Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Search Redirects to Spam - Trojan?


  • This topic is locked This topic is locked
28 replies to this topic

#1 chrisandsherri

chrisandsherri

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 14 August 2011 - 05:24 PM

Hello,
I have been advised to post here after running DDS. I have a 64-bit version of windows so I was unable to use GMER. I thought that we removed the Google Redirect Trojan (unsure of it's name) with the TDSS Killer but it only 'hid' for a few days.
MBAM states that nothing is found.
My previous post was here, for reference: http://www.bleepingcomputer.com/forums/topic413655.html

I have pasted the DDS Log below and attached the DDS Attach file as requested.
Can you please help me remove this? It's really starting to tick me off.

DDS Log:
.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Owner at 18:09:09 on 2011-08-14
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.7935.4314 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHELP.exe
C:\Program Files\OO Software\Defrag\oodtray.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
L:\PrtScr\PrtScr.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Pantone\huey\hueyTray.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Ralink\Common\RaUI.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\Windows\SysWOW64\IoctlSvc.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter.exe
C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter64.exe
C:\Program Files\CyberLink\Shared files\RichVideo64.exe
C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\firefox.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugin-container.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\Microsoft MapPoint 2011\StreetsOlkShim.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugin-container.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 3.4\lightroom.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Users\Owner\Downloads\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.vbvsearch.com/
uSearch Bar = res://C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: N/A: {be89472c-b803-4d1d-9a9a-0a63660e0fe3} - C:\PROGRA~2\COPERN~1\COPERN~1.DLL

Attached Files


Edited by Orange Blossom, 14 August 2011 - 08:13 PM.
Fixed link. ~ OB


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:14 PM

Posted 19 August 2011 - 02:38 PM

Welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.sys /90
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\*
    %USERPROFILE%\..|smtmp;true;true;true /FP
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.


In your reply, please post both OTL logs.

Edited by etavares, 19 August 2011 - 02:38 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 chrisandsherri

chrisandsherri
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 19 August 2011 - 04:27 PM

Thank you so much for the reply and explanation. I will get this report for you asap and reply within 3 days.

#4 chrisandsherri

chrisandsherri
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 19 August 2011 - 05:40 PM

Here is one report (OTL. Text):
OTL logfile created on: 8/19/2011 6:18:54 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Owner\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 5.32 Gb Available Physical Memory | 68.59% Memory free
15.50 Gb Paging File | 11.94 Gb Available in Paging File | 77.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1863.01 Gb Total Space | 1607.07 Gb Free Space | 86.26% Space Free | Partition Type: NTFS
Drive D: | 644.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive J: | 465.65 Gb Total Space | 58.31 Gb Free Space | 12.52% Space Free | Partition Type: FAT32
Drive K: | 1396.61 Gb Total Space | 722.45 Gb Free Space | 51.73% Space Free | Partition Type: NTFS
Drive L: | 3.73 Gb Total Space | 3.00 Gb Free Space | 80.40% Space Free | Partition Type: FAT32

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/19 18:17:47 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2011/08/17 16:03:43 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\firefox.exe
PRC - [2011/08/17 16:03:42 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugin-container.exe
PRC - [2011/08/06 02:10:21 | 000,186,760 | ---- | M] () -- C:\Program Files (x86)\Photodex\ProShowGold\scsiaccess.exe
PRC - [2011/08/04 10:24:02 | 003,975,088 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2011/07/21 14:59:08 | 001,101,960 | ---- | M] () -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
PRC - [2011/07/21 14:59:06 | 002,151,640 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/07/21 14:59:06 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/14 20:31:43 | 000,137,224 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
PRC - [2011/03/09 13:29:16 | 000,366,000 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2011/02/04 19:00:35 | 000,040,768 | ---- | M] (Microsoft) -- C:\Program Files (x86)\Microsoft MapPoint 2011\StreetsOlkShim.exe
PRC - [2010/11/20 23:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/07/07 11:58:02 | 001,089,664 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHelp.exe
PRC - [2010/06/24 02:19:50 | 000,109,056 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
PRC - [2010/04/27 11:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/03/27 13:41:20 | 001,137,280 | ---- | M] (
ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe
PRC - [2010/03/10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2010/03/05 11:15:12 | 000,235,752 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2010/03/05 11:15:04 | 000,411,864 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009/03/30 17:13:52 | 001,828,128 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RaUI.exe
PRC - [2008/09/05 10:23:20 | 000,075,040 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter.exe
PRC - [2007/01/04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/12/19 11:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe
PRC - [2006/12/04 10:41:54 | 000,901,120 | ---- | M] (Pantone & GretagMacbeth) -- C:\Program Files (x86)\Pantone\huey\hueyTray.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/17 16:03:43 | 001,846,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\mozjs.dll
MOD - [2011/08/15 13:58:58 | 000,077,312 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mun666m9.default\extensions\{124d001a-bdcb-472f-aa59-bbe7e4bc3204}\components\RadioWMPCoreGecko6.dll
MOD - [2011/08/07 12:03:57 | 006,053,536 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/08/06 03:01:27 | 002,061,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.Redemption\146eb379879eba42e870c4b4b96621c6\Interop.Redemption.ni.dll
MOD - [2011/08/06 03:01:14 | 000,123,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Diagnost#\32e95bc918b0aa7662262cd1fc403ffe\Act.Shared.Diagnostics.ni.dll
MOD - [2011/08/06 03:01:12 | 000,373,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Outlook.Message#\c1b6e75834bdd89d6c84296980348fc1\Act.Outlook.Message.Reader.ni.dll
MOD - [2011/08/06 03:00:43 | 000,455,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Office\91736c826a28210179ef396c5cb7946b\Office.ni.dll
MOD - [2011/08/06 03:00:39 | 000,197,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\31882735aabe1562a522b35739a4a4e7\Microsoft.Practices.Unity.ni.dll
MOD - [2011/08/06 03:00:38 | 000,292,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\e9249efca39dcd3df4b98749f8d4d44f\Microsoft.Practices.ObjectBuilder2.ni.dll
MOD - [2011/08/06 03:00:37 | 000,988,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\3a31435fee9982f40294892101a592e7\Microsoft.Office.Interop.Outlook.ni.dll
MOD - [2011/08/06 03:00:21 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Extensibility\26f23ab277c5bd7ae65ff38f75474c3c\Extensibility.ni.dll
MOD - [2011/08/06 03:00:08 | 000,158,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\ActOutlookAddin\a10ed7087c9d9c92b127a187a3f7a80a\ActOutlookAddin.ni.dll
MOD - [2011/08/06 02:58:57 | 000,724,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Win32\b36a669afffc3cd72803bf714d7ed1f9\Act.Shared.Win32.ni.dll
MOD - [2011/08/06 02:58:55 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Utilities\a9976c6ba1856ba2acbd64d71ff7a301\Act.Shared.Utilities.ni.dll
MOD - [2011/08/06 02:58:53 | 000,103,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Localiza#\387c29921e9f281c5965072b30652484\Act.Shared.Localization.ni.dll
MOD - [2011/08/06 02:58:52 | 005,151,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Images\4ba8cd4a655b42f0431b0a854b0bc190\Act.Shared.Images.ni.dll
MOD - [2011/08/06 02:58:52 | 000,080,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Config\0f5d02c5cec0ae542bac374fdb1baec2\Act.Shared.Config.ni.dll
MOD - [2011/08/06 02:58:49 | 000,527,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Outlook.Service#\1a49d7037d2b8a60b00bb80889eaf102\Act.Outlook.Service.Shared.ni.dll
MOD - [2011/08/06 02:58:48 | 000,559,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Outlook.Service#\aac5ae4891b42b988f28a971331f7468\Act.Outlook.Service.Desktop.ni.dll
MOD - [2011/08/06 02:58:48 | 000,064,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Outlook.Service#\a66a9020664d0b663d390eeb4b391562\Act.Outlook.Service.Interfaces.ni.dll
MOD - [2011/08/06 02:58:46 | 000,266,240 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Outlook.Addin.S#\ed417a6be056bd6d2b2f85ff2ecd7306\Act.Outlook.Addin.Shared.ni.dll
MOD - [2011/08/06 02:58:29 | 009,817,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Framework\d56786a78433715457963fb32018b1a6\Act.Framework.ni.dll
MOD - [2011/08/06 02:53:46 | 000,136,192 | ---- | M] () -- C:\Windows\assembly\GAC_32\Act.Outlook.Message.Reader\13.1.111.0__ebf6b2ff4d0a08aa\Act.Outlook.Message.Reader.dll
MOD - [2011/08/05 19:39:21 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\243bd5a8b17896967384745d0c441ab7\System.Core.ni.dll
MOD - [2011/08/05 19:38:25 | 000,044,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\stdole\fbccb0322ae9535dfd08eaba7f682711\stdole.ni.dll
MOD - [2011/08/05 19:16:58 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\a9f6cfa4eb1436ff770995822f10e227\System.Windows.Forms.ni.dll
MOD - [2011/08/05 19:16:53 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c8aa11ee6789d0f3f5542747aad7a2e4\System.Drawing.ni.dll
MOD - [2011/08/05 19:16:39 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c68401de935c813374253d4fc2a18f6a\System.Xml.ni.dll
MOD - [2011/08/05 19:16:36 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\acbc57d41499fbc2b99194148786c677\System.ni.dll
MOD - [2011/08/05 19:16:36 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\338f3c91a0bea33a07a4611d324bf73a\System.Configuration.ni.dll
MOD - [2011/08/05 19:16:27 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
MOD - [2011/06/17 11:46:04 | 008,626,176 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2011/06/17 11:46:02 | 002,408,448 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2011/06/17 11:46:02 | 000,212,992 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2011/06/06 15:55:34 | 004,159,392 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\PDFMaker\Common\AdobePDFMakerX.dll
MOD - [2011/05/04 04:51:59 | 000,008,192 | ---- | M] () -- C:\Program Files (x86)\Java\jre6\bin\jp2native.dll
MOD - [2011/02/06 13:28:31 | 000,920,376 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
MOD - [2010/11/17 14:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/06/01 11:38:40 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\TurboV EVO\pngio.dll
MOD - [2010/03/12 06:40:58 | 004,449,632 | ---- | M] () -- C:\Program Files\ASUS\GPU Boost Driver\platform.dll
MOD - [2010/03/12 06:40:56 | 000,423,256 | ---- | M] () -- C:\Program Files\ASUS\GPU Boost Driver\device.dll
MOD - [2010/02/08 18:19:52 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\TurboV EVO\HookKey32.dll
MOD - [2009/07/31 22:39:08 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2009/02/14 06:04:38 | 000,756,040 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2008/10/26 06:42:14 | 000,065,376 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2006/10/27 16:35:18 | 000,436,512 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/10 19:57:44 | 000,139,648 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/11/30 13:27:58 | 000,336,824 | ---- | M] (arvato digital services llc) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2_x64)
SRV:64bit: - [2010/09/30 13:30:10 | 003,140,424 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/19 17:43:24 | 000,386,344 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64)
SRV:64bit: - [2010/02/10 23:05:44 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/08/06 02:10:21 | 000,186,760 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
SRV - [2011/08/04 10:24:02 | 003,975,088 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011/07/21 14:59:06 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/17 21:10:08 | 002,591,232 | ---- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe -- (SmcService)
SRV - [2011/06/17 20:50:36 | 000,324,528 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\snac64.exe -- (SNAC)
SRV - [2011/06/14 20:31:43 | 000,137,224 | ---- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe -- (SepMasterService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/09 13:29:16 | 000,366,000 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2011/02/08 21:26:03 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/09/06 03:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/08/21 13:16:42 | 001,078,952 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/06/24 02:19:50 | 000,109,056 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/03/05 11:15:12 | 000,235,752 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/05 10:23:56 | 000,210,720 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter64.exe -- (RalinkRegistryWriter64)
SRV - [2008/09/05 10:23:20 | 000,075,040 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter)
SRV - [2008/08/07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007/03/06 11:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
SRV - [2007/01/04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/12/19 11:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/06 18:32:31 | 000,023,112 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV:64bit: - [2011/08/06 10:26:26 | 000,147,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SysPlant.sys -- (SysPlant)
DRV:64bit: - [2011/08/06 10:22:04 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/08/04 10:24:04 | 000,279,136 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2011/08/04 10:23:59 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
DRV:64bit: - [2011/08/04 10:23:58 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2011/08/04 10:23:53 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/21 14:59:08 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/05/28 00:07:29 | 000,745,592 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105\x64\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/05/28 00:07:29 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105\x64\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/05/20 22:50:02 | 000,062,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Teefer.sys -- (Teefer2)
DRV:64bit: - [2011/05/18 00:32:27 | 000,928,888 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105\x64\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2011/05/11 00:54:58 | 000,170,104 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105\x64\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2011/05/02 23:18:59 | 000,451,192 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105\x64\SymDS64.sys -- (SymDS)
DRV:64bit: - [2011/04/21 02:21:31 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105\x64\symnets.sys -- (SYMNETS)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 17:53:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2011/02/08 12:30:55 | 000,082,048 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2011/01/19 18:47:18 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/11/20 23:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 23:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/20 11:49:06 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/06/23 05:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/05/05 21:15:48 | 000,024,064 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lmvac.sys -- (LTXMD_VAC) Litex Media Virtual Audio Cable (WDM)
DRV:64bit: - [2010/04/27 10:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/04/27 10:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/03/12 06:40:48 | 000,052,280 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Program Files\ASUS\GPU Boost Driver\amd64\aoddriver.sys -- (AODDriver)
DRV:64bit: - [2010/02/10 23:24:04 | 006,368,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/02/10 22:11:12 | 000,188,416 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/01/28 10:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/01/14 08:27:46 | 000,032,544 | R--- | M] (Realtek ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2010/01/14 08:27:30 | 000,048,416 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.2)
DRV:64bit: - [2010/01/14 08:27:30 | 000,048,416 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.2)
DRV:64bit: - [2010/01/14 08:27:18 | 000,029,472 | R--- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.2)
DRV:64bit: - [2009/08/23 18:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/07/26 22:54:30 | 000,090,544 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009/07/15 23:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 07:56:08 | 000,712,704 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/01/30 18:48:32 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2008/01/30 18:48:16 | 000,016,384 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2007/08/07 15:48:37 | 000,032,712 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2007/02/15 20:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV:64bit: - [2007/01/15 15:36:18 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV:64bit: - [2007/01/11 13:04:04 | 000,021,792 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iviaspi.sys -- (Iviaspi)
DRV:64bit: - [2005/09/23 23:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2011/08/08 14:09:11 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2011/08/03 04:00:00 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20110818.021\EX64.SYS -- (NAVEX15)
DRV - [2011/08/03 04:00:00 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/08/03 04:00:00 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/08/03 04:00:00 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20110818.021\ENG64.SYS -- (NAVENG)
DRV - [2011/07/23 14:21:05 | 001,151,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20110812.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/06/22 20:13:45 | 000,488,056 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20110817.030\IDSviA64.sys -- (IDSVia64)
DRV - [2011/06/17 21:09:50 | 000,029,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\SyDvCtrl64.sys -- (SyDvCtrl)
DRV - [2010/11/17 22:29:20 | 000,146,928 | ---- | M] (CyberLink Corp.) [2011/02/07 17:19:11] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/02/15 20:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [1999/03/08 15:15:00 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\PMEMNT.SYS -- (PMEM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - C:\Program Files (x86)\Ashampoo_US\prxtbAsha.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3435487432-1234031240-4110876318-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML
IE - HKU\S-1-5-21-3435487432-1234031240-4110876318-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3435487432-1234031240-4110876318-1000\..\URLSearchHook: {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - C:\Program Files (x86)\Ashampoo_US\prxtbAsha.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3435487432-1234031240-4110876318-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-3435487432-1234031240-4110876318-1000\..\URLSearchHook: {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
IE - HKU\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Ashampoo US Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2481032&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2481032&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files (x86)\Video Capture Master\Filters\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files (x86)\Video Capture Master\Filters\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files (x86)\Magic Video Converter\codec\real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files (x86)\Video Capture Master\Filters\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files (x86)\Video Capture Master\Filters\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files (x86)\Magic Video Converter\codec\real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/08/06 00:10:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\IPSFFPlgn\ [2011/08/06 10:29:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/08/07 02:39:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\components [2011/08/17 16:03:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugins [2011/08/06 00:10:38 | 000,000,000 | ---D | M]

[2011/02/10 12:18:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2011/08/16 21:58:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mun666m9.default\extensions
[2011/08/16 21:58:46 | 000,000,000 | ---D | M] (Ashampoo US Community Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mun666m9.default\extensions\{124d001a-bdcb-472f-aa59-bbe7e4bc3204}
[2011/07/24 15:35:32 | 000,000,925 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mun666m9.default\searchplugins\conduit.xml
File not found (No name found) --
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MUN666M9.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI

