012-03-10 08:09 . 2012-03-10 08:09	1879040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\d6ca9981841735085e10843bb7187573\System.Deployment.ni.dll
+ 2012-03-09 23:16 . 2012-03-09 23:16	6815232 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\b0df867e9242cf4d254ec8eb8da97332\System.Data.ni.dll
+ 2012-03-09 23:16 . 2012-03-09 23:16	2549760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\32fffd4b8760322bc2e35c2417676b7f\System.Data.SqlXml.ni.dll
+ 2012-03-10 08:10 . 2012-03-10 08:10	1344000 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\f4087e23c683a35e4628d9f829aaa41d\System.Data.Services.Client.ni.dll
+ 2012-03-09 23:16 . 2012-03-09 23:16	2517504 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\a791cec82d0c142b843025f25c8277f9\System.Data.Linq.ni.dll
+ 2012-03-09 23:16 . 2012-03-09 23:16	7069696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\b7409080f31b0a702281b68c37bac326\System.Core.ni.dll
+ 2012-03-10 08:09 . 2012-03-10 08:09	4129792 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\004bf96bf646e4f1126b919316be5c2f\System.Activities.ni.dll
+ 2012-03-10 08:09 . 2012-03-10 08:09	3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\2456337e1ae6411ec64b9d18042d5c13\System.Activities.Presentation.ni.dll
+ 2012-03-10 08:09 . 2012-03-10 08:09	1547264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\3206d2885d46ae9513c1489d7bc97b9c\System.Activities.Core.Presentation.ni.dll
+ 2012-03-10 08:09 . 2012-03-10 08:09	2906624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\ccc1a34a0a532480e00219ca5645ffeb\ReachFramework.ni.dll
+ 2012-03-10 08:09 . 2012-03-10 08:09	1640448 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\dee17bfe2a1b329bd8bb2199446dda83\PresentationUI.ni.dll
+ 2012-03-10 08:09 . 2012-03-10 08:09	1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\f1451a88d3bc4ab55d1cde85ceb4cd35\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-03-10 08:09 . 2012-03-10 08:09	1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\7a3431124b8ded91068710226c0a00d4\Microsoft.VisualBasic.ni.dll
+ 2012-03-10 08:09 . 2012-03-10 08:09	1136128 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\2d5ee2e8069119f2746f1e97811f4d6d\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-03-10 08:09 . 2012-03-10 08:09	1085952 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\ba7e3823b1a01f31e53be9b57b392035\Microsoft.Transactions.Bridge.ni.dll
+ 2012-03-10 08:10 . 2012-03-10 08:10	2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\ddba6895bf4a65312155228d9744c912\Microsoft.JScript.ni.dll
+ 2012-03-09 23:16 . 2012-03-09 23:16	1616384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\409a7c3f32302875f33d0910cc484bac\Microsoft.CSharp.ni.dll
- 2009-07-14 02:34 . 2012-02-20 07:19	10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-03-14 09:18	10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2012-01-12 02:01 . 2012-01-12 02:01	21030912 c:\windows\Installer\c2e61.msp
+ 2010-03-30 18:18 . 2010-03-30 18:18	33000960 c:\windows\Installer\16be25.msi
+ 2011-11-22 00:42 . 2011-11-22 00:42	33189888 c:\windows\Installer\1425d19.msp
+ 2012-03-09 23:16 . 2012-03-09 23:16	11880448 c:\windows\assembly\NativeImages_v4.0.30319_64\System\a9e29e892ad68ac0b88f0480746a0d0b\System.ni.dll
+ 2012-03-10 08:26 . 2012-03-10 08:26	17291264 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\f850dba642b0cc845d9a7d8ac300e243\System.Windows.Forms.ni.dll
+ 2012-03-10 08:27 . 2012-03-10 08:27	24551424 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel\bd433ada9b2565b666331b5b1276538a\System.ServiceModel.ni.dll
+ 2012-03-10 08:27 . 2012-03-10 08:27	18480128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity\9aca7097fc620da8481516b2d4e3fede\System.Data.Entity.ni.dll
+ 2012-03-10 08:24 . 2012-03-10 08:24	10440704 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Core\e91a0d844afdda429e0fbd9814f41134\System.Core.ni.dll
+ 2012-03-10 08:25 . 2012-03-10 08:25	24406528 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\8a4ac50c706da226242a99b871c9f981\PresentationFramework.ni.dll
+ 2012-03-10 08:25 . 2012-03-10 08:25	15907328 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\b0adff19c63ba3b4be1cae43567af15d\PresentationCore.ni.dll
+ 2012-03-09 23:15 . 2012-03-09 23:15	19355648 c:\windows\assembly\NativeImages_v4.0.30319_64\mscorlib\d9d8d4f8fc868d07be41d4ffb46d7364\mscorlib.ni.dll
+ 2012-03-09 23:16 . 2012-03-09 23:16	13138944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\33eae86e0a5d9bcc4d0e4e469e2ac36a\System.Windows.Forms.ni.dll
+ 2012-03-10 08:10 . 2012-03-10 08:10	18058752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a526845de91a382b6ea05b02eddc6f3e\System.ServiceModel.ni.dll
+ 2012-03-10 08:10 . 2012-03-10 08:10	13345792 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\32e0d99cfda10e64d7583bb65444cab3\System.Data.Entity.ni.dll
+ 2012-03-09 23:16 . 2012-03-09 23:16	18000384 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bd3685e578c22d17625390d847973de0\PresentationFramework.ni.dll
+ 2012-03-09 23:16 . 2012-03-09 23:16	11450880 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\008fbb2e42b3c2569ff58d651575ff29\PresentationCore.ni.dll
+ 2012-03-09 23:16 . 2012-03-09 23:16	14414336 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e5b31f3bb6508df0dc7c20ddc72f3191\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 5487488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-06-21 341360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-08-31 185640]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2011-08-11 627304]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe" [2011-10-17 247968]
.
c:\users\KathTristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-08 136176]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-06-21 173424]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-08 136176]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20120302.001\BHDrvx64.sys [2012-03-02 1157240]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20120315.002\IDSvia64.sys [2012-03-06 488568]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-30 36456]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe [2011-04-17 130008]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-15 c:\windows\Tasks\Acer Registration - Reminder Recall task.job
- c:\program files (x86)\Acer\Registration\GREG.exe [2011-05-11 11:30]
.
2012-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-08 10:16]
.
2012-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-08 10:16]
.
2012-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2697856359-3395195805-1778775960-1001Core.job
- c:\users\KathTristan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-23 19:27]
.
2012-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2697856359-3395195805-1778775960-1001UA.job
- c:\users\KathTristan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-23 19:27]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-14 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-14 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-14 416024]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-11 11580520]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"EKAIO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe" [2011-12-11 3240448]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://acer.msn.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:08,cf,9d,66,32,f1,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
c:\program files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-03-15 10:30:42 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-15 10:30
ComboFix2.txt 2012-03-08 10:09
ComboFix3.txt 2012-03-06 13:24
.
Pre-Run: 392,148,922,368 bytes free
Post-Run: 391,832,526,848 bytes free
.
- - End Of File - - 2B74AEDB614866941838498F05193499