O1 HOSTS File: ([2011/01/16 10:58:12 | 000,002,285 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 192.168.112.2O7.net
O1 - Hosts: 127.0.0.1 2O7.net
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 49 more lines...
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems Incorporated.)
O2 - BHO: (Ashampoo US Toolbar) - {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - C:\Program Files (x86)\Ashampoo_US\prxtbAsha.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - File not found
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Ashampoo US Toolbar) - {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - C:\Program Files (x86)\Ashampoo_US\prxtbAsha.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems Incorporated.)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Copernic Agent) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O3 - HKU\S-1-5-21-3435487432-1234031240-4110876318-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3435487432-1234031240-4110876318-1000\..\Toolbar\WebBrowser: (Copernic Agent) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] File not found
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [Conime] File not found
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3435487432-1234031240-4110876318-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-3435487432-1234031240-4110876318-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-21-3435487432-1234031240-4110876318-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10o_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TTK.lnk = C:\Program Files (x86)\Talking Time Keeper\TalkingTimeKeeper.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: MasterCook: Select Image - C:\Program Files (x86)\MasterCook 9\Web\MCIEContext.hta ()
O8:64bit: - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta ()
O8:64bit: - Extra context menu item: Search Using Copernic Agent - C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: MasterCook: Select Image - C:\Program Files (x86)\MasterCook 9\Web\MCIEContext.hta ()
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta ()
O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O9 - Extra 'Tools' menuitem : Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files (x86)\Copernic Agent\CopernicAgent.exe (Copernic Technologies Inc.)
O9 - Extra Button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\Program Files (x86)\Copernic Agent\CopernicAgent.exe (Copernic Technologies Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3435487432-1234031240-4110876318-1000\..Trusted Ranges: Range1 ([http] in Computer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\copernicagent {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\copernicagentcache {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\textwareilluminatorbase {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\copernicagent {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O18 - Protocol\Handler\copernicagentcache {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O18 - Protocol\Handler\textwareilluminatorbase {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\Windows\SysWOW64\textwareilluminatorbaseProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\SEP: DllName - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/18 17:12:18 | 000,000,088 | ---- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{3144bdbe-c139-11e0-b0f4-bcaec5e17072}\Shell - "" = AutoRun
O33 - MountPoints2\{3144bdbe-c139-11e0-b0f4-bcaec5e17072}\Shell\AutoRun\command - "" = D:\WD SmartWare.exe -- [2009/10/14 17:28:45 | 003,271,968 | ---- | M] (Western Digital)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/19 18:17:47 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/08/14 18:08:09 | 000,607,017 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\dds.scr
[2011/08/14 17:01:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\StudioCloud Invoices
[2011/08/14 16:59:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\com.StudioCloud.Desktop.3.F2DAE273367737D97F8409B8C86CCCEDC39FC38E.1
[2011/08/14 16:58:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StudioCloud 3.0
[2011/08/14 16:22:26 | 000,000,000 | ---D | C] -- C:\ProgramData\StudioPlus Software
[2011/08/14 16:22:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StudioPlus 2011
[2011/08/12 15:23:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
[2011/08/12 15:22:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/08/12 15:22:25 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/08/12 15:22:25 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/08/10 15:55:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/08/09 23:46:26 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011/08/09 19:12:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\My SureThing Projects
[2011/08/09 19:12:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\MicroVision Applications
[2011/08/09 19:12:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SureThing
[2011/08/09 19:12:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SureThing CD Labeler 5
[2011/08/09 18:56:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe
[2011/08/09 18:55:46 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2011/08/09 18:55:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LightScribe
[2011/08/09 18:46:21 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Nero
[2011/08/09 18:32:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Photo Story 3 for Windows
[2011/08/09 17:11:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\CutePDF Writer
[2011/08/08 15:43:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\.WHCC
[2011/08/08 15:43:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\.roescache
[2011/08/08 15:43:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ROES.whcc
[2011/08/08 15:42:25 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/08/08 14:13:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PrtScr
[2011/08/08 14:09:11 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/08/08 14:05:09 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2011/08/08 14:05:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/08/08 14:05:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/08/08 14:05:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2011/08/08 13:53:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2011/08/08 13:53:04 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/08/08 13:53:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/08 13:53:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/08 13:53:01 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/08/08 13:53:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/08/08 12:45:10 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2011/08/08 12:45:08 | 000,000,000 | ---D | C] -- C:\Program Files\WDCSAM
[2011/08/07 19:44:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\X-Rite
[2011/08/07 19:44:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\X-Rite
[2011/08/07 19:44:35 | 000,000,000 | ---D | C] -- C:\ProgramData\X-Rite
[2011/08/07 18:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Imagenomic
[2011/08/07 18:07:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GPLGS
[2011/08/07 18:07:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
[2011/08/07 18:07:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acro Software
[2011/08/07 17:57:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2011/08/07 17:56:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\uTorrent
[2011/08/07 17:56:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\uTorrent
[2011/08/07 17:44:19 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Imagenomic
[2011/08/07 17:42:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Imagenomic
[2011/08/07 17:30:50 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/08/07 17:30:50 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Adobe Mini Bridge CS5
[2011/08/07 17:28:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Western Digital
[2011/08/07 17:23:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Photography Software
[2011/08/07 17:09:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Pantone
[2011/08/07 17:05:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pantone
[2011/08/07 17:05:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pantone
[2011/08/07 15:30:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Eastman_Kodak_Company
[2011/08/07 15:29:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Eastman Kodak Company
[2011/08/07 15:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak
[2011/08/07 15:29:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\kodak
[2011/08/07 15:27:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2011/08/07 15:27:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kodak
[2011/08/07 15:25:21 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Temp
[2011/08/07 15:25:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Kodak
[2011/08/07 15:11:40 | 000,000,000 | ---D | C] -- C:\ProgramData\MumboJumbo
[2011/08/07 13:09:21 | 000,000,000 | ---D | C] -- C:\MoTemp
[2011/08/07 13:05:36 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\PACE Anti-Piracy
[2011/08/07 13:05:36 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\PACE Anti-Piracy
[2011/08/07 13:05:36 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
[2011/08/07 13:05:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PACE Anti-Piracy
[2011/08/07 12:04:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Story
[2011/08/07 11:34:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Production Premium CS5.5
[2011/08/07 10:38:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Adobe Scripts
[2011/08/07 03:05:19 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2011/08/07 02:55:58 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe
[2011/08/07 02:55:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\Adobe Flash Builder 4
[2011/08/07 02:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS5
[2011/08/07 02:31:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name
[2011/08/06 22:41:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\dvdae
[2011/08/06 22:41:27 | 000,000,000 | ---D | C] -- C:\My Works
[2011/08/06 22:33:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Caricature Software
[2011/08/06 22:11:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Right Hemisphere
[2011/08/06 22:11:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\My 3D Models
[2011/08/06 22:11:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Right Hemisphere
[2011/08/06 21:33:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{F5BAF694-72B1-4C56-9759-ADC08E53FA83}
[2011/08/06 21:12:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Photo User
[2011/08/06 21:04:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\MAGIX downloads
[2011/08/06 21:04:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\MAGIX
[2011/08/06 20:55:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\ImTOO
[2011/08/06 20:55:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\ImageResizeGuide
[2011/08/06 20:54:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\ClaymationStudio3
[2011/08/06 20:47:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Slideshows
[2011/08/06 20:45:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\mresreg
[2011/08/06 20:21:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\BeautyGuide
[2011/08/06 20:13:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\AdobeCaptivateReviewer2.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2011/08/06 20:12:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\QuizResultsAnalyzer.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2011/08/06 19:58:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Chief Architect Premier X3 Data
[2011/08/06 19:58:13 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Chief Architect Premier X3
[2011/08/06 19:56:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Rylstim Budget
[2011/08/06 19:56:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Rylstim Budget
[2011/08/06 19:03:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft MapPoint 2011
[2011/08/06 18:57:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Streets & Trips 2011
[2011/08/06 17:30:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/08/06 16:35:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Quark ShapeMaker Presets
[2011/08/06 16:29:40 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\OneNote Notebooks
[2011/08/06 15:20:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2011/08/06 10:26:28 | 000,102,832 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\FwsVpn.dll
[2011/08/06 10:26:28 | 000,058,288 | ---- | C] (Symantec Corporation) -- C:\Windows\SysWow64\snacnp.dll
[2011/08/06 10:26:28 | 000,058,288 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\snacnp.dll
[2011/08/06 10:26:28 | 000,042,632 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\WGX64.SYS
[2011/08/06 10:26:27 | 000,374,704 | ---- | C] (Symantec Corporation) -- C:\Windows\SysWow64\sysfer.dll
[2011/08/06 10:26:27 | 000,010,672 | ---- | C] (Symantec Corporation) -- C:\Windows\SysWow64\sysferThunk.dll
[2011/08/06 10:26:26 | 000,513,456 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\sysfer.dll
[2011/08/06 10:26:26 | 000,147,632 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SysPlant.sys
[2011/08/06 10:26:26 | 000,011,184 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\sysferThunk.dll
[2011/08/06 10:20:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105\x64
[2011/08/06 10:20:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\SEP
[2011/08/06 10:20:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105
[2011/08/06 10:20:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\SEP\0C01029F
[2011/08/06 09:41:36 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Wondershare Video Studio Express
[2011/08/06 09:41:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
[2011/08/06 09:41:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wondershare
[2011/08/06 09:38:32 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\LifePhotoMaker
[2011/08/06 09:38:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Life Photo Maker
[2011/08/06 09:38:28 | 000,000,000 | ---D | C] -- C:\ProgramData\LifePhotoMaker
[2011/08/06 09:38:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LifePhotoMaker
[2011/08/06 09:37:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PicturesToExe 6.5
[2011/08/06 09:37:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WnSoft PicturesToExe
[2011/08/06 09:37:21 | 000,000,000 | ---D | C] -- C:\ProgramData\PicturesToExe
[2011/08/06 09:31:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Watermark Software
[2011/08/06 09:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\WatermarkSoftware
[2011/08/06 09:30:40 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\PhotoDVD
[2011/08/06 09:26:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Watermark
[2011/08/06 09:26:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Visual Watermark
[2011/08/06 09:26:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Visual Watermark
[2011/08/06 09:25:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vinny Loan Check
[2011/08/06 09:25:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vinny Loan Check
[2011/08/06 09:25:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vinny Loan Check
[2011/08/06 09:22:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trix DrawingCenter 6.5
[2011/08/06 09:22:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trix DrawingCenter 6.5
[2011/08/06 09:11:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total PDF Converter
[2011/08/06 09:11:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Total PDF Converter
[2011/08/06 09:10:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Softplicity
[2011/08/06 09:10:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Movie Converter
[2011/08/06 09:10:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TotalMovieConverter
[2011/08/06 09:04:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\SuperMP3Download
[2011/08/06 09:04:07 | 000,000,000 | ---D | C] -- C:\ProgramData\SuperMP3Download
[2011/08/06 09:02:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SuperMp3Download
[2011/08/06 08:53:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digistudio
[2011/08/06 08:53:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DIGISTUDIO
[2011/08/06 08:52:58 | 000,000,000 | ---D | C] -- C:\Windows\uninstall
[2011/08/06 08:50:49 | 000,181,688 | ---- | C] (SoftwareNetz) -- C:\Windows\snui.exe
[2011/08/06 08:50:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SoftwareNetz
[2011/08/06 08:50:46 | 000,000,000 | ---D | C] -- C:\Softwarenetz
[2011/08/06 08:49:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\assembly
[2011/08/06 08:48:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snagit 10
[2011/08/06 08:48:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Snagit Stamps
[2011/08/06 08:44:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart PC Solutions
[2011/08/06 08:43:00 | 000,000,000 | ---D | C] -- C:\Program Files\SlideShow Prime
[2011/08/06 08:42:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlideShow Prime
[2011/08/06 08:42:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlideShow Prime
[2011/08/06 08:34:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2011/08/06 08:30:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Simply Invoice
[2011/08/06 08:28:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default)
[2011/08/06 08:28:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Simply Software
[2011/08/06 03:01:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Act
[2011/08/06 02:58:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\IsolatedStorage
[2011/08/06 02:57:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage ACT! Premium 2011
[2011/08/06 02:55:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Sage Software, Inc
[2011/08/06 02:52:40 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\ACT
[2011/08/06 02:52:40 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\ACT
[2011/08/06 02:47:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
[2011/08/06 02:46:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033
[2011/08/06 02:46:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1033
[2011/08/06 02:45:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 R2
[2011/08/06 02:43:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\ACT
[2011/08/06 02:43:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ACT
[2011/08/06 02:39:49 | 000,000,000 | ---D | C] -- C:\ACT_Premium_2011
[2011/08/06 02:38:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rylstim Budget
[2011/08/06 02:38:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rylstim Budget
[2011/08/06 02:35:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\CAM Development
[2011/08/06 02:29:09 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\RonyaSoft
[2011/08/06 02:27:53 | 000,000,000 | ---D | C] -- C:\ProgramData\RonyaSoft
[2011/08/06 02:27:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RonyaSoft
[2011/08/06 02:27:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RonyaSoft
[2011/08/06 02:25:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rapid Resizer
[2011/08/06 02:23:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RadioZilla
[2011/08/06 02:23:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RadioZilla
[2011/08/06 02:22:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF to Word
[2011/08/06 02:22:56 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Quick-PDF PDF to Word
[2011/08/06 02:22:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF to Word
[2011/08/06 02:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuarkXPress 9
[2011/08/06 02:16:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\My Reduced Photos
[2011/08/06 02:15:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Picture Reduce Studio Data
[2011/08/06 02:15:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picture Reduce Studio
[2011/08/06 02:15:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Picture Reduce Studio
[2011/08/06 02:14:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photomatix Pro 4.1
[2011/08/06 02:14:39 | 000,000,000 | ---D | C] -- C:\Program Files\PhotomatixPro4
[2011/08/06 02:14:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\HDRsoft
[2011/08/06 02:12:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\PhotoLine
[2011/08/06 02:12:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoLine
[2011/08/06 02:12:18 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoLine
[2011/08/06 02:11:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\PhotoFiltre Studio X
[2011/08/06 02:11:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre Studio X
[2011/08/06 02:11:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoFiltre Studio X