----------



## eddie5659 (Mar 19, 2001)

Its okay, I understand that we all have lives out there 

Okay, you have what appears to be the remains of a Mcafee uninstallation, so can you run this tool to clean up the remains:

http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe

Also, we still have another CFScript to run, as removing the other entries has allowed some others to surface, as there is a limit on how many are shown at one time 

So, can you delete the copy of CFScript you have, and create a new CFScript as before with this one:


```
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
```
And post the log it creates 

---

Then, lets have a look at the Event logs.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.


Please download the Event Viewer Tool by Vino Rosso:

http://images.malwareremoval.com/vino/VEW.exe

and save it to your Desktop.

 Right-click *VEW.exe* and Run AS Administrator

 Under *Select log to query*, select:

*System*

 Under *Select type to list*, select:

** Error
* Warning*

Then use the *Number of events* as follows:

 Click the radio button for *Number of events*

Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

eddie


----------



## binocularface (Feb 28, 2012)

Thanks again Eddie 



eddie5659 said:


> Okay, you have what appears to be the remains of a Mcafee uninstallation, so can you run this tool to clean up the remains:
> 
> http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe


Done 



eddie5659 said:


> Also, we still have another CFScript to run, as removing the other entries has allowed some others to surface, as there is a limit on how many are shown at one time
> 
> So, can you delete the copy of CFScript you have, and create a new CFScript as before with this one: And post the log it creates