[2011/08/06 02:11:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoFiltre Studio X
[2011/08/06 02:10:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProShow Gold
[2011/08/06 02:09:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Photodex
[2011/08/06 02:08:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Photo User
[2011/08/06 02:08:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\digiP.team
[2011/08/06 02:06:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Personal Organizer 6.0
[2011/08/06 02:05:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OWL Business Apps
[2011/08/06 02:05:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\owl_sb
[2011/08/06 01:57:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Nufsoft
[2011/08/06 01:57:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nufsoft
[2011/08/06 01:57:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nufsoft
[2011/08/06 01:53:42 | 000,000,000 | ---D | C] -- C:\naevius_temp_folder
[2011/08/06 01:53:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Naevius YouTube Converter
[2011/08/06 01:53:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Naevius YouTube Converter
[2011/08/06 01:52:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mytoolsoft Watermark Software
[2011/08/06 01:52:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mytoolsoft Watermark Software
[2011/08/06 01:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mytoolsoft Image Resizer
[2011/08/06 01:51:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mytoolsoft Image Resizer
[2011/08/06 01:50:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\MyNotesKeeper
[2011/08/06 01:50:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Notes Keeper
[2011/08/06 01:50:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyNotesKeeper
[2011/08/06 01:48:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MS Word Search In Multiple Word Files Software
[2011/08/06 01:48:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MS Word Search In Multiple Word Files Software
[2011/08/06 01:46:32 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\amcv
[2011/08/06 01:46:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced MP3 Converter
[2011/08/06 01:46:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced MP3 Converter
[2011/08/06 01:45:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\ACRP
[2011/08/06 01:45:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced CD Ripper Pro
[2011/08/06 01:45:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced CD Ripper Pro
[2011/08/06 01:41:32 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BusinessCards MX
[2011/08/06 01:41:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\BusinessCardsMX templates
[2011/08/06 01:38:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo-Brush 5
[2011/08/06 01:38:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Photo-Brush 5
[2011/08/06 01:37:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dynamic-Photo HDR 5
[2011/08/06 01:37:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DynamicPhotoHDR5
[2011/08/06 01:36:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dynamic Auto-Painter
[2011/08/06 01:36:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAPainter
[2011/08/06 01:32:01 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\MAGIX
[2011/08/06 01:32:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\MAGIX_MusicEditor
[2011/08/06 01:25:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Shared
[2011/08/06 01:24:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
[2011/08/06 01:24:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MAGIX
[2011/08/06 01:23:59 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2011/08/06 01:23:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Services
[2011/08/06 01:19:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picture Resize Genius
[2011/08/06 01:19:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Picture Resize Genius
[2011/08/06 01:10:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Kingsoft
[2011/08/06 01:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingsoft Office 2010
[2011/08/06 01:09:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Kingsoft
[2011/08/06 01:09:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kingsoft
[2011/08/06 01:06:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Kaizen_Software_Solutions
[2011/08/06 01:06:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\IsolatedStorage
[2011/08/06 01:06:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Home Manager
[2011/08/06 01:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\HomeManager
[2011/08/06 01:06:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Home Manager 2010
[2011/08/06 01:04:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iResizer
[2011/08/06 01:04:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iResizer
[2011/08/06 01:02:04 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2011/08/06 01:02:04 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2011/08/06 01:02:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2011/08/06 01:01:36 | 000,000,000 | ---D | C] -- C:\ProgramData\ImTOO
[2011/08/06 00:59:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImTOO
[2011/08/06 00:58:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImTOO
[2011/08/06 00:56:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImageIngesterPro3
[2011/08/06 00:53:46 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\ImageConverter Plus
[2011/08/06 00:53:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageConverter Plus
[2011/08/06 00:53:43 | 000,182,680 | ---- | C] (fCoder Group International) -- C:\Windows\SysWow64\cnvshell.dll
[2011/08/06 00:53:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Image Converter Plus
[2011/08/06 00:53:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImageConverter Plus
[2011/08/06 00:51:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Resize Guide
[2011/08/06 00:51:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Image Resize Guide
[2011/08/06 00:48:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IconCool Software
[2011/08/06 00:48:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IconCool Software
[2011/08/06 00:48:04 | 000,834,048 | ---- | C] (Softuarium) -- C:\Windows\SysWow64\xwpdlx20.ocx
[2011/08/06 00:48:02 | 004,082,688 | ---- | C] (Borland Software Corporation) -- C:\Windows\SysWow64\qtintf70.dll
[2011/08/06 00:48:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IconCool Software
[2011/08/06 00:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\honestech Photo DVD 4.0
[2011/08/06 00:42:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\honestech Claymation Studio 3.0
[2011/08/06 00:42:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\honestech Claymation Studio 3.0
[2011/08/06 00:38:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Home Data Deluxe 9.5
[2011/08/06 00:35:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handicap Manager
[2011/08/06 00:35:22 | 000,000,000 | ---D | C] -- C:\Program Files\Handicap XL
[2011/08/06 00:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\Golf Tracker XL
[2011/08/06 00:33:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Golf Tracker
[2011/08/06 00:32:56 | 000,000,000 | ---D | C] -- C:\GOO35S
[2011/08/06 00:32:56 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GOLF ORGANIZER DELUXE
[2011/08/06 00:31:19 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Gold Burn
[2011/08/06 00:31:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gold Burn
[2011/08/06 00:31:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gold Burn
[2011/08/06 00:30:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Garage Sale Organizer Deluxe
[2011/08/06 00:30:01 | 000,000,000 | ---D | C] -- C:\gsale35s
[2011/08/06 00:29:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FotoArchiv XL
[2011/08/06 00:29:04 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\IN-MEDIAKG
[2011/08/06 00:29:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FotoArchiv XL
[2011/08/06 00:28:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mresreg
[2011/08/06 00:26:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flame Painter
[2011/08/06 00:26:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Flame Painter
[2011/08/06 00:22:19 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\PDF files
[2011/08/06 00:22:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\pdfFactory Pro
[2011/08/06 00:22:11 | 000,263,168 | ---- | C] (FinePrint Software, LLC) -- C:\Windows\SysNative\fppr4-x64.dll
[2011/08/06 00:22:11 | 000,258,048 | ---- | C] (FinePrint Software, LLC) -- C:\Windows\SysNative\fppmon4.dll
[2011/08/06 00:20:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\FairStars Audio Converter
[2011/08/06 00:19:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FairStars Audio Converter
[2011/08/06 00:19:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FairStars Audio Converter
[2011/08/06 00:18:19 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Eshasoft
[2011/08/06 00:17:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eshasoft
[2011/08/06 00:17:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Eshasoft
[2011/08/06 00:17:34 | 000,000,000 | ---D | C] -- C:\Windows\Application Data
[2011/08/06 00:15:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 8 Qt
[2011/08/06 00:15:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDFab 8 Qt
[2011/08/06 00:14:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Audio Extractor
[2011/08/05 23:56:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\DownloadYoutubeMusic
[2011/08/05 23:52:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\deskcalc
[2011/08/05 23:52:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deskcalc Pro
[2011/08/05 23:52:13 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DeskCalc
[2011/08/05 23:50:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DB ORGANIZER DELUXE
[2011/08/05 23:50:09 | 000,000,000 | ---D | C] -- C:\DBO35S
[2011/08/05 23:48:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\ERGOM
[2011/08/05 23:48:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Business Objects
[2011/08/05 23:47:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Day Organizer
[2011/08/05 23:47:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ergom
[2011/08/05 23:45:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daily Task Reminder Software
[2011/08/05 23:45:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Daily Task Reminder Software
[2011/08/05 23:41:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink WaveEditor
[2011/08/05 23:39:55 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector
[2011/08/05 23:38:55 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2011/08/05 23:33:51 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PhotoDirector 2011
[2011/08/05 23:33:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nikon
[2011/08/05 23:32:40 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap
[2011/08/05 23:25:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Corel VideoStudio Pro
[2011/08/05 23:10:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel VideoStudio Pro X4
[2011/08/05 22:46:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis64
[2011/08/05 22:39:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Protexis
[2011/08/05 22:38:19 | 000,000,000 | ---D | C] -- C:\Program Files\Corel
[2011/08/05 22:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel Painter 12
[2011/08/05 22:17:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chief Architect
[2011/08/05 22:17:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Chief Architect
[2011/08/05 22:14:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Checkbook
[2011/08/05 22:14:49 | 000,000,000 | ---D | C] -- C:\Program Files\Checkbook XL
[2011/08/05 22:10:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\My Calendars
[2011/08/05 22:10:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Calendar Wizard
[2011/08/05 22:10:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alchemy Mindworks
[2011/08/05 22:09:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Alchemy Mindworks
[2011/08/05 22:05:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Business_Management_Syste
[2011/08/05 22:03:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2005
[2011/08/05 22:02:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2011/08/05 22:02:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2011/08/05 22:00:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Business Card Designer Plus 10
[2011/08/05 22:00:37 | 000,000,000 | ---D | C] -- C:\ProgramData\CAM Development
[2011/08/05 21:58:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoZoom Pro 4
[2011/08/05 21:58:05 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoZoom Pro 4
[2011/08/05 21:56:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Beauty Guide
[2011/08/05 21:56:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Beauty Guide
[2011/08/05 21:49:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2011/08/05 21:49:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ConduitEngine
[2011/08/05 21:48:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Conduit
[2011/08/05 21:48:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo_US
[2011/08/05 21:48:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Ashampoo
[2011/08/05 21:48:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\ashampoo
[2011/08/05 21:48:26 | 000,000,000 | ---D | C] -- C:\ProgramData\ashampoo
[2011/08/05 21:48:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
[2011/08/05 21:48:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo
[2011/08/05 21:46:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyPic Photo Watermark
[2011/08/05 21:46:40 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\AnyPic Photo Watermark
[2011/08/05 21:46:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnyPic Photo Watermark
[2011/08/05 21:45:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\AnyPic Image Converter
[2011/08/05 21:45:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyPic Image Converter
[2011/08/05 21:45:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnyPic Image Converter
[2011/08/05 21:45:01 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\AnyPic Image Resizer Pro
[2011/08/05 21:45:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyPic Image Resizer Pro
[2011/08/05 21:45:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnyPic Image Resizer Pro
[2011/08/05 21:43:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Wedding Album Maker
[2011/08/05 21:43:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wedding Album Maker Gold
[2011/08/05 21:43:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wedding Album Maker Gold
[2011/08/05 21:39:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Smith Micro
[2011/08/05 21:39:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Smith Micro
[2011/08/05 21:39:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smith Micro
[2011/08/05 21:38:21 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Smith Micro
[2011/08/05 21:38:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smith Micro
[2011/08/05 21:36:59 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\AMS Software
[2011/08/05 21:33:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Frame Maker Pro
[2011/08/05 21:33:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Frame Maker Pro
[2011/08/05 21:15:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/08/05 21:00:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4U Download YouTube Video
[2011/08/05 21:00:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\4U Computing
[2011/08/05 19:01:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011/08/05 18:40:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink
[2011/08/05 18:40:34 | 002,056,192 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\RaCertMgr.dll
[2011/08/05 18:40:34 | 001,597,440 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysWow64\RaCertMgr.dll
[2011/08/05 18:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ralink Wireless
[2011/08/05 18:40:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink Driver
[2011/08/05 18:39:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2011/08/05 18:39:54 | 001,053,184 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysWow64\RAIHV.dll
[2011/08/05 18:39:54 | 001,053,184 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\RAIHV.dll
[2011/08/05 18:39:54 | 000,104,448 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\RAEXTUI.dll
[2011/08/05 18:39:53 | 000,104,448 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysWow64\RAEXTUI.dll
[2011/08/05 18:39:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ralink
[2011/08/04 10:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
[2011/08/04 10:23:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Acronis
[2011/08/04 10:23:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acronis
[2011/08/04 10:22:32 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Acronis
[2011/08/04 10:22:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2011/02/07 15:10:08 | 000,082,048 | ---- | C] (VSO Software) -- C:\Users\Owner\AppData\Roaming\pcouffin.sys
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/19 18:17:47 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/08/19 18:03:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/19 09:03:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/19 08:01:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/18 22:04:10 | 000,001,456 | ---- | M] () -- C:\Users\Owner\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/08/18 14:07:29 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/08/18 14:07:29 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/08/17 16:11:43 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/17 16:11:43 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/17 16:05:26 | 000,002,164 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 10.lnk
[2011/08/17 16:03:04 | 000,000,464 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
[2011/08/17 16:02:10 | 000,000,314 | -HS- | M] () -- C:\Windows\tasks\DOXRMK.job
[2011/08/17 16:01:18 | 1945,407,487 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/17 16:01:16 | 000,111,012 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2011/08/14 18:07:24 | 000,607,017 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\dds.scr
[2011/08/14 18:07:13 | 000,000,000 | ---- | M] () -- C:\Users\Owner\defogger_reenable
[2011/08/14 16:41:48 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2011/08/12 17:24:56 | 000,000,132 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/08/11 17:26:02 | 009,244,720 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/08/08 14:09:11 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/08/08 14:09:10 | 000,016,432 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2011/08/08 14:05:10 | 001,326,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105\x64\Cat.DB
[2011/08/07 23:07:16 | 000,952,912 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/07 23:07:16 | 000,783,812 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/07 23:07:16 | 000,167,062 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/07 18:52:05 | 000,001,137 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011/08/07 18:51:29 | 000,965,918 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/07 17:57:35 | 000,000,971 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/08/07 17:05:21 | 000,001,093 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hueyTray.lnk
[2011/08/07 16:06:50 | 000,001,230 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/07 15:03:18 | 000,000,000 | ---- | M] () -- C:\Windows\jcmkr32.INI
[2011/08/07 15:02:09 | 000,001,057 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\vso_ts_preview.xml
[2011/08/07 14:56:24 | 000,014,296 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011/08/07 13:08:39 | 000,000,021 | ---- | M] () -- C:\Windows\SurCode.INI
[2011/08/07 02:14:42 | 000,000,154 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Tr.exe
[2011/08/07 01:14:59 | 000,001,024 | ---- | M] () -- C:\Windows\SysNative\AutoPartNt.let
[2011/08/06 22:19:12 | 000,000,328 | RHS- | M] () -- C:\ProgramData\D3BFD1CB63.sys
[2011/08/06 21:59:37 | 000,000,502 | ---- | M] () -- C:\Windows\0
[2011/08/06 21:59:37 | 000,000,081 | ---- | M] () -- C:\Windows\Times New Roman
[2011/08/06 21:43:40 | 000,000,000 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\CopyToGo.dat
[2011/08/06 21:09:44 | 000,000,029 | ---- | M] () -- C:\Windows\Snap Component
[2011/08/06 21:03:11 | 000,000,049 | ---- | M] () -- C:\Windows\lpconfig.ini
[2011/08/06 20:57:18 | 000,000,560 | ---- | M] () -- C:\Users\Public\Documents\Global.sw
[2011/08/06 20:54:42 | 000,004,608 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/06 20:54:40 | 000,000,077 | ---- | M] () -- C:\Windows\PhotoDVD.INI