ComboFix 12-03-15.02 - KathTristan 16/03/2012 9:52.9.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6088.4330 [GMT 0:00]
Running from: c:\users\KathTristan\Desktop\Birding.exe
Command switches used :: c:\users\KathTristan\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-02-16 to 2012-03-16 )))))))))))))))))))))))))))))))
.
.
2012-03-16 09:56 . 2012-03-16 09:56	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-03-15 19:01 . 2012-03-15 19:01	--------	d-----w-	C:\found.000
2012-03-14 08:19 . 2011-11-19 15:20	5559152	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-14 08:19 . 2011-11-19 14:50	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 08:19 . 2011-11-19 14:50	3913584	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 06:33 . 2012-02-10 06:36	1544192	----a-w-	c:\windows\system32\DWrite.dll
2012-03-14 06:33 . 2012-02-10 05:38	1077248	----a-w-	c:\windows\SysWow64\DWrite.dll
2012-03-14 06:33 . 2012-02-03 04:34	3145728	----a-w-	c:\windows\system32\win32k.sys
2012-03-14 06:33 . 2012-01-25 06:38	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-03-14 06:33 . 2012-01-25 06:38	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-03-14 06:33 . 2012-01-25 06:33	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-03-14 06:33 . 2012-02-17 06:38	1031680	----a-w-	c:\windows\system32\rdpcore.dll
2012-03-14 06:33 . 2012-02-17 05:34	826880	----a-w-	c:\windows\SysWow64\rdpcore.dll
2012-03-14 06:33 . 2012-02-17 04:58	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-14 06:33 . 2012-02-17 04:57	23552	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-03-09 16:12 . 2012-03-09 16:12	--------	d-----w-	c:\users\KathTristan\AppData\Local\ElevatedDiagnostics
2012-03-09 13:32 . 2012-03-09 13:33	--------	d-----w-	c:\programdata\VirtualizedApplications
2012-03-09 10:54 . 2012-03-09 10:54	--------	d-----r-	C:\MSOCache
2012-03-09 10:48 . 2012-03-15 11:31	--------	d-----w-	c:\users\KathTristan\AppData\Roaming\SoftGrid Client
2012-03-09 10:48 . 2012-03-09 10:48	--------	d-----w-	c:\users\KathTristan\AppData\Local\SoftGrid Client
2012-03-09 10:47 . 2012-03-10 11:52	--------	d-----w-	c:\program files (x86)\Microsoft Application Virtualization Client
2012-03-09 10:47 . 2012-03-09 10:48	--------	d-----w-	c:\users\KathTristan\AppData\Roaming\TP
2012-03-08 10:16 . 2012-03-08 10:17	--------	d-----w-	c:\program files (x86)\Google
2012-03-08 09:26 . 2012-03-08 09:26	--------	d-----w-	c:\program files (x86)\ERUNT
2012-03-05 20:05 . 2012-03-05 20:05	--------	d-----w-	C:\_OTL
2012-02-29 22:36 . 2012-02-29 22:36	--------	d-----w-	c:\users\KathTristan\AppData\Roaming\SUPERAntiSpyware.com
2012-02-29 22:36 . 2012-02-29 22:43	--------	d-----w-	c:\program files\SUPERAntiSpyware
2012-02-29 22:36 . 2012-02-29 22:36	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2012-02-29 22:33 . 2012-02-29 22:33	--------	d-----w-	c:\users\KathTristan\AppData\Roaming\Malwarebytes
2012-02-29 22:33 . 2012-02-29 22:33	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-29 22:33 . 2012-02-29 22:33	--------	d-----w-	c:\programdata\Malwarebytes
2012-02-29 22:33 . 2011-12-10 15:24	23152	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-02-28 11:23 . 2012-02-28 11:35	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2012-02-28 11:23 . 2012-02-28 11:26	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy
2012-02-28 10:27 . 2012-02-28 10:27	388096	----a-r-	c:\users\KathTristan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-28 10:27 . 2012-02-28 10:27	--------	d-----w-	c:\program files (x86)\Trend Micro
2012-02-26 23:01 . 2012-02-26 23:01	--------	d-----w-	c:\users\KathTristan\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-02-25 15:11 . 2012-02-25 15:11	--------	d-----w-	c:\windows\Sun
2012-02-19 18:33 . 2012-02-19 18:33	384	----a-w-	c:\windows\SysWow64\checkOS.bat
2012-02-19 09:49 . 2012-03-12 18:36	--------	d-----w-	c:\users\KathTristan\AppData\Local\CrashDumps
2012-02-19 09:48 . 2012-02-19 09:48	--------	d-----w-	c:\users\KathTristan\AppData\Roaming\SongManager
2012-02-19 09:45 . 2012-02-19 09:48	--------	d-----w-	c:\program files (x86)\VstPlugins
2012-02-19 09:45 . 2006-06-20 08:56	225280	----a-w-	c:\windows\SysWow64\rewire.dll
2012-02-19 09:45 . 2009-09-15 09:14	1554944	----a-w-	c:\windows\SysWow64\vorbis.acm
2012-02-19 09:43 . 2012-02-19 09:43	--------	d-----w-	c:\users\KathTristan\AppData\Roaming\MMFApplications
2012-02-19 07:51 . 2012-01-04 10:44	509952	----a-w-	c:\windows\system32\ntshrui.dll
2012-02-19 07:51 . 2012-01-04 08:58	442880	----a-w-	c:\windows\SysWow64\ntshrui.dll
2012-02-19 07:51 . 2011-12-30 06:26	515584	----a-w-	c:\windows\system32\timedate.cpl
2012-02-19 07:51 . 2011-12-30 05:27	478720	----a-w-	c:\windows\SysWow64\timedate.cpl
2012-02-19 07:51 . 2011-12-28 03:59	498688	----a-w-	c:\windows\system32\drivers\afd.sys
2012-02-19 07:51 . 2011-12-16 08:46	634880	----a-w-	c:\windows\system32\msvcrt.dll