[2011/08/06 20:54:26 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/08/06 20:01:43 | 000,000,033 | ---- | M] () -- C:\Windows\iltwain.ini
[2011/08/06 19:56:58 | 000,001,645 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\home_budget.ini
[2011/08/06 19:53:57 | 000,000,010 | ---- | M] () -- C:\Windows\RHUD.bkm
[2011/08/06 19:51:58 | 000,000,219 | ---- | M] () -- C:\Windows\SOED.INI
[2011/08/06 19:34:21 | 000,000,067 | ---- | M] () -- C:\Windows\Easy DVD Creator.INI
[2011/08/06 19:24:53 | 000,000,041 | -HS- | M] () -- C:\ProgramData\.zreglib
[2011/08/06 19:24:50 | 000,000,040 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\burnaware.ini
[2011/08/06 19:14:36 | 000,573,440 | ---- | M] () -- C:\Users\Owner\Documents\MyToDoList.etd
[2011/08/06 18:32:31 | 000,023,112 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/08/06 18:30:36 | 000,001,596 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2011/08/06 16:29:40 | 000,001,310 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/08/06 10:26:28 | 000,287,152 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\SymVPN.dll
[2011/08/06 10:26:28 | 000,102,832 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\FwsVpn.dll
[2011/08/06 10:26:28 | 000,058,288 | ---- | M] (Symantec Corporation) -- C:\Windows\SysWow64\snacnp.dll
[2011/08/06 10:26:28 | 000,058,288 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\snacnp.dll
[2011/08/06 10:26:28 | 000,042,632 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\WGX64.SYS
[2011/08/06 10:26:27 | 000,374,704 | ---- | M] (Symantec Corporation) -- C:\Windows\SysWow64\sysfer.dll
[2011/08/06 10:26:27 | 000,010,672 | ---- | M] (Symantec Corporation) -- C:\Windows\SysWow64\sysferThunk.dll
[2011/08/06 10:26:26 | 000,513,456 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\sysfer.dll
[2011/08/06 10:26:26 | 000,147,632 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SysPlant.sys
[2011/08/06 10:26:26 | 000,011,184 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\sysferThunk.dll
[2011/08/06 10:22:04 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/08/06 10:22:04 | 000,007,530 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/08/06 10:22:04 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/08/06 10:21:15 | 000,000,114 | ---- | M] () -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105\x64\isolate.ini
[2011/08/06 09:45:59 | 000,001,902 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Zoner Photo Studio 13 x64.lnk
[2011/08/06 09:45:58 | 000,001,902 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Zoner Photo Studio 13.lnk
[2011/08/06 09:35:27 | 000,118,272 | RHS- | M] () -- C:\Windows\SysWow64\VBAEN32Q.dll
[2011/08/06 08:48:53 | 000,002,098 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Snagit 10.lnk
[2011/08/06 08:33:09 | 000,000,390 | -H-- | M] () -- C:\Users\Owner\Documents\SI Settings.inf
[2011/08/06 08:32:39 | 005,935,104 | ---- | M] () -- C:\Users\Owner\Documents\Simply Invoice Database.sid
[2011/08/06 08:31:07 | 000,000,032 | -H-- | M] () -- C:\Users\Owner\Documents\sised.dll
[2011/08/06 02:57:51 | 000,002,067 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Sage ACT! Premium 2011.lnk
[2011/08/06 02:12:47 | 000,000,020 | ---- | M] () -- C:\Windows\MSPL1600
[2011/08/06 02:06:48 | 000,002,899 | ---- | M] () -- C:\Program Files (x86)\Personal Organizer 6.0.lnk
[2011/08/06 01:57:24 | 000,908,053 | ---- | M] () -- C:\Windows\Ace Pro Screensaver Creator Uninstaller.exe
[2011/08/06 01:39:28 | 000,000,645 | ---- | M] () -- C:\Windows\PhotoBrush.INI
[2011/08/06 01:35:30 | 000,000,049 | -H-- | M] () -- C:\Users\Owner\AppData\Roaming\iCash_v7_reg.ini
[2011/08/06 01:02:04 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2011/08/06 01:02:04 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2011/08/06 00:48:11 | 000,000,022 | ---- | M] () -- C:\Windows\SysWow64\winStudio.bin
[2011/08/06 00:38:29 | 000,002,893 | ---- | M] () -- C:\Program Files (x86)\Home Data Deluxe 9.5.lnk
[2011/08/05 23:55:29 | 000,000,006 | ---- | M] () -- C:\Users\Owner\Documents\ver.new
[2011/08/05 22:11:01 | 000,000,042 | ---- | M] () -- C:\Windows\AlchemyMindworksUpdateList.INI
[2011/08/05 21:58:49 | 000,001,441 | ---- | M] () -- C:\Windows\cmpgx-q48.ini
[2011/08/05 20:33:18 | 000,001,441 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/05 20:12:13 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/08/05 20:12:12 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/08/05 18:40:30 | 000,001,990 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
[2011/07/21 14:59:08 | 000,069,376 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/14 18:07:13 | 000,000,000 | ---- | C] () -- C:\Users\Owner\defogger_reenable
[2011/08/14 17:02:03 | 000,000,955 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StudioCloud 3.0.lnk
[2011/08/11 14:06:39 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/08/11 14:06:39 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/08/09 18:32:52 | 000,001,744 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Story 3 for Windows.lnk
[2011/08/09 01:13:53 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2011/08/08 17:33:43 | 000,000,132 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/08/08 15:55:32 | 000,001,456 | ---- | C] () -- C:\Users\Owner\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/08/07 18:52:05 | 000,001,137 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011/08/07 18:07:23 | 000,085,504 | ---- | C] () -- C:\Windows\SysNative\cpwmon64.dll
[2011/08/07 17:57:35 | 000,000,971 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/08/07 17:05:21 | 000,001,093 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hueyTray.lnk
[2011/08/07 16:06:50 | 000,001,230 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/07 16:06:49 | 000,001,242 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/08/07 15:03:18 | 000,000,000 | ---- | C] () -- C:\Windows\jcmkr32.INI
[2011/08/07 13:05:36 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2011/08/07 02:14:42 | 000,000,154 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Tr.exe
[2011/08/06 22:33:34 | 000,003,041 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Photo to Cartoon.lnk
[2011/08/06 21:55:10 | 000,000,854 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel WinDVD 2010.lnk
[2011/08/06 20:54:26 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/08/06 19:06:01 | 000,002,741 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft MapPoint North America 2011.lnk
[2011/08/06 19:00:16 | 000,002,737 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Streets & Trips 2011.lnk
[2011/08/06 18:30:36 | 000,001,596 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2011/08/06 17:32:24 | 000,023,112 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/08/06 16:29:40 | 000,001,310 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/08/06 10:26:28 | 001,326,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105\x64\Cat.DB
[2011/08/06 10:21:15 | 000,000,114 | ---- | C] () -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105\x64\isolate.ini
[2011/08/06 09:37:26 | 000,024,832 | ---- | C] () -- C:\Windows\SysWow64\PteVideo.dll
[2011/08/06 09:35:27 | 000,118,272 | RHS- | C] () -- C:\Windows\SysWow64\VBAEN32Q.dll
[2011/08/06 09:35:27 | 000,000,314 | -HS- | C] () -- C:\Windows\tasks\DOXRMK.job
[2011/08/06 09:26:45 | 000,001,078 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Watermark.lnk
[2011/08/06 08:48:53 | 000,002,098 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Snagit 10.lnk
[2011/08/06 08:28:24 | 005,935,104 | ---- | C] () -- C:\Users\Owner\Documents\Simply Invoice Database.sid
[2011/08/06 08:28:24 | 000,000,390 | -H-- | C] () -- C:\Users\Owner\Documents\SI Settings.inf
[2011/08/06 08:28:24 | 000,000,032 | -H-- | C] () -- C:\Users\Owner\Documents\sised.dll
[2011/08/06 02:57:51 | 000,002,067 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Sage ACT! Premium 2011.lnk
[2011/08/06 02:25:16 | 000,001,963 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rapid Resizer.lnk
[2011/08/06 02:12:47 | 000,000,020 | ---- | C] () -- C:\Windows\MSPL1600
[2011/08/06 02:06:48 | 000,002,899 | ---- | C] () -- C:\Program Files (x86)\Personal Organizer 6.0.lnk
[2011/08/06 01:57:22 | 000,908,053 | ---- | C] () -- C:\Windows\Ace Pro Screensaver Creator Uninstaller.exe
[2011/08/06 01:39:21 | 000,000,645 | ---- | C] () -- C:\Windows\PhotoBrush.INI
[2011/08/06 01:35:30 | 000,000,049 | -H-- | C] () -- C:\Users\Owner\AppData\Roaming\iCash_v7_reg.ini
[2011/08/06 00:56:26 | 000,001,052 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageIngesterPro3.lnk
[2011/08/06 00:48:11 | 000,000,022 | ---- | C] () -- C:\Windows\SysWow64\winStudio.bin
[2011/08/06 00:46:10 | 006,845,865 | ---- | C] () -- C:\Program Files (x86)\How to Succeed at Interviews Includes over 200 Interview Questions.pdf
[2011/08/06 00:40:33 | 000,001,116 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Home Plan Pro.lnk
[2011/08/06 00:38:29 | 000,002,893 | ---- | C] () -- C:\Program Files (x86)\Home Data Deluxe 9.5.lnk
[2011/08/06 00:33:55 | 000,443,392 | ---- | C] () -- C:\Users\Owner\Documents\NSCard20.xlt
[2011/08/06 00:33:55 | 000,071,680 | ---- | C] () -- C:\Users\Owner\Documents\NScore20.xlt
[2011/08/05 23:55:29 | 000,000,006 | ---- | C] () -- C:\Users\Owner\Documents\ver.new
[2011/08/05 22:39:14 | 000,001,990 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel Painter 12.lnk
[2011/08/05 22:11:01 | 000,000,042 | ---- | C] () -- C:\Windows\AlchemyMindworksUpdateList.INI
[2011/08/05 22:10:47 | 000,212,992 | ---- | C] () -- C:\Windows\ALCHUNIN.EXE
[2011/08/05 21:58:49 | 000,001,441 | ---- | C] () -- C:\Windows\cmpgx-q48.ini
[2011/08/05 21:30:56 | 000,002,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 3.4.1 64-bit.lnk
[2011/08/05 21:08:26 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/08/05 21:00:41 | 000,001,222 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4U Download YouTube Video.lnk
[2011/08/05 20:48:51 | 000,000,328 | RHS- | C] () -- C:\ProgramData\D3BFD1CB63.sys
[2011/08/05 20:12:13 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/08/05 20:12:12 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/08/05 18:40:30 | 000,001,990 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
[2011/08/05 18:40:10 | 000,013,650 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011/08/04 10:39:53 | 000,001,024 | ---- | C] () -- C:\Windows\SysNative\AutoPartNt.let
[2011/02/10 15:56:15 | 000,007,605 | ---- | C] () -- C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
[2011/02/10 15:45:38 | 000,000,783 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
[2011/02/10 15:08:44 | 000,000,077 | ---- | C] () -- C:\Windows\PhotoDVD.INI
[2011/02/10 12:57:56 | 000,008,192 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/02/10 12:34:47 | 000,000,067 | ---- | C] () -- C:\Windows\Easy DVD Creator.INI
[2011/02/10 12:27:58 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/02/10 12:27:48 | 000,000,040 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\burnaware.ini
[2011/02/10 11:42:06 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2011/02/08 16:19:41 | 000,296,599 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-Talking Time Keeper.dat
[2011/02/08 16:18:13 | 000,216,576 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011/02/08 16:18:13 | 000,003,839 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-Talking Calculator.dat
[2011/02/08 16:18:13 | 000,000,104 | ---- | C] () -- C:\Windows\TalkingCalculator.INI
[2011/02/08 16:13:30 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2011/02/08 16:13:30 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2011/02/08 16:11:22 | 000,000,053 | ---- | C] () -- C:\Windows\WININIT.INI
[2011/02/08 16:11:20 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2011/02/08 16:10:29 | 000,000,041 | ---- | C] () -- C:\Windows\Progs_.ini
[2011/02/08 15:51:46 | 000,000,219 | ---- | C] () -- C:\Windows\SOED.INI
[2011/02/08 15:07:39 | 000,002,899 | ---- | C] () -- C:\Program Files (x86)\Recipe Keeper Plus 8.0.lnk
[2011/02/08 14:58:49 | 000,002,899 | ---- | C] () -- C:\Program Files (x86)\Recipes Galore 6.0.lnk
[2011/02/08 14:25:14 | 000,001,645 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\home_budget.ini
[2011/02/08 14:11:54 | 000,088,576 | ---- | C] () -- C:\Windows\SysWow64\LFFPX90N.DLL
[2011/02/08 13:53:56 | 000,003,610 | ---- | C] () -- C:\Windows\jrdt_kn16.ini
[2011/02/08 13:53:01 | 000,010,752 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2011/02/08 13:50:55 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\PRNTPARM.DLL
[2011/02/08 13:50:10 | 000,000,163 | ---- | C] () -- C:\Windows\PhotoGraffitiDemo.ini
[2011/02/08 13:45:25 | 000,000,049 | ---- | C] () -- C:\Windows\lpconfig.ini
[2011/02/08 13:36:40 | 000,000,126 | ---- | C] () -- C:\Windows\wpd99.drv
[2011/02/08 13:18:49 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\systeminfo.dll
[2011/02/08 12:44:39 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2011/02/08 12:30:54 | 000,093,696 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\ezpinst.exe
[2011/02/08 12:26:08 | 000,000,049 | -H-- | C] () -- C:\Users\Owner\AppData\Roaming\iCash_v4_reg.ini
[2011/02/07 19:57:45 | 000,000,090 | ---- | C] () -- C:\Windows\SysWow64\ftm31.dat
[2011/02/07 18:45:14 | 000,002,899 | ---- | C] () -- C:\Program Files (x86)\Daily Planner Plus 6.8.lnk
[2011/02/07 18:44:27 | 000,002,899 | ---- | C] () -- C:\Program Files (x86)\Daily Planner Journal 5.5.lnk
[2011/02/07 18:29:52 | 000,000,917 | ---- | C] () -- C:\Windows\SysWow64\CLWatson.ini
[2011/02/07 17:19:49 | 000,007,420 | ---- | C] () -- C:\Windows\UA000106.DLL
[2011/02/07 17:15:35 | 000,148,195 | ---- | C] () -- C:\Program Files (x86)\Common Files\BookViewer.xap
[2011/02/07 17:13:24 | 000,004,608 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/07 16:25:22 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\CopyToGo.dat
[2011/02/07 15:42:36 | 000,014,296 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/02/07 15:42:36 | 000,000,168 | RHS- | C] () -- C:\ProgramData\7AA6CF1D45.sys
[2011/02/07 15:27:39 | 000,007,420 | ---- | C] () -- C:\Windows\UA000104.DLL
[2011/02/07 15:15:53 | 000,109,782 | ---- | C] () -- C:\Windows\CopernicAgentUninstall.exe
[2011/02/07 15:10:45 | 000,001,057 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\vso_ts_preview.xml
[2011/02/07 15:10:08 | 000,099,384 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\inst.exe
[2011/02/07 15:10:08 | 000,007,176 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\pcouffin.cat
[2011/02/07 15:10:08 | 000,001,167 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\pcouffin.inf
[2011/02/07 13:50:44 | 000,000,033 | ---- | C] () -- C:\Windows\iltwain.ini
[2011/02/06 21:52:44 | 000,338,944 | ---- | C] () -- C:\Windows\SysWow64\LFFPX7.DLL
[2011/02/06 21:52:44 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\LFKODAK.DLL
[2011/02/06 20:09:39 | 000,000,063 | ---- | C] () -- C:\Windows\TEXTware.ini
[2011/02/06 20:09:33 | 000,321,024 | ---- | C] () -- C:\Windows\SysWow64\textwareilluminatorbaseProtocol.dll
[2011/02/06 20:09:32 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\Twavbx32.dll
[2011/02/06 20:09:32 | 000,113,288 | ---- | C] () -- C:\Windows\SysWow64\bass.dll
[2011/02/06 20:09:32 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\TWAIED02.DLL
[2011/02/06 20:09:30 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\ILXTBS.DLL
[2011/02/06 18:08:08 | 000,965,918 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/06 17:11:11 | 000,209,040 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2011/02/06 17:11:11 | 000,204,944 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2011/02/06 17:11:11 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2011/02/06 17:11:11 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2011/02/06 17:11:11 | 000,192,656 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2011/02/06 17:11:11 | 000,024,720 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2011/02/06 16:48:40 | 000,000,186 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/02/06 13:01:53 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2011/02/06 12:18:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/02/06 12:11:29 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011/02/06 12:11:29 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/02/06 12:07:48 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/02/06 12:03:03 | 000,049,330 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011/02/06 12:02:22 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/02/06 12:02:16 | 000,037,055 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/11/16 07:56:14 | 000,000,000 | ---- | C] () -- C:\Windows\WaterIllusion.ini
[2010/08/06 10:11:06 | 000,002,045 | -H-- | C] () -- C:\ProgramData\whlb32g.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/02 08:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2009/02/18 23:35:10 | 000,049,152 | R--- | C] () -- C:\Windows\DAOD.exe
[2007/09/20 06:27:16 | 003,190,784 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
[2007/09/20 06:27:16 | 000,741,376 | ---- | C] () -- C:\Windows\SysWow64\audxlib.dll
[2007/09/20 06:27:16 | 000,662,016 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2007/09/20 06:27:16 | 000,511,488 | ---- | C] () -- C:\Windows\SysWow64\ff_x264.dll
[2007/09/20 06:27:16 | 000,405,504 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll
[2007/09/20 06:27:16 | 000,245,760 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2007/09/20 06:27:16 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\ff_kernelDeint.dll
[2007/09/20 06:27:16 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2007/09/20 06:27:16 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2007/09/20 06:27:16 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\ff_theora.dll
[2007/09/20 06:27:16 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2007/09/20 06:27:16 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2007/09/20 06:27:16 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2007/09/20 06:27:16 | 000,097,280 | ---- | C] () -- C:\Windows\SysWow64\ff_realaac.dll
[2007/09/20 06:27:16 | 000,079,872 | ---- | C] () -- C:\Windows\SysWow64\ff_tremor.dll
[2007/09/20 06:27:16 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2007/09/20 06:27:16 | 000,038,400 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2007/09/20 06:27:16 | 000,026,624 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2007/09/20 06:27:16 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2007/04/27 12:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2007/02/26 01:42:22 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\ArmAccess.dll
[2006/12/29 12:29:36 | 001,271,296 | ---- | C] () -- C:\Windows\SysWow64\sysz7.dll
[2006/12/29 12:29:36 | 001,015,128 | ---- | C] () -- C:\Windows\SysWow64\sysz6.dll
[2006/12/29 12:29:36 | 000,062,976 | ---- | C] () -- C:\Windows\SysWow64\sysz8.dll
[2006/12/29 12:29:34 | 000,369,152 | ---- | C] () -- C:\Windows\SysWow64\cygfreetype-6.dll
[2006/12/29 12:29:34 | 000,331,008 | ---- | C] () -- C:\Windows\SysWow64\dvdauthor.exe
[2006/12/29 12:29:34 | 000,323,242 | ---- | C] () -- C:\Windows\SysWow64\spumux.exe
[2006/12/29 12:29:34 | 000,176,640 | ---- | C] () -- C:\Windows\SysWow64\cygpng12.dll
[2006/11/06 16:30:38 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2005/10/21 09:05:29 | 000,288,256 | ---- | C] () -- C:\Windows\Rar.exe
[2005/02/05 09:28:10 | 000,116,224 | ---- | C] () -- C:\Windows\SysWow64\UnzDll.dll
[2004/04/09 04:15:50 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\px.ini
[2003/09/23 08:14:42 | 001,099,264 | ---- | C] () -- C:\Windows\SysWow64\cygxml2-2.dll
[2003/09/17 13:00:56 | 000,266,327 | ---- | C] () -- C:\Windows\SysWow64\ADErrorHandling.dll
[2003/08/10 10:59:20 | 000,980,992 | ---- | C] () -- C:\Windows\SysWow64\cygiconv-2.dll
[2003/08/08 20:28:16 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\cygz.dll
[2001/12/26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\multiplex_vcd.dll
[2001/09/04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\Hmpg12.dll
[2001/07/30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC.dll
[2001/07/23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC_MMX.dll
[2001/07/20 08:09:58 | 000,196,608 | ---- | C] () -- C:\Windows\SysWow64\swfobjs.dll
[1999/03/10 03:23:00 | 000,222,928 | ---- | C] () -- C:\Windows\SysWow64\lobas09.dll
[1998/04/27 03:23:00 | 006,150,961 | ---- | C] () -- C:\Windows\SysWow64\jre116.exe
[1998/01/13 15:52:30 | 000,047,104 | ---- | C] () -- C:\Windows\SysWow64\lotrn13.dll
[1997/11/14 03:23:00 | 000,031,008 | ---- | C] () -- C:\Windows\SysWow64\ivtrn09.dll
[1997/02/02 03:23:00 | 000,000,058 | ---- | C] () -- C:\Windows\loss613.ini
[1997/02/02 03:23:00 | 000,000,058 | ---- | C] () -- C:\Windows\loss09.ini
[1996/07/09 03:23:00 | 000,000,038 | ---- | C] () -- C:\Windows\loidp13.ini
[1994/07/25 03:23:00 | 000,014,928 | ---- | C] () -- C:\Windows\SysWow64\wingen.drv
[1994/04/07 03:23:00 | 000,000,462 | ---- | C] () -- C:\Windows\lodbf13.ini

========== LOP Check ==========

[2011/02/07 13:53:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ACD Systems
[2011/08/04 10:29:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Acronis
[2011/08/06 02:58:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ACT
[2011/08/05 22:10:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Alchemy Mindworks
[2011/02/08 13:40:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Alzex
[2011/08/05 21:36:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AMS Software
[2011/02/10 15:27:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Anix Software
[2011/08/05 21:45:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AnyPic Image Converter
[2011/08/06 19:57:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AnyPic Image Resizer Pro
[2011/08/05 21:46:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AnyPic Photo Watermark
[2011/08/05 21:55:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ashampoo
[2011/08/06 20:21:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BeautyGuide
[2011/02/08 16:16:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Birthday Reminder
[2011/02/10 13:03:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Broderbund
[2011/02/10 12:58:53 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Cambridge
[2011/02/07 15:03:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Centico
[2011/02/10 13:46:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/06 19:58:13 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Chief Architect Premier X3
[2011/08/14 16:59:53 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.StudioCloud.Desktop.3.F2DAE273367737D97F8409B8C86CCCEDC39FC38E.1
[2011/02/07 15:16:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Copernic
[2011/02/07 18:48:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DeskSoft
[2011/02/06 12:12:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DeviceVm
[2011/08/06 22:41:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\dvdae
[2011/02/10 12:01:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Eclipse
[2011/02/07 19:03:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Efficient Address Book
[2011/02/07 19:04:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Efficient To-Do List
[2011/02/10 11:59:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\EndNote
[2011/08/05 23:48:39 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ERGOM
[2011/08/06 00:20:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FairStars Audio Converter
[2011/02/07 19:07:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FairStars Audio Converter Pro
[2011/02/07 19:58:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Firetrust
[2011/08/06 22:44:30 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FrostWire
[2011/08/06 00:31:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Gold Burn
[2011/08/06 02:14:39 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\HDRsoft
[2011/08/07 17:44:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Imagenomic
[2011/08/06 20:55:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ImageResizeGuide
[2011/02/10 12:35:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ImgBurn
[2011/02/10 15:43:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\IMSI
[2011/08/06 20:56:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ImTOO
[2011/08/06 00:29:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\IN-MEDIAKG
[2011/02/10 13:10:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Individual Software
[2011/08/06 02:58:30 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\IsolatedStorage
[2011/02/07 19:35:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\JobTabsLLC
[2011/08/06 01:09:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Kingsoft
[2011/02/10 12:43:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech
[2011/08/06 21:34:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MAGIX
[2011/02/08 12:26:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Maxprog
[2011/08/06 01:41:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mojosoft
[2011/02/08 12:35:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Morpheus Software
[2011/08/06 20:45:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mresreg
[2011/08/06 01:50:56 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MyNotesKeeper
[2011/02/08 12:40:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\NeatImage SL
[2011/02/08 13:51:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Netscape
[2011/02/08 13:25:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Org Professional
[2011/08/07 13:05:36 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PACE Anti-Piracy
[2011/08/07 17:09:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Pantone
[2011/02/08 13:39:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PearlMountainSoft
[2011/02/08 13:44:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Photo DVD Maker
[2011/08/06 02:09:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Photodex
[2011/08/06 02:11:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PhotoFiltre Studio X
[2011/08/06 21:15:41 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PhotoLine
[2011/08/06 02:15:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Picture Reduce Studio Data
[2011/02/08 13:55:36 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PictureCutoutGuide
[2011/02/07 18:30:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PowerCinema
[2011/02/10 12:04:56 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Quark
[2011/08/06 20:12:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\QuizResultsAnalyzer.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2011/02/08 16:34:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Remind-Me
[2011/08/06 19:56:30 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Rylstim Budget
[2011/02/08 15:50:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Sharp World Clock
[2011/02/08 15:54:23 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SmartDraw
[2011/08/05 21:39:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Smith Micro
[2011/08/06 09:11:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Softplicity
[2011/02/08 16:03:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SolSuite
[2011/08/07 17:30:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/08/06 09:04:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SuperMP3Download
[2011/08/07 15:25:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Temp
[2011/02/10 13:12:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TypingMaster7
[2011/08/05 23:26:12 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ulead Systems
[2011/08/09 19:14:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
[2011/02/08 17:01:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\VidaOne
[2011/08/07 15:02:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Vso
[2011/02/08 18:44:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WallpaperSSPro
[2011/08/05 21:43:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Wedding Album Maker
[2011/02/10 12:20:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Windows Live Writer
[2011/02/10 13:13:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinWay
[2011/02/10 15:42:39 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Xilisoft Corporation
[2011/02/08 13:34:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\YCanPDF
[2011/02/10 12:20:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\YouTube HD Transfer
[2011/02/08 17:42:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Zoner
[2011/02/07 15:16:16 | 000,000,423 | ---- | M] () -- C:\Windows\Tasks\1 Copernic Intra-Daily ~Owner-PC Owner.job
[2011/02/07 15:16:16 | 000,000,399 | ---- | M] () -- C:\Windows\Tasks\2 Copernic Daily ~Owner-PC Owner.job
[2011/02/07 15:16:16 | 000,000,404 | ---- | M] () -- C:\Windows\Tasks\3 Copernic Weekly ~Owner-PC Owner.job
[2011/02/07 15:16:16 | 000,000,409 | ---- | M] () -- C:\Windows\Tasks\4 Copernic Monthly ~Owner-PC Owner.job
[2011/08/17 16:02:10 | 000,000,314 | -HS- | M] () -- C:\Windows\Tasks\DOXRMK.job
[2009/07/14 01:08:49 | 000,026,284 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/08/17 16:03:04 | 000,000,464 | ---- | M] () -- C:\Windows\Tasks\SDMsgUpdate (TE).job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/08/17 16:01:18 | 000,002,318 | ---- | M] () -- C:\aaw7boot.log
[2010/11/20 23:23:51 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2011/02/06 14:46:10 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/08/06 20:23:08 | 000,000,099 | RHS- | M] () -- C:\Centico Media Information.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2011/08/17 16:01:18 | 1945,407,487 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2011/02/10 12:02:33 | 000,007,274 | ---- | M] () -- C:\jdata.xml
[2006/12/02 00:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2011/02/07 02:03:13 | 000,064,876 | ---- | M] () -- C:\MSXML.log
[2011/08/17 16:01:18 | 4025,536,511 | -HS- | M] () -- C:\pagefile.sys
[2011/02/08 13:52:02 | 000,001,707 | ---- | M] () -- C:\photodex-presenter-install.log
[2011/02/06 12:06:40 | 000,002,202 | ---- | M] () -- C:\RHDSetup.log
[2011/02/07 12:13:16 | 000,005,694 | ---- | M] () -- C:\Sdicon32.ico
[2011/08/06 21:10:12 | 000,043,914 | ---- | M] () -- C:\StarBurn.log
[2011/08/10 10:08:29 | 000,002,240 | ---- | M] () -- C:\TDSSKiller.2.5.14.0_10.08.2011_10.07.55_log.txt
[2011/08/10 10:17:47 | 000,156,780 | ---- | M] () -- C:\TDSSKiller.2.5.14.0_10.08.2011_10.09.51_log.txt
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2011/02/06 11:58:07 | 000,000,020 | RHS- | M] () -- C:\win7.ld
[2011/02/06 11:58:07 | 000,402,085 | RHS- | M] () -- C:\YWBVH

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.sys /90 >

< %systemroot%\system32\*.dll /lockedfiles >
[2011/08/06 09:35:27 | 000,118,272 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\system32\VBAEN32Q.dll

< %systemroot%\Tasks\*.job /lockedfiles >
[2011/08/17 16:02:10 | 000,000,314 | -HS- | M] () Unable to obtain MD5 -- C:\Windows\Tasks\DOXRMK.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\* >
[2011/02/07 18:44:27 | 000,002,899 | ---- | M] () -- C:\Program Files (x86)\Daily Planner Journal 5.5.lnk
[2011/02/07 18:45:14 | 000,002,899 | ---- | M] () -- C:\Program Files (x86)\Daily Planner Plus 6.8.lnk
[2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
[2011/08/06 00:38:29 | 000,002,893 | ---- | M] () -- C:\Program Files (x86)\Home Data Deluxe 9.5.lnk
[2011/07/06 00:48:11 | 006,845,865 | ---- | M] () -- C:\Program Files (x86)\How to Succeed at Interviews Includes over 200 Interview Questions.pdf
[2011/08/06 02:06:48 | 000,002,899 | ---- | M] () -- C:\Program Files (x86)\Personal Organizer 6.0.lnk
[2011/02/08 15:07:39 | 000,002,899 | ---- | M] () -- C:\Program Files (x86)\Recipe Keeper Plus 8.0.lnk
[2011/02/08 14:58:49 | 000,002,899 | ---- | M] () -- C:\Program Files (x86)\Recipes Galore 6.0.lnk

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\uninstall\helper.exe" /HideShortcuts [2011/08/17 16:03:42 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\uninstall\helper.exe" /ShowShortcuts [2011/08/17 16:03:42 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/08/17 16:03:42 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\firefox.exe [2011/08/17 16:03:43 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\firefox.exe" -preferences [2011/08/17 16:03:43 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\firefox.exe" -safe-mode [2011/08/17 16:03:43 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2011/08/05 22:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2011/08/05 22:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/08/05 22:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2011/08/05 22:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/08/05 20:12:13 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/08/05 20:12:13 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/08/05 20:12:13 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/08/05 20:12:13 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/08/05 20:12:13 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 10\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2011/08/17 16:03:42 | 000,712,976 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 10\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2011/08/17 16:03:42 | 000,712,976 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 10\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2011/08/17 16:03:42 | 000,712,976 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 10\FIREFOX.EXE [2011/08/17 16:03:43 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 10\FIREFOX.EXE" -PREFERENCES [2011/08/17 16:03:43 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 10\FIREFOX.EXE" -SAFE-MODE [2011/08/17 16:03:43 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2011/08/05 22:21:27 | 001,017,912 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2011/08/05 22:21:27 | 001,017,912 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2011/08/05 22:21:27 | 001,017,912 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2011/08/05 22:21:27 | 001,017,912 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/08/05 20:12:12 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/08/05 20:12:12 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/08/05 20:12:12 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/08/05 20:12:13 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/08/05 20:12:13 | 000,748,336 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 986 bytes -> C:\Users\Owner\AppData\Local\Temp:LZqZ9QyagqfGsvho2ziY06lnO51
@Alternate Data Stream - 180 bytes -> C:\ProgramData\Temp:7B025EF9
@Alternate Data Stream - 171 bytes -> C:\ProgramData\Temp:A31FAD21
@Alternate Data Stream - 166 bytes -> C:\ProgramData\Temp:AA504BD4
@Alternate Data Stream - 165 bytes -> C:\ProgramData\Temp:6C3B8FB5
@Alternate Data Stream - 163 bytes -> C:\ProgramData\Temp:C39E55C5
@Alternate Data Stream - 161 bytes -> C:\ProgramData\Temp:BFE23423
@Alternate Data Stream - 160 bytes -> C:\ProgramData\Temp:35C82615
@Alternate Data Stream - 1203 bytes -> C:\ProgramData\Microsoft:5M723jHmJxPCPXMvFlFSDiX
@Alternate Data Stream - 1151 bytes -> C:\Program Files\Common Files\System:0gVGhxTmdU270J6vmxq9Pi
@Alternate Data Stream - 1111 bytes -> C:\Program Files\Common Files\Microsoft Shared:yDQZzfxhi7KTn1uQMoz
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:0A4A3F5A
@Alternate Data Stream - 1029 bytes -> C:\ProgramData\Microsoft:8qMw4lfEg1rbYtUvoTre2

< End of report >

And the other (Extras. Text):
OTL Extras logfile created on: 8/19/2011 6:18:54 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Owner\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 5.32 Gb Available Physical Memory | 68.59% Memory free
15.50 Gb Paging File | 11.94 Gb Available in Paging File | 77.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1863.01 Gb Total Space | 1607.07 Gb Free Space | 86.26% Space Free | Partition Type: NTFS
Drive D: | 644.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive J: | 465.65 Gb Total Space | 58.31 Gb Free Space | 12.52% Space Free | Partition Type: FAT32
Drive K: | 1396.61 Gb Total Space | 722.45 Gb Free Space | 51.73% Space Free | Partition Type: NTFS
Drive L: | 3.73 Gb Total Space | 3.00 Gb Free Space | 80.40% Space Free | Partition Type: FAT32

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [ACDSee Picture Frame Manager.Browse] -- "C:\Program Files (x86)\ACD Systems\ACDSee Picture Frame Manager\1.0\ACDSeeQVPFM.exe" "%1" ()
Directory [ACDSee Pro 4.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\4.0\ACDSeeQVPro4.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with Corel PaintShop Photo Pro X3] -- "c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Picture Frame Manager.Browse] -- "C:\Program Files (x86)\ACD Systems\ACDSee Picture Frame Manager\1.0\ACDSeeQVPFM.exe" "%1" ()
Directory [ACDSee Pro 4.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\4.0\ACDSeeQVPro4.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with Corel PaintShop Photo Pro X3] -- "c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{08A8CCEA-36DC-4634-AAAA-79463D644C0E}" = Corel Painter 12
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{08044040-959A-4B0D-8825-2C533F0DDB19}" = Encarta Search Bar (64-bit)
"{08A8CCEA-36DC-4634-AAAA-79463D644C0E}" = Painter 12 - Setup Files
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}" = Corel WordPerfect Office - iFilter 64 Bit
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2180B33F-3225-423E-BBC1-7798CFD3CD1F}" = Microsoft SQL Server 2008 R2 Native Client
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}" = Microsoft SQL Server VSS Writer
"{2A13EF26-4D68-B2D7-A486-DBBD2FDE366B}" = ATI Catalyst Install Manager
"{34FE274A-6AC9-24D1-2364-7A8BE8B4A068}" = ccc-utility64
"{42CD49CD-4B05-4A2D-8FD1-E37CC9315FA5}" = Painter 12 - Core
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4E82E2E9-668B-4F8A-814A-78E163FCDBCD}" = IconHandler 64 bit
"{51DDB4F9-7FFF-4970-AED4-DB3C22A5C522}" = Corel Graphics - Windows Shell Extension 64 Bit
"{5FD7D415-F562-4767-913F-26E7F463DF8B}" = Painter 12 - Corex64
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Driver
"{6E740973-8E71-42F9-A910-C18452E60450}" = Microsoft SQL Server Native Client
"{77013803-5BA9-4C8A-BFC4-99AE7151C4B7}" = Painter 12 - EN
"{77B8B4A5-EE79-4907-A318-2DA86325B8D7}" = iTunes
"{8027B1DD-D875-4315-8FE9-B2CFDD1BB8F1}" = O&O Defrag Professional
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{87C925D6-F6BF-4FBD-840B-53BAE2648B7B}" = Symantec Endpoint Protection
"{8BB347A7-68B5-4E46-9FCC-17F6172BA9E1}" = Share64
"{8BBA6F77-4A79-4E90-BD82-E24669ACF221}" = Adobe Photoshop Lightroom 3.4.1 64-bit
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97759DE4-0A6A-4ACF-A511-4DA791BEAA1A}" = Painter 12 - Content
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AC6FC993-CCD1-41A5-B61C-AD61F90549BE}" = Painter 12 - IPM
"{BA4F08D1-4578-461E-890A-6F9606F26131}" = AMD64Bit
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D8CC254C-C671-4664-9A38-FA368D1E2C97}" = SES Driver
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{E5C95CA5-4565-4B9D-97ED-05088D775614}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{fd9c522b-f8cd-4113-83b6-15870a11f4fc}.sdb" = Rapid Resizer Compatibility Fix
"4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20" = Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0)
"CCleaner" = CCleaner
"Checkbook for Excel_is1" = Checkbook for Excel - Version 5.3a
"CPUID ROG CPU-Z_is1" = CPUID ROG CPU-Z 1.57.1
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Golf Tracker for Excel_is1" = Golf Tracker for Excel - Version 2.0
"Handicap Manager for Excel_is1" = Handicap Manager for Excel - Version 5.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"pdfFactory Pro" = pdfFactory Pro
"PhotoLine_is1" = PhotoLine 16.5.0.0
"PhotomatixPro41x64_is1" = Photomatix Pro version 4.1
"TaskInfo 6_is1" = TaskInfo 6.2.0.174
"WinRAR archiver" = WinRAR archiver
"ZonerPhotoStudio13_EN_is1" = Zoner Photo Studio 13