2012-02-19 07:51 . 2011-12-16 07:52	690688	----a-w-	c:\windows\SysWow64\msvcrt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-23 19:28 . 2012-01-23 19:24	174200	----a-w-	c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-01-23 19:26 . 2011-03-29 01:36	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-03-15_10.27.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-03-15 10:36	40958 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-03-15 09:14	34868 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-16 09:49	34868 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-01-24 03:11 . 2012-03-16 09:49	9160 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2697856359-3395195805-1778775960-1001_UserData.bin
+ 2012-03-16 09:57 . 2012-03-16 09:57	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-15 10:27 . 2012-03-15 10:27	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-16 09:46 . 2012-03-16 09:46	262144 c:\windows\SysWOW64\config\TxR\NTUSER.DAT
+ 2012-03-16 09:46 . 2012-03-16 09:46	262144 c:\windows\SysWOW64\config\RegBack\NTUSER.DAT
+ 2012-03-16 09:46 . 2012-03-16 09:46	262144 c:\windows\SysWOW64\config\Journal\NTUSER.DAT
+ 2012-01-23 22:16 . 2012-03-16 09:32	222526 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2012-03-12 13:08	628468 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-15 21:02	628468 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-03-12 13:08	110394 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-03-15 21:02	110394 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-03-16 09:56	360280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-03-15 10:26	360280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-01-23 19:54 . 2012-03-16 09:56	1041456 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2697856359-3395195805-1778775960-1001-8192.dat
- 2012-01-23 19:54 . 2012-03-15 10:26	1041456 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2697856359-3395195805-1778775960-1001-8192.dat
- 2012-01-23 19:54 . 2012-03-14 14:46	1235532 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2697856359-3395195805-1778775960-1001-4096.dat
+ 2012-01-23 19:54 . 2012-03-15 11:31	1235532 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2697856359-3395195805-1778775960-1001-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 5487488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-06-21 341360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-08-31 185640]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2011-08-11 627304]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe" [2011-10-17 247968]
.
c:\users\KathTristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-08 136176]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-06-21 173424]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-08 136176]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20120302.001\BHDrvx64.sys [2012-03-02 1157240]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20120315.002\IDSvia64.sys [2012-03-06 488568]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-30 36456]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe [2011-04-17 130008]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-18 138360]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-16 c:\windows\Tasks\Acer Registration - Reminder Recall task.job
- c:\program files (x86)\Acer\Registration\GREG.exe [2011-05-11 11:30]
.
2012-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-08 10:16]
.
2012-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-08 10:16]
.
2012-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2697856359-3395195805-1778775960-1001Core.job
- c:\users\KathTristan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-23 19:27]
.
2012-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2697856359-3395195805-1778775960-1001UA.job
- c:\users\KathTristan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-23 19:27]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-14 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-14 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-14 416024]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-11 11580520]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"EKAIO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe" [2011-12-11 3240448]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://acer.msn.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:08,cf,9d,66,32,f1,cc,01
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
c:\program files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-03-16 10:00:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-16 10:00
ComboFix2.txt 2012-03-15 10:30
ComboFix3.txt 2012-03-08 10:09
ComboFix4.txt 2012-03-06 13:24
.
Pre-Run: 392,217,964,544 bytes free
Post-Run: 391,784,697,856 bytes free
.
- - End Of File - - 5C386C0FF50BCEAE01507337595307D9