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"_{AA902C31-B49D-4608-BCCF-2519EB77722D}" = Corel VideoStudio Pro X4
"_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = Corel DESIGNER Technical Suite X5
"_{DE6DE4A1-0343-4DBE-9DC2-E667AA03F579}" = WordPerfect Office X5
"_{DEAEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Pro X3
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0237E8C8-8FAB-43EA-8C66-9C9734115E7D}" = Party and Crafts Creator
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis True Image Home 2011
"{052B4734-CD9B-468F-B25D-D1E136B2C95A}" = Ad-Aware
"{06C43FAA-7226-41EF-A05E-9AE0AA849FFE}" = IBM SPSS Statistics 19
"{07043840-959A-4B0D-8825-2C533F0DDB19}" = Microsoft Math
"{076B4237-0A24-466F-B5C2-6EE84FEF7C4D}" = Chief Architect Premier X3
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{084FF9E7-891B-46E7-9EA2-6D32788EC5E3}" = honestech Photo DVD 4.0
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08F32589-5E39-42B8-8BC5-6A8126ED2A70}" = Microsoft Visual C++ 2008 Redistributable Package
"{09041881-2C94-4A67-8E55-8483C019C7D2}" = Microsoft Student with Encarta Premium 2009
"{09DE590C-BC6C-4967-B7F3-3012003ED0FD}" = MAGIX Screenshare
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D5B5ED2-3E38-4585-B1F3-64B2A9EA95D6}_is1" = BusinessCards MX
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{104404BC-694D-42D3-8DAF-B8BA26D5ADFC}" = Microsoft Office Personal Portfolio
"{113EECD6-9A04-11D4-811D-00805F923B86}" = Lotus NotesSQL 3.01 driver
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13EBF9E8-82FF-47D0-A324-534B79EF7F71}" = WordPerfect Office X5 - WT
"{15803703-25FA-4C01-A062-3F4A59937E87}" = PhotoImpact X3
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15C11D1A-F178-68C9-9C3F-D70694850DCF}" = CCC Help Thai
"{17C5A285-F7B6-492B-8F3B-343D02B84D75}" = WordPerfect Office X5 - Common
"{17F6CD67-0E9D-4C4B-8F49-17F081092AE2}" = Better Homes and Gardens Interior Designer 7.0
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19B4CD07-1919-4002-B28F-A5D2027026E0}" = WordPerfect Office X5 - IPM
"{19B9DAD6-5E6E-4B80-8EFE-314B5638D6D4}" = Xara 3D Maker 7
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A1E33D2-9824-454A-B8CB-50072118635A}" = Corel Home Office - CS Templates
"{1D11E96F-0405-4B99-8356-5750B1D9FAE9}" = Corel Home Office - JP Templates
"{1F0D7D15-8A36-4AE4-8573-70BEA7DF379D}" = WordPerfect Office X5 - Migration Manager
"{1F31434A-3C68-41D4-8F79-CD10744C5C5A}" = MailWasherPro
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20687EF7-CDC0-B8CA-058B-32BC7B6D7B30}" = CCC Help Turkish
"{216720B6-010A-FF03-810F-F17F7BFBA113}_is1" = Naevius YouTube Converter version 2.5
"{218D2E7E-37A9-4B5D-B4A1-13FD6B8B9D17}" = Corel DVD MovieFactory 7
"{22FC7536-BE5C-4E88-8069-C24689D34EC5}" = Snagit 10.0.1
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications ® Core
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 26
"{26D19512-874B-4EDA-B7F1-779850B2AD5A}" = Corel Home Office - CT Templates
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{27957F25-AEA5-4639-8943-698199B18CBF}_is1" = RadioZilla 1.0
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294A068B-BC5F-4700-B9F0-63949E8A617C}" = Songsmith
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2A6F734D-84CD-4472-877A-A070D76FAE74}_is1" = AnyBizSoft PDF to PowerPoint (Build 1.0.0.8)
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (BAM)
"{2BF52D77-1DF7-4391-85B3-AE45CEE8BD86}" = Xara Xtreme Pro 5
"{2C083706-057E-433F-BD05-6AFA434A9939}" = DB ORGANIZER DELUXE (S)
"{2D4FF9D4-EB76-4A29-6A66-EC5A2B7A900D}" = CCC Help Russian
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{2FA75B40-17C9-4D22-88CA-80A5D52FAB13}" = LightScribe System Software
"{2FB77A97-282D-4B09-9960-575C1787F7D9}_is1" = Beauty Studio 1.35
"{2FCFFE64-B076-4C21-874E-1C8ADEE8B378}_is1" = AnyPic Image Converter 1.0.1
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{31F62812-9ABB-4E14-94EE-94B3D1D62C74}" = honestech Claymation Studio
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{336A1E37-FE4F-E77C-1EFE-AD66B8E76A9F}" = CCC Help Chinese Traditional
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{378BAC91-3AE8-45F0-90E4-4F81E3EAEBC5}" = WordPerfect Office X5 - PR
"{3990E632-42C3-4A25-ADFF-1101E3D6DD47}" = VSClassic
"{3A627783-AF3B-D420-6411-05AACB3F3932}" = Catalyst Control Center Graphics Previews Vista
"{3ACEB261-3435-4244-913C-82783191A0AC}_is1" = Mytoolsoft Watermark Software 2.7.6
"{3F41BA46-09C3-4500-96D7-DC4390AD0124}" = Acrobat X Suite
"{4009454B-4B6D-4424-8830-1B8F758CADD6}" = Corel DESIGNER Technical Suite X5 - EN
"{407CA81C-8454-CCD5-BACD-BA6BD18F680F}" = CCC Help Greek
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4112625F-2D38-49EF-924F-48511BC5CD34}" = SQL Server 2008 R2 Database Engine Services
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{423B52C6-78D2-4495-B29B-65C8886086B7}" = Corel DESIGNER Technical Suite X5
"{4253BBF6-8884-4B62-A063-7CF4AE7D246C}_is1" = Photo Collage Maker 3.25
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{44C05309-60F4-410B-BC32-31733CFF1A49}" = Microsoft Digital Image Suite Anniversary Edition Editor
"{481A6B64-9B0C-418F-B7A1-C8D92A3CE138}" = Corel DESIGNER Technical Suite X5 - IPM
"{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector 2011
"{4873CC58-69D8-490D-9E5C-001DC2EE2010}" = WordPerfect Lightning - Messages
"{4873CC58-69D8-490D-9E5C-001DC2EE2020}" = WordPerfect Lightning - IPM
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{48CBF789-6B40-46B8-9023-59BB2972CA89}" = Personal Organizer 6.0
"{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO
"{49471DB8-7F3C-42DB-89C2-AC50FA0C5290}" = Camtasia Studio 7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}" = SQL Server 2008 R2 Database Engine Shared
"{4D44AD63-8061-41A8-BCCD-23B7117E3C14}" = DVD Copy
"{4EAA09F8-EC61-81CB-EED8-E9DE18800DED}" = Catalyst Control Center Localization All
"{4ED7D297-58F7-45C3-A9BA-A7CD6FA0D373}_is1" = SureThing CD Labeler Deluxe 5
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{4F93ABBE-5A1D-4D56-94CB-022F109FDE4D}" = Adobe Presenter 7
"{4FE542EB-FF0B-4739-94DD-25C8AE0AB259}" = Microsoft Digital Image Suite Anniversary Edition Library
"{5017D60D-C0A5-4CC8-8D2F-0BDA1ADF39D0}" = Corel Home Office - Templates1
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51729BDF-5ED6-41ED-9CC6-5BFC7F4A4C18}" = Better Homes and Gardens Landscaping and Deck Designer 7.0
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{536D6172-7453-7569-7465-392E38300409}" = Lotus SmartSuite - English
"{53D11164-C10F-4B66-9FB1-260C141C5F25}" = Photo Crop Editor 1.15
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{5746E4F9-77C6-47E8-A737-A5975A57B4AA}" = Corel Home Office - KR Templates
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58F9D852-9443-4955-A1ED-12C9E0504DD0}" = Mavis Beacon Teaches Typing Platinum 20
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{59991D18-A988-45AB-B1BF-5ADE6E64CD3F}" = SnagIt 9
"{5ACC1A9F-AAB9-012D-4A65-1D7E92B4242E}" = CCC Help Italian
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD 2010
"{5EA3BC74-FF7B-41B2-B7C2-2C57DC3E6746}" = Simply Invoice V2
"{5F194F8F-5DD1-4726-90DA-7A0B2BEBE842}}_is1" = Aneesoft HD Video Converter
"{61BC62C3-172C-4554-8B36-7346FF1A0F12}" = Garage Sale Organizer Deluxe (s)
"{61F25370-7465-4404-BE28-4629BF808699}" = LightScribe Applications
"{62687EAC-F27D-49AC-A0E2-3899B0459113}" = Hallmark Card Studio 2011 Deluxe
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63BCDFC4-BD0D-640E-2B3F-FCDA34805E33}" = Catalyst Control Center Graphics Full New
"{64459BD5-3AE8-4689-B7B0-D57B667D8399}" = WordPerfect Office X5 - PerfectExperts EN
"{646F72EC-BAE7-4654-A9CE-C49397FB052A}_is1" = AnyPic Photo Watermark 1.0.2
"{657FC304-7BC4-4316-8F19-9AE70D6B6C37}" = Recipe Keeper Plus 8.0
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{65FB5167-953B-4D8B-A953-819ACCB0383D}" = Home Data Deluxe 9.5
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{67227CE5-9560-9D24-852B-E75AAB19F0A6}" = CCC Help Portuguese
"{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"{67ED9603-CB76-4338-B7B0-690FE144C4DA}" = WordPerfect Lightning
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69B6B9E1-A5DF-3177-2B1D-3B672F29EF86}" = Adobe Captivate Quiz Results Analyzer
"{6C13C708-FF28-4991-84E6-5526A0EE677B}" = WordPerfect Office X5 - Oxford
"{6D308A90-6C14-4A02-9B04-CB0EF17894A9}_is1" = Picture Collage Maker Pro 2.5.0
"{6E4B1E42-A831-44B4-A705-D006F68560EC}" = WordPerfect Office X5 - Graphics
"{6F42E58D-9FBF-4B59-81BA-A21D268AD9C8}" = Daily Planner Plus 6.8
"{71D2F8EE-9D45-4D95-A6F6-F6433C2B94B5}" = WordPerfect Office X5 - System EN
"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Realtek Ethernet Diagnostic Utility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72DE3C67-FB48-450E-8BEA-4EB1B3B5355D}" = Microsoft SQL Server 2008 R2 Setup (English)
"{746E205D-E40D-47BA-93CB-BE0B3606E538}" = GOLF ORGANIZER DELUXE (S)
"{747B1B1B-F5DE-4952-AD5F-507A575016F8}_is1" = Photo Enhancer 1.51
"{756B8ACF-1E76-6869-2E4B-200BC6D6E6B1}" = CCC Help Swedish
"{75F3A4B2-F6E8-434D-A2EF-DBBC016C6CB2}" = Learning Essentials for Microsoft Office
"{76EBC536-D99E-58A6-ECA6-5A63A5FCB992}" = CCC Help Hungarian
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77C127AA-B8DC-EE81-C269-FEDA769892DB}" = StudioCloud 3.0
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78CDD8CB-5695-44C0-9750-1ACD3687EA6C}_is1" = Desktop Photo Frame Set
"{7A54F8D9-D42B-DC31-22F4-4AB33DD60208}" = CCC Help Finnish
"{7C2ACE17-4048-4C34-B01E-D039D7C44C20}" = VidaOne Diet and Fitness
"{7C8EAD2B-A954-4F73-AAFC-C3EC60D49ADA}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{7D466431-D6EE-4732-BF02-74BD0817E881}_is1" = AnyPic Image Resizer Pro 1.2.9
"{7EE3C326-76F2-6E15-105F-4D386B90152C}" = CCC Help Dutch
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80B182EC-D431-42BE-A7B0-90C71A82C694}" = Daily Planner Journal 5.5
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{82647B93-3F9C-4BBA-8801-E54DEB46736A}_is1" = Greeting Card Builder 2.4.9
"{827D0C8E-E624-4730-94EC-EF7256CEE11D}" = Trix DrawingCenter 6.5
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115502580}" = Brain Training for Dummies®
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83EC8AE9-53A6-474D-95AF-8F5116CC9C4E}" = 3D Home Architect Design Suite Deluxe 8
"{8432FFD1-6F4D-F9B8-D641-5932E60359A2}" = Adobe Captivate Reviewer
"{846CC74A-B339-4E1A-A3C3-33B315E08B59}_is1" = Loan Advisor
"{855916BB-AF65-4893-A326-4C9C39E98C99}" = CorelDRAW Graphics Suite X5 - Designer
"{86B3F2D6-AC2B-4E88-8AE1-F2F77F781B0C}" = EndNote X3
"{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter
"{875F9A42-D47B-43E6-BA68-29D1895188D5}_is1" = Dynamic Auto-Painter 2.5.3
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{88D4FE78-6EA6-4DFB-9FC2-8BC316F0C2FD}" = ACDSee Pro 4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADE5280-35CA-CF98-A456-F66B98C77244}" = ccc-core-static
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8C984E31-9E64-4c16-8A59-BE7B5370EC08}_is1" = Mytoolsoft Image Resizer 2.3.2
"{8D4B3DEB-2E18-4B7F-9CCB-4816A55F4D87}_is1" = Home Photo Studio 2.57
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E7A41FE-5026-4224-9D7E-2DA3F0B41270}" = FloorPlan 3D v11
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-00D1-0409-0000-0000000FF1CE}" = Microsoft Access database engine 2010 (English)
"{90D98D17-B609-4605-9A7D-4591A12A3485}" = Sage ACT! Premium 2011
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93998800-1608-403F-9A51-420A77D23C25}" = Sql Server Customer Experience Improvement Program
"{94C45C20-CB09-54A1-5E41-FCEFBAD50A1B}" = CCC Help Spanish
"{94D0A32F-F467-D869-2AF3-465F5C6F187E}" = CCC Help Chinese Standard
"{94DABFDA-AAC2-413A-86BE-E61CA96D502C}" = MAGIX Video Pro X3 Download Version
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{952D88D2-3E6F-4E40-8553-8070FEFCE5CD}" = Adobe Creative Suite 5 Master Collection
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! Deluxe
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{98B6FB8A-8638-4037-AD44-CF7D0EEAB875}_is1" = TypingMaster Pro
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{99B366B0-76B6-4DBA-95A3-A730015A7D01}" = MasterCook Deluxe 9
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BB6A623-75E5-4791-9268-03102B56FB1E}" = Simple Home Budget
"{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU
"{9C542173-96F0-435D-A95C-468CAAC75EA0}" = Adobe Flash Player 10 Plugin
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A254D625} PicturesToExe 6.5_is1" = PicturesToExe 6.5
"{A2936FB0-F2FC-4637-8260-29FDC71E6F3C}" = Corel Home Office
"{A37CA1E3-3343-BF7D-0103-EA5790A67C2A}" = CCC Help German
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A4ECF10E-8914-4E29-9E48-8BE2F57558DC}" = ResumeMaker
"{A549A0F9-77EE-4619-990A-8331D145F257}" = Corel Home Office - IPM
"{A567895C-1D23-48ED-BE83-FB3ED7D30442}" = IPM_VS_Pro
"{A6FD1334-FD75-4951-935D-08F8C7E4C6B0}" = WordPerfect Office X5 - Sharepoint
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{a72ce741-1f32-4d79-bffb-a714375c678d}_is1" = Bigasoft Total Video Converter 2.5.6.3982
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A97C9A80-DD35-48DF-8D57-308B2DE116E2}_is1" = Photo Effects Studio 2.25
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AA902C31-B49D-4608-BCCF-2519EB77722D}" = ICA
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ABC0160A-D981-8776-5D53-B962E9AB9A17}" = CCC Help French
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{B0125BEB-6731-43FA-88DA-B64D7BD3AD2D}" = VSPro
"{B20D0A45-039C-1299-1E92-81BC9A995BFA}" = CCC Help Korean
"{B32A879C-F8E9-4879-AAE1-3ABB34297032}" = ImageIngesterPro3
"{B3783869-5D14-4838-A042-910DF816D070}" = Xara3D6
"{B40EA8AE-322B-46DE-B422-480A40F43AEE}" = Brain Trainer
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B62C4524-41B5-4E65-952B-36AEC51E3F55}" = WordPerfect Office X5
"{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7EDCA19-58E3-9B10-5ED5-1928DF65BB4F}" = Catalyst Control Center Graphics Light
"{B84ECBE1-6ED5-4E86-B4AB-DF46D342411F}" = Share
"{B87FAC24-973D-4A4F-AFC4-555FB95B32DB}" = PureHD
"{B8887E02-C910-4498-A7C0-186ABFDCD110}" = GPU Boost Driver
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = SQL Server 2008 R2 Database Engine Services
"{B99D218E-948E-BB99-9E9A-D5D31B3FC4D1}" = CCC Help Japanese
"{BA39F78D-E4B1-8DB4-AFC6-7302DC3B12BC}" = CCC Help Czech
"{BA88EE67-8974-459D-A1DB-C8281D9AC6F6}" = Browser Configuration Utility
"{BD510201-74C1-4C78-D7A8-4E2210495A6D}" = CCC Help English
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4778408-3268-45CE-AE15-772D1739A1F1}" = VIO
"{C6017EEA-9E51-4129-84BA-EFA9520E69D8}" = Common
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6B003DB-5950-0800-0858-1F5F70A090F6}" = CCC Help Polish
"{C82185E8-C27B-4EF4-2010-1111BC2C2B6D}" = Microsoft MapPoint North America 2010
"{C82185E8-C27B-4EF4-2010-3333BC2C2B6D}" = Microsoft AutoRoute 2010
"{C82185E8-C27B-4EF4-2010-4444BC2C2B6D}" = Microsoft Streets & Trips 2010
"{C82185E8-C27B-4EF4-2011-1111BC2C2B6D}" = Microsoft MapPoint North America 2011
"{C82185E8-C27B-4EF4-2011-4444BC2C2B6D}" = Microsoft Streets & Trips 2011
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}" = SQL Server 2008 R2 Common Files
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3B7C24-30A1-4961-8039-94919F5ED2EE}" = Noiseware Community Edition
"{CC4C7E9B-4B26-4D8D-8076-40CF708A9FA4}" = Contents
"{CCC4E428-411E-4605-B515-317D50ABD477}" = Ulead DVD MovieFactory 6
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CD5C6C29-E6CB-4DF3-B45F-A04087B1C294}" = WordPerfect Office X5 - Templates
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0
"{CE26F10F-C80F-4377-908B-1B7882AE2CE3}" = Crystal Reports Basic Runtime for Visual Studio 2008
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = Corel DESIGNER Technical Suite X5 - Setup Files
"{CE872483-12EB-4E99-8E68-35B62E8F41E3}}_is1" = Eahoosoft DVD Ripper 2.01
"{CE949716-2A5A-40F2-BA31-54CE71B37FE5}" = QuarkXPress
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFD8CBAE-0898-4BC9-AF14-D03FBBDD1B6C}" = ACDSee Picture Frame Manager
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D07F85DE-22F1-4FB4-B3D1-402FD22C4870}" = DeviceIO
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D194BBA4-52C3-46FC-B112-812546299B79}" = MAGIX Speed burnR (MSI)
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D4167D08-0F61-4F44-BC3F-26B4960745C4}" = WordPerfect Office X5 - Skins
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D59D1C-2BC1-4D18-A30D-A0178C1AF9DA}" = Day Organizer, ver. 2.2.1
"{D53EE2FF-EF7A-A93F-BF5F-2B96029B6C8A}" = Catalyst Control Center Graphics Full Existing
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications ® Core - English
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{D67B8F81-4A7C-4748-854F-95771E965F94}" = honestech Claymation Studio
"{D68897FC-7E8D-4849-819A-726B2489713C}" = ISCOM
"{D6C9AF27-9414-46C8-B9D8-D878BA041033}" = Nero 8
"{D7643510-C1AE-44AD-B0F9-0665C4D73BFD}" = WordPerfect Office X5 - LegalTools
"{D8262480-2A04-407C-B2F7-1439B789C349}" = Print Artist Gold 21
"{D8D9BCF5-0F5F-4D3F-8427-64B7632F93BE}" = Setup
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D95AA4F4-9FCF-4BD8-AC07-AB1912A202E2}_is1" = Home Plan Pro version 5.2.25.2
"{D95E36F3-F0FC-401E-81A1-4A7EC9B6A397}" = Recipes Galore 6.0
"{DA04174D-7B42-F784-0456-B9201DAB1F0D}" = Catalyst Control Center Core Implementation
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DAEDCD3D-B981-4F10-B17B-764753EDAF9F}" = WordPerfect Office X5 - QP
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.19.365
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DE4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3
"{DE612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup
"{DE6DE4A1-0343-4DBE-9DC2-E667AA03F579}" = WordPerfect Office X5 - Setup Files
"{DE8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent
"{DE99075E-7D25-4B96-B32E-BFE6FBFAA644}" = IPM_PSP_CL
"{DEAEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW
"{DEF8C145-CC4F-4DAA-AD5C-E707C07AEE50}" = IPM_PSP_COM
"{DFACE88E-BFD1-4E1F-AF5C-100C979A12B0}" = WinWay Resume Deluxe
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{E20357B6-F5B5-47F4-BD32-9EA60FA49FCC}_is1" = Mortgage Advisor
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3A166CA-AE46-4E51-B4E9-916504A97D17}" = Photo to Cartoon
"{E539B721-4458-4EFC-8BD0-04D4842051AE}" = Wordperfect Office X5 - EN
"{E5C521D8-1577-469E-B6F6-BFD09645E8AC}" = FormTool 6
"{E67732DE-3387-4F1E-BDDA-2D0C08BC025B}" = WordPerfect Office X5 - Filters
"{E6CBC979-E613-49E6-A37B-3C342DE35235}_is1" = PDF to Word
"{E74EA3B1-7192-489D-9A57-0AE918FEC001}" = Corel Home Office - Launcher
"{E903CEC4-6822-47A4-9F6C-4A93C02119A3}" = Deep Exploration 6 CE
"{E95130D6-49DA-418C-BEB3-0F4E75F04A15}" = Calendar Creator
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB9955F8-467C-47FC-90F8-12CD5DF684C3}" = Adobe Premiere Elements 9
"{EC61C6D9-159B-4B14-AAF3-AF33FCFA50DD}" = WordPerfect Office X5 - WP
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{EE1EB497-5F0B-4DEF-910B-165707AB09FA}" = UltraEdit 16.30
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF4E07AE-8607-476D-86B2-AA5CC3DDBCE4}_is1" = Photo User version 1.0
"{F021CC0C-21C3-4038-AA4A-6E3CBC669CE8}" = SQL Server 2008 R2 Database Engine Shared
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = VideoStudio
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F23772E1-3DF8-4AC3-B9A5-2CB7335BCE0B}" = The Print Shop Brochures, Newsletters and More!
"{F3812D83-86D2-4445-A841-3E0BA4F9A11C}" = Merriam-Webster 3.0
"{F3E41C2A-3A29-476D-9685-3F8055AF696A}" = Adobe Creative Suite 5.5 Production Premium
"{F441C985-4F07-4163-978E-BFD3B2BA20EC}" = Brain Trainer 2
"{F45048A1-12C4-4B08-A3EB-32D88033368A}" = Corel Home Office - Templates RU
"{F5C372A1-40F3-49DA-A049-F75CDE9177DC}" = Pinnacle Studio Ultimate Collection Plugins
"{F6EE49FD-B736-4888-A05A-115F3B1160FA}" = WordPerfect Lightning - MSOM
"{F91D702D-3DB1-11D3-B3A9-0020185257C4}" = SOED
"{F93FC0FA-AC65-81AE-58BF-32381C7B407C}" = Catalyst Control Center InstallProxy
"{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio
"{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}" = SQL Server 2008 R2 Common Files
"{FD071DBA-2994-4350-93BB-EC245D0D3C74}_is1" = iResizer 1.0
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE1B5E2F-9CA4-43E8-8A3A-E3A29E8D3786}" = The Print Shop 23
"{FE24086F-3B0C-4C47-A874-97A7B8E2FBBE}" = aioscnnr
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"{FF0E8A52-B152-F22E-8BF5-488EE977ACD0}" = CCC Help Norwegian
"{FF52834F-839A-652B-2BB7-DB4BD61603A9}" = CCC Help Danish
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{Microsoft Student 2007_54A0E938-8390-489F-8F1A-563673334DFE}" = Microsoft Student 2007 for Learning Essentials
"20/20 v2.2" = 20/20 v2.2
"4U Download YouTube Video_is1" = 4U Download YouTube Video (version 4.6.2)
"AC3Filter" = AC3Filter (remove only)
"Academy of Magic" = GameHouse Games Collection: Academy of Magic
"Ace Pro Screensaver Creator" = Ace Pro Screensaver Creator
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"Adobe Presenter 7" = Adobe Presenter 7
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AdobeCaptivateReviewer2.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Captivate Reviewer
"Advanced CD Ripper Pro_is1" = Advanced CD Ripper Pro 3.00
"Advanced MP3 Converter_is1" = Advanced MP3 Converter 4.10
"Advanced Office Repair v1.6" = Advanced Office Repair v1.6
"Adventure Inlay" = GameHouse Games Collection: Adventure Inlay
"Adventure Inlay - Safari Edition" = GameHouse Games Collection: Adventure Inlay - Safari Edition
"Air Strike 3D" = GameHouse Games Collection: Air Strike 3D
"Alien Sky" = GameHouse Games Collection: Alien Sky
"Aloha Solitaire" = GameHouse Games Collection: Aloha Solitaire
"Aloha TriPeaks" = GameHouse Games Collection: Aloha TriPeaks
"AMS Photo Effects_is1" = AMS Photo Effects 2.81
"Ancient Tri-Jong" = GameHouse Games Collection: Ancient Tri-Jong
"Ancient Tripeaks" = GameHouse Games Collection: Ancient Tripeaks
"Anvsoft DVD Menu Template Package 1" = Menu Template Package 1 Ver 1.10
"Ashampoo Burning Studio 10_is1" = Ashampoo Burning Studio 10 v.10.0.11
"Ashampoo Photo Commander 9_is1" = Ashampoo Photo Commander 9 v.9.3.0
"Ashampoo_US Toolbar" = Ashampoo US Toolbar
"ASP800_is1" = Anime Studio Pro 8.0
"AssetManageHome_2010" = HomeManage 2010
"Astrobatics" = GameHouse Games Collection: Astrobatics
"Atlantis" = GameHouse Games Collection: Atlantis
"Atomaders" = GameHouse Games Collection: Atomaders
"Auto Collage Studio_is1" = Auto Collage Studio 3.27
"AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor_is1" = AVS Video Editor 5
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS Video ReMaker_is1" = AVS Video ReMaker 4.0.2.126
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"BCDP10_is1" = Business Card Designer Plus 10.1.0.0
"BCDP7_is1" = Business Card Designer Plus 7.5.5.0
"Beauty Guide_is1" = Beauty Guide 1.3.1
"Bejeweled 2" = GameHouse Games Collection: Bejeweled 2
"Bejeweled 2 Deluxe" = Bejeweled 2 Deluxe
"Bejeweled Twist 1.0.3.7482" = Bejeweled Twist 1.0.3.7482
"Bewitched" = GameHouse Games Collection: Bewitched
"Big Kahuna Reef" = GameHouse Games Collection: Big Kahuna Reef
"Boggle Supreme" = GameHouse Games Collection: Boggle Supreme
"Bounce Out Blitz" = GameHouse Games Collection: Bounce Out Blitz
"BurnAware Professional Retail zoo_is1" = BurnAware Professional 3.0.4
"C3DE38AF-1D99-489C-A0B5-094550F6C7F9" = Sudoku Ball - Detective
"Calendar Wizard" = Calendar Wizard
"Cambridge Advanced Learner's Dictionary" = Cambridge Advanced Learner's Dictionary
"Casino Island To Go" = GameHouse Games Collection: Casino Island To Go
"Centico Photo Album_is1" = Centico Photo Album 1.0
"Chainz" = GameHouse Games Collection: Chainz
"Chainz 2: Relinked" = GameHouse Games Collection: Chainz 2 - Relinked
"Charm Solitaire" = GameHouse Games Collection: Charm Solitaire
"Charm Tale" = GameHouse Games Collection: Charm Tale
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Chicktionary" = GameHouse Games Collection: Chicktionary
"Chuzzle Deluxe" = GameHouse Games Collection: Chuzzle Deluxe
"CloneCD" = CloneCD
"Collapse! Crunch" = GameHouse Games Collection: Collapse! Crunch
"ColorChecker Passport_is1" = ColorChecker Passport 1.0.1
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.StudioCloud.Desktop.3.F2DAE273367737D97F8409B8C86CCCEDC39FC38E.1" = StudioCloud 3.0
"Combo Chaos!" = GameHouse Games Collection: Combo Chaos!
"CompactCalc_is1" = CompactCalc
"Concise Oxford English Dictionary (Eleventh Edition)" = Concise Oxford English Dictionary (Eleventh Edition)
"conduitEngine" = Conduit Engine
"CookBook+Calendar_is1" = CookBook+Calendar version 2.3
"Cool Music Converter_is1" = Cool Music Converter v7.4.3.203
"Cool Music RecordEdit Station_is1" = Cool Music RecordEdit Station v7.4.4.193
"Cool Resizer" = Cool Resizer 2011 (remove only)
"Copernic Agent Professional" = Copernic Agent Professional
"Crystal Path" = GameHouse Games Collection: Crystal Path
"Cubis Gold 2" = GameHouse Games Collection: Cubis Gold 2
"Daily Task Reminder Software_is1" = Daily Task Reminder Software
"DeskCalc" = Deskcalc Pro
"Desktop Calendar and Planner Software" = Desktop Calendar and Planner Software
"DesktopCalc_is1" = DesktopCalc
"Digby's Donuts" = GameHouse Games Collection: Digby's Donuts
"DIGISTUDIO" = DIGISTUDIO 9.2.3
"Diner Dash" = GameHouse Games Collection: Diner Dash
"DVD Audio Extractor_is1" = DVD Audio Extractor 6.0.1
"DVDFab 8 Qt_is1" = DVDFab 8.1.0.5 (04/07/2011) Qt
"Dynamic-Photo HDR 5_is1" = Dynamic-Photo HDR 5
"Easy DVD Creator_is1" = Easy DVD Creator 2.3.1
"Efficient Address Book_is1" = Efficient Address Book 1.67
"Efficient To-Do List_is1" = Efficient To-Do List 1.67
"Elf Bowling The Last Insult_is1" = Elf Bowling The Last Insult
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"FairStars Audio Converter Pro_is1" = FairStars Audio Converter Pro 1.40
"FairStars Audio Converter_is1" = FairStars Audio Converter 1.94
"Feeding Frenzy" = GameHouse Games Collection: Feeding Frenzy
"ffdshow_is1" = ffdshow [rev 2975] [2009-05-28]
"Fiber Twig" = GameHouse Games Collection: Fiber Twig
"Five Card Deluxe" = GameHouse Games Collection: Five Card Deluxe
"Flame Painter_is1" = Flame Painter 1.2
"Flip Words" = GameHouse Games Collection: Flip Words
"Flying Leo" = GameHouse Games Collection: Flying Leo
"Focus Photoeditor_is1" = Focus Photoeditor 6.3.4
"FontMap_is1" = FontMap version 2.37a
"Fortune Tiles Gold" = GameHouse Games Collection: Fortune Tiles Gold
"FotoArchiv XL_is1" = FotoArchiv XL
"Frame Maker Pro_is1" = Frame Maker Pro 3.91
"FramePhotoEditor_is1" = FramePhotoEditor 3.0.2.1
"Fresco Wizard" = GameHouse Games Collection: Fresco Wizard
"FrostWire" = FrostWire 4.21.3
"Fun Morph_is1" = Fun Morph 3.0
"FunPhotor_is1" = FunPhotor 2008
"GameHouse Sudoku" = GameHouse Games Collection: GameHouse Sudoku
"Gearz" = GameHouse Games Collection: Gearz
"Gold Burn_is1" = Gold Burn Version 5.6.1
"Google Chrome" = Google Chrome
"Granny in Paradise" = GameHouse Games Collection: Granny in Paradise
"Gutterball" = GameHouse Games Collection: Gutterball
"Gutterball 2" = GameHouse Games Collection: Gutterball 2
"Hamsterball" = GameHouse Games Collection: Hamsterball
"HardCopy Pro" = HardCopy Pro
"Hello!" = GameHouse Games Collection: Hello!
"Holiday Express" = GameHouse Games Collection: Holiday Express
"Home Manager_is1" = Home Manager 2010
"Hoyle Card Games 2011" = Hoyle Card Games 2011 (remove only)
"Hoyle Puzzle and Board Games 2011" = Hoyle Puzzle and Board Games 2011 (remove only)
"Hoyle Slots 2011" = Hoyle Slots 2011 (remove only)
"huey_is1" = huey 1.0.5
"iCash_is1" = iCash 7.4.0
"IconCool Studio 7 Pro" = IconCool Studio 7 Pro
"Iggle Pop!" = GameHouse Games Collection: Iggle Pop!
"Image Resize Guide_is1" = Image Resize Guide 1.1.1
"ImageConverter Plus_is1" = ImageConverter Plus 8.0
"ImgBurn" = ImgBurn
"ImTOO Convert PowerPoint to DVD Business" = ImTOO Convert PowerPoint to DVD Business
"ImTOO Photo Slideshow Maker" = ImTOO Photo Slideshow Maker
"Incadia" = GameHouse Games Collection: Incadia
"Incredible Ink" = GameHouse Games Collection: Incredible Ink
"Insaniquarium Deluxe" = GameHouse Games Collection: Insaniquarium Deluxe
"Inspector Parker" = GameHouse Games Collection: Inspector Parker
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = PhotoImpact X3
"InstallShield_{218D2E7E-37A9-4B5D-B4A1-13FD6B8B9D17}" = Corel DVD MovieFactory 7 TBYB
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector 2011
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{4D44AD63-8061-41A8-BCCD-23B7117E3C14}" = Corel DVD Copy 6
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{83EC8AE9-53A6-474D-95AF-8F5116CC9C4E}" = 3D Home Architect Design Suite Deluxe 8
"InstallShield_{90D98D17-B609-4605-9A7D-4591A12A3485}" = Sage ACT! Premium 2011
"InstallShield_{99B366B0-76B6-4DBA-95A3-A730015A7D01}" = MasterCook Deluxe 9
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{CCC4E428-411E-4605-B515-317D50ABD477}" = Ulead DVD MovieFactory 6
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = Corel VideoStudio 12
"InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = Ulead VideoStudio 11
"Invadazoid" = GameHouse Games Collection: Invadazoid
"Invoice Manager_is1" = Invoice Manager 2.1.08
"Jewel Quest" = GameHouse Games Collection: Jewel Quest
"Jewel Quest 2_is1" = Jewel Quest 2
"Jewel Quest 3 1.11" = Jewel Quest 3 1.11
"Kingdia CD Extractor_is1" = Kingdia CD Extractor V3.6.12
"Kingdia DVD Ripper_is1" = Kingdia DVD Ripper V3.6.12
"Kingsoft Office" = Kingsoft Office 2010 (6.6.0.2496)
"Knoll Light Factory EZ Studio" = Knoll Light Factory EZ Studio
"LDPD7_is1" = Label Designer Plus DELUXE 7.3.0.0
"Lemonade Tycoon" = GameHouse Games Collection: Lemonade Tycoon
"Life Photo Maker" = Life Photo Maker
"Lite Photos" = Lite Photos
"Loan And Mortgage 2_is1" = Loan And Mortgage 2.3.1
"Luxor" = GameHouse Games Collection: Luxor
"Mad Caps" = GameHouse Games Collection: Mad Caps
"Magic Ball 2" = GameHouse Games Collection: Magic Ball 2
"Magic Ball 2 - New Worlds" = GameHouse Games Collection: Magic Ball 2 - New Worlds
"Magic Ball Deluxe" = GameHouse Games Collection: Magic Ball
"Magic Bullet Looks Studio" = Magic Bullet Looks Studio
"Magic Burning Studio_is1" = Magic Burning Studio 12.3.1.27
"Magic Image Resizer" = Magic Image Resizer 1.7 (remove only)
"Magic Inlay" = GameHouse Games Collection: Magic Inlay
"Magic Music Editor_is1" = Magic Music Editor v8.12.2.15
"Magic Photo Editor_is1" = Magic Photo Editor 3.0
"Magic Video Converter_is1" = Magic Video Converter 12.1.11.8
"Magic Vines" = GameHouse Games Collection: Magic Vines
"MAGIX_MSI_Videodeluxe17_pro" = MAGIX Video Pro X3 Download Version
"MAGIX_MSI_Xara3D7" = Xara 3D Maker 7
"Mah Jong Adventures" = GameHouse Games Collection: Mah Jong Adventures
"Mah Jong Medley" = GameHouse Games Collection: Mah Jong Medley
"Mah Jong Quest" = GameHouse Games Collection: Mah Jong Quest
"Mahjong Garden To Go" = GameHouse Games Collection: Mahjong Garden To Go
"Mahjong Towers Eternity" = GameHouse Games Collection: Mahjong Towers Eternity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Maui Wowee" = GameHouse Games Collection: Maui Wowee
"MediaMonkey_is1" = MediaMonkey 3.2
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2
"Mini Golf Designer" = Mini Golf Designer
"Monopoly by Parker Brothers" = Monopoly by Parker Brothers
"Morpheus Photo Animation Suite_is1" = Morpheus Photo Animation Suite v3.16
"Mortgage Prelude_is1" = Mortgage Prelude v2.6.4
"Mozilla Firefox 6.0 (x86 en-US)" = Mozilla Firefox 6.0 (x86 en-US)
"MS Word Search In Multiple Word Files Software_is1" = MS Word Search In Multiple Word Files Software
"MultiplexCalc_is1" = MultiplexCalc
"Music Convert Master_is1" = Music Convert Master v5.2.1.435
"My Notes Keeper_is1" = My Notes Keeper 2.2.4
"MySlideShowGold2_is1" = MySlideShow Gold 2.7.4
"MyVideoConverter" = MyVideoConverter 1.38
"Neat Image_is1" = Neat Image v6.0 Pro+
"NTI Digital Flix 2.5_is1" = NTI Digital Flix 2.5
"Okdo Document Converter Professional_is1" = Okdo Document Converter Professional 4.0
"OpenAL" = OpenAL
"OrgFinances_is1" = OrgFinances version 1.4
"Personal Finances Pro_is1" = Personal Finances Pro v3.1
"Phlinx To Go" = GameHouse Games Collection: Phlinx To Go
"Photo Collage Creator_is1" = Photo Collage Creator 3.81
"Photo Collage Maker_is1" = Photo Collage Maker 1.31
"Photo DVD Creator_is1" = Photo DVD Creator 5.1
"Photo DVD Maker Professional" = Photo DVD Maker Professional 8.10
"Photo Frame Studio_is1" = Photo Frame Studio 1.1
"Photo Graffiti Demo" = Photo Graffiti Demo
"Photo Stamp Remover_is1" = Photo Stamp Remover 2.0
"Photo-Brush_is1" = Photo-Brush 5.30
"Photocopier Pro_is1" = Photocopier Pro Version 3.08
"Photodex Presenter" = Photodex Presenter
"Photon" = Instant Photo Effects 2.0
"Picture Cutout Guide_is1" = Picture Cutout Guide 2.1.0
"Picture Reduce Studio_is1" = Picture Reduce Studio 3.0.4 build 2133
"Picture Resize Genius_is1" = Picture Resize Genius 3.0
"PictureItSuite_v12" = Microsoft Digital Image Suite Anniversary Edition
"Pin High Country Club Golf" = GameHouse Games Collection: Pin High Country Club Golf
"Pizza Frenzy" = GameHouse Games Collection: Pizza Frenzy
"Platypus" = GameHouse Games Collection: Platypus
"Poker Superstars" = GameHouse Games Collection: Poker Superstars
"Poker Superstars II" = Poker Superstars II
"Portrait Professional Studio 9_is1" = Portrait Professional Studio 9.0
"Power Screen Capture_is1" = Power Screen Capture 7.1.0.318
"PowerISO" = PowerISO
"PremElem90" = Adobe Premiere Elements 9
"ProCooking" = ProCooking
"Professor Answers" = Professor Answers
"Professor Teaches Access 2007" = Professor Teaches Access 2007
"Professor Teaches Excel 2007" = Professor Teaches Excel 2007
"Professor Teaches FrontPage 2003" = Professor Teaches FrontPage 2003
"Professor Teaches HTML Advanced" = Professor Teaches HTML Advanced
"Professor Teaches HTML Fundamentals" = Professor Teaches HTML Fundamentals
"Professor Teaches Internet Explorer 6" = Professor Teaches Internet Explorer 6
"Professor Teaches Outlook 2007" = Professor Teaches Outlook 2007
"Professor Teaches PowerPoint 2007" = Professor Teaches PowerPoint 2007
"Professor Teaches Web Design Fundamentals" = Professor Teaches Web Design Fundamentals
"Professor Teaches Windows XP Professional" = Professor Teaches Windows XP Professional
"Professor Teaches Word 2007" = Professor Teaches Word 2007
"ProShow Gold" = ProShow Gold
"ProShow Producer" = ProShow Producer
"Protected Music Converter_is1" = Protected Music Converter 1.8
"Punch! Home Design - Platinum" = Punch! Home Design - Platinum
"Puzzle Express" = GameHouse Games Collection: Puzzle Express
"Puzzle Inlay" = GameHouse Games Collection: Puzzle Inlay
"Puzzle Solitaire" = GameHouse Games Collection: Puzzle Solitaire
"QBz" = GameHouse Games Collection: QBz
"Quick DVD Creator_is1" = Quick DVD Creator 3.20
"QuizResultsAnalyzer.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Captivate Quiz Results Analyzer
"Random House Webster's Unabridged Dictionary" = Random House Webster's Unabridged Dictionary
"Rapid Resizer_is1" = Rapid Resizer
"Reader's Digest Super Word Power" = GameHouse Games Collection: Reader's Digest Super Word Power
"RealAlt_is1" = Real Alternative 1.8.4 Lite
"RealPlayer 12.0" = RealPlayer
"Rechnung3" = Softwarenetz Invoice3
"Red Giant ToonIt Studio" = Red Giant ToonIt Studio
"Remind-Me" = Remind-Me
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"Ricochet" = GameHouse Games Collection: Ricochet
"Ricochet Lost Worlds" = GameHouse Games Collection: Ricochet Lost Worlds
"Ricochet Lost Worlds: Recharged" = GameHouse Games Collection: Ricochet Lost Worlds - Recharged
"Roller Rush" = GameHouse Games Collection: Roller Rush
"RonyaSoft CD DVD Label Maker" = RonyaSoft CD DVD Label Maker 2.02
"RonyaSoft Poster Designer (Poster Forge)" = RonyaSoft Poster Designer (Poster Forge) 2.01
"RonyaSoft Poster Printer (ProPoster)" = RonyaSoft Poster Printer (ProPoster) 3.01
"Rylstim Budget_is1" = Rylstim Budget 4.3.1
"Saints & Sinners Bingo" = GameHouse Games Collection: Saints & Sinners Bingo
"ScienCalc_is1" = ScienCalc
"SCRABBLE" = GameHouse Games Collection: SCRABBLE
"SCRABBLE® 2007 EDITION" = SCRABBLE® Interactive 2007 EDITION Uninstall
"Shape Shifter" = GameHouse Games Collection: Shape Shifter
"Sharp World Clock_is1" = Sharp World Clock 1.42
"Simple Business Invoicing & Inventory_is1" = Simple Business Invoicing & Inventory 3.3.2
"SimplexCalc_is1" = SimplexCalc
"SlideShow_0" = SlideShow Prime 1.0
"Slingo Deluxe" = GameHouse Games Collection: Slingo Deluxe
"Snood Towers_is1" = Snood Towers for Windows version 1.02
"Snood_is1" = Snood for Windows version 3.52-W
"SolSuite Graphics Pack Volume 1_is1" = SolSuite Graphics Pack Volume 1 - v1.14
"SolSuite Graphics Pack Volume 2_is1" = SolSuite Graphics Pack Volume 2 - v2.11
"SolSuite_is1" = SolSuite 2007 v7.7
"Sonne Video Converter_is1" = Sonne Video Converter 8.1.2.101
"Speaking Clock Deluxe_is1" = Speaking Clock Deluxe 3.52
"Spelvin" = GameHouse Games Collection: Spelvin
"Splash" = GameHouse Games Collection: Splash
"SpongeBob SquarePants Typing" = SpongeBob SquarePants Typing
"Spring Sprang Sprung" = GameHouse Games Collection: Spring Sprang Sprung
"SS Birthday Reminder_is1" = SS Birthday Reminder 2.11
"Super 5-Line Slots" = GameHouse Games Collection: Super 5-Line Slots
"Super Blackjack!" = GameHouse Games Collection: Super Blackjack!
"Super Bounce Out!" = GameHouse Games Collection: Super Bounce Out!
"Super Candy Cruncher" = GameHouse Games Collection: Super Candy Cruncher
"Super Collapse!" = GameHouse Games Collection: Super Collapse!
"Super Collapse! II" = GameHouse Games Collection: Super Collapse! II
"Super Collapse! II Platinum" = GameHouse Games Collection: Super Collapse! II Platinum
"Super Fruit Frolic" = GameHouse Games Collection: Super Fruit Frolic
"Super GameHouse Solitaire Vol. 1" = GameHouse Games Collection: Super GameHouse Solitaire Vol. 1
"Super GameHouse Solitaire Vol. 2" = GameHouse Games Collection: Super GameHouse Solitaire Vol. 2
"Super GameHouse Solitaire Vol. 3" = GameHouse Games Collection: Super GameHouse Solitaire Vol. 3
"Super Gem Drop" = GameHouse Games Collection: Super Gem Drop
"Super Glinx!" = GameHouse Games Collection: Super Glinx!
"Super Letter Linker" = GameHouse Games Collection: Super Letter Linker
"Super Mah Jong Solitaire" = GameHouse Games Collection: Super Mah Jong Solitaire
"Super Nisqually" = GameHouse Games Collection: Super Nisqually
"Super PileUp!" = GameHouse Games Collection: Super PileUp!
"Super Pool" = GameHouse Games Collection: Super Pool
"Super Pop & Drop!" = GameHouse Games Collection: Super Pop & Drop!
"Super Rumble Cube" = GameHouse Games Collection: Super Rumble Cube
"Super SpongeBob Collapse!" = GameHouse Games Collection: Super SpongeBob Collapse!
"Super TextTwist" = GameHouse Games Collection: Super TextTwist
"Super WHATword" = GameHouse Games Collection: Super WHATword
"Super Wild Wild Words" = GameHouse Games Collection: Super Wild Wild Words
"Talking Calculator" = Talking Calculator
"Talking Time Keeper" = Talking Time Keeper
"Tap a Jam" = GameHouse Games Collection: Tap a Jam
"Ten Pin Championship Bowling Pro" = GameHouse Games Collection: Ten Pin Championship Bowling Pro
"Tennis Titans" = GameHouse Games Collection: Tennis Titans
"Text Ticker_is1" = Text Ticker 2.2 Trial
"The Big Box of Art" = The Big Box of Art
"Total Movie Converter_is1" = TotalMovieConverter
"Total PDF Converter_is1" = TotalPDFConverter
"Tradewinds 2" = GameHouse Games Collection: Tradewinds 2
"Trapcode 3DStroke Studio" = Trapcode 3DStroke Studio
"Trapcode Particular Studio" = Trapcode Particular Studio
"Trapcode Shine Studio" = Trapcode Shine Studio
"Trivia Machine" = GameHouse Games Collection: Trivia Machine
"Tropical Swaps" = GameHouse Games Collection: Tropical Swaps
"Tumblebugs" = GameHouse Games Collection: Tumblebugs
"Turtle Bay" = GameHouse Games Collection: Turtle Bay
"Twistingo" = GameHouse Games Collection: Twistingo
"Ultimate Dominoes" = GameHouse Games Collection: Ultimate Dominoes
"Ultimate Mahjongg 20" = Ultimate Mahjongg 20
"Ultimate Reference Suite" = Ultimate Reference Suite
"Unit Converter Pro_is1" = Unit Converter Pro 2.0
"uTorrent" = µTorrent
"Varmintz Deluxe" = GameHouse Games Collection: Varmintz Deluxe
"Video Capture Master_is1" = Video Capture Master 8.2.0.20
"Video Converter Professional_is1" = Video Converter Professional 8.1.3.201
"Video Editor" = Video Editor
"Video Workshop_is1" = Video Workshop 1.50
"Vinny Loan Check" = Vinny Loan Check
"Visual Watermark_is1" = Visual Watermark 2.9.32
"VLC media player" = VLC media player 1.1.7
"VSO PhotoDVD_is1" = PhotoDVD 4.0.0.37c
"Walls of Jericho, The" = GameHouse Games Collection: Walls of Jericho, The
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Wedding Album Maker Gold" = Wedding Album Maker Gold 3.30
"Wheel of Fortune" = GameHouse Games Collection: Wheel of Fortune
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"Wondershare Video Studio Express_is1" = Wondershare Video Studio Express(Build 1.2.0.4)
"Word Jolt" = GameHouse Games Collection: Word Jolt
"Word Slinger" = GameHouse Games Collection: Word Slinger
"WordJong To Go" = GameHouse Games Collection: WordJong To Go
"Xilisoft RMVB Converter" = Xilisoft RMVB Converter
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate
"YouTube HD Transfer Release_is1" = YouTube HD Transfer 1.0.582
"Zuma Deluxe" = GameHouse Games Collection: Zuma Deluxe