eddie5659 said:


> Then, lets have a look at the Event logs.
> 
> Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.
> 
> Reboot.


Done 






eddie5659 said:


> [*]Please download the Event Viewer Tool by Vino Rosso:
> 
> http://images.malwareremoval.com/vino/VEW.exe
> 
> ...


Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 16/03/2012 10:24:23

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 16/03/2012 10:19:45
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.


----------



## eddie5659 (Mar 19, 2001)

Okay, that's all looking good, is the computer still working okay?

If so, we'll remove the tools we've used, but I'll wait until you reply 

eddie


----------



## binocularface (Feb 28, 2012)

eddie5659 said:


> Okay, that's all looking good, is the computer still working okay?
> 
> If so, we'll remove the tools we've used, but I'll wait until you reply
> 
> eddie


Many thanks again Eddie. My computer still seems to be running okay


----------



## eddie5659 (Mar 19, 2001)

Excellent :up:

*You can mark this thread Solved at the top of this page, if its all running okay *

*Any questions about the following, just ask  *

We have a couple of last steps to perform and then you're all set.

Firstly, lets uninstall the tools we've used:

*Follow these steps to uninstall Combofix and tools used in the removal of malware*

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

*ComboFix /Uninstall *

Then, run this:


Download *OTC* to your desktop and run it 
Click Yes to beginning the Cleanup process and remove these components, including this application. 
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes. 

======================
Uninstall *SUPERAntiSpyware* from AddRemove Programs.

Also, remove the following from the Desktop, if still there after doing the above:

*
TDSSKiller
aswMBR
SystemLook 
VEW.exe
*

*Create Restore Point (Win7)*


Select *Start* > *Control Panel* then double-click on the *System* icon in the Control Panel.
In the left-hand pane click on the *System Protection* option.
When the Dialog comes up, click on the System Protection tab.
Check that the drive letter where Windows is located (usually C indicates System protection *ON*.
(This indicates System restore is turned ON for the Windows drive).
Click on the *Create* button to create a new restore point. In the Name dialog, type a descriptive name and then click on the *Create* button.
You will get a message that the Restore Point was created successfully. Click on the *Close* button.
Click on the *OK* button and close the System window in the Control Panel.

*Making Internet Explorer More Secure*

Go to Control Panel and open the *Internet Options*. Click on the *Advanced tab* and do the following:

 Tick Empty Temporary Internet Files When Browser is Closed under Security. Apply

Then, click on the *Security tab* and do the following:

 Make sure the Internet icon is selected.
 Click once on the *Custom Level* button.
 Change the *Download signed ActiveX controls* to *Prompt*.
 Change the *Download unsigned ActiveX controls* to *Disable*.
 Change the *Initialise and script ActiveX controls not marked as safe* to *Disable.*
 Change the *Installation of desktop items* to *Prompt.*
 Change the *Launching programs and files in an IFRAME* to *Prompt.*
 When all these settings have been made, click on the *OK* button.
 If it prompts you as to whether or not you want to save the settings, press the *Yes* button. 
 Next press the *Apply* button and then the *OK* to exit the Internet Properties page.

*Makeing FireFox More Secure*

Please visit this page to explain how to make Firefox more secure - How to Secure Firefox

*Other Software Updates*
It is very important to update the other software on your computer to patch up any security issues you may have. Go HERE to scan your computer for any out of date software. In particular make sure you download the updates for *Java* and *Adobe* as these are subject to many security vulnerabilities.

Also, its a good idea to keep on top of removing any Temp files etc every month or so. To do this, Windows has a pretty good tool.

Go to Start | Programs | Accessories | System Tools | Disk Cleanup
It should start straight away, but if you have to select a drive, click on the C-drive.
Let it run, and at the end it will give you some boxes to tick. 
All are okay to enable, then press *OK* and then *Yes* to the question after.
It will close after its completed.

------------------------

Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:
*SpywareBlaster* to help prevent spyware from installing in the first place.

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit 
*Microsoft Windows Update*
monthly. And to keep your system clean run this free malware scanner

*Malwarebytes' Anti-Malware*

weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this about Security online: *General Security Information, How to tighten Security Settings and Warnings *

Have a safe and happy computing day!

eddie


----------



## binocularface (Feb 28, 2012)

Huge thanks Eddie; you have been a massive help'
I have completed all the tasks in your latest post, so hopeful problem free computing ahead 

Many many many thanks!

Regards
B


----------



## eddie5659 (Mar 19, 2001)

No problem, I like to help 

Any other problems, just let me know 

eddie


----------