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"JobTabs" = JobTabs Job Search & Resume
"PhotoFiltre Studio X" = PhotoFiltre Studio X
"PhotoZoom Pro 2" = BenVista PhotoZoom Pro 2.3.4
"PhotoZoom Pro 4" = BenVista PhotoZoom Pro 4.0.6
"Pic2Ico" = Picture To Icon (remove only)
"ROES.whcc" = ROES.whcc
"SmartDraw 2010" = SmartDraw 2010
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#5 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:14 PM

Posted 20 August 2011 - 06:31 AM

Hello, chrisandsherri.

P2P Warning and Request
The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case FrostWire). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.








Conduit Toolbar Warning"

I see you have the a Conduit toolbar installed. This often is recognized as trackware and I recommend you remove it.

If you would like to remove it, please go to add/Remove Programs and uninstall Conduit Engine, Ashampoo US Toolbar.






Next, please download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#6 chrisandsherri

chrisandsherri
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 20 August 2011 - 10:05 AM

I have removed the toolbar and will speak to my husband about removing Frostwire (and perhaps UTorrent also?). I have attached the ComboFix Log. Thanks.



ComboFix 11-08-19.02 - Owner 08/20/2011 10:00:17.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.7935.5903 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\KGyGaAvL.sys
c:\programdata\ntuser.dat
c:\programdata\xml2FE6.tmp
c:\programdata\xml33EC.tmp
c:\programdata\xml361F.tmp
c:\users\Owner\AppData\Roaming\dvdae
c:\users\Owner\AppData\Roaming\dvdae\dvdae.config
c:\users\Owner\AppData\Roaming\dvdae\dvdae.lic
c:\users\Owner\AppData\Roaming\inst.exe
c:\users\Owner\g2mdlhlpx.exe
c:\windows\SysWow64\local.txt
c:\windows\UA000106.DLL
K:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-07-20 to 2011-08-20 )))))))))))))))))))))))))))))))
.
.
2011-08-20 03:51 . 2011-08-20 03:51 -------- d-----w- C:\LCA_Sample_Pack_Textures
2011-08-20 01:37 . 2011-08-20 01:37 -------- d-----w- c:\program files (x86)\Citrix
2011-08-14 20:59 . 2011-08-14 20:59 -------- d-----w- c:\users\Owner\AppData\Roaming\com.StudioCloud.Desktop.3.F2DAE273367737D97F8409B8C86CCCEDC39FC38E.1
2011-08-14 20:58 . 2011-08-14 21:01 -------- d-----w- c:\program files (x86)\StudioCloud 3.0
2011-08-14 20:22 . 2011-08-14 20:35 -------- d-----w- c:\programdata\StudioPlus Software
2011-08-14 20:22 . 2011-08-14 20:35 -------- d-----w- c:\program files (x86)\StudioPlus 2011
2011-08-12 19:23 . 2011-08-12 19:23 -------- d-----w- c:\users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2011-08-12 19:22 . 2011-08-12 19:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-12 19:22 . 2011-08-12 19:22 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-08-10 19:55 . 2011-08-10 19:55 -------- d-----w- c:\program files (x86)\ESET
2011-08-09 23:12 . 2011-08-09 23:12 -------- d-----w- c:\users\Owner\AppData\Local\MicroVision Applications
2011-08-09 23:12 . 2011-08-09 23:12 -------- d-----w- c:\program files (x86)\SureThing CD Labeler 5
2011-08-09 22:56 . 2011-08-09 22:56 -------- d-----w- c:\program files (x86)\Common Files\LightScribe
2011-08-09 22:55 . 2011-08-09 22:55 -------- d-----w- c:\program files (x86)\LightScribe
2011-08-09 22:32 . 2011-08-09 22:32 -------- d-----w- c:\program files (x86)\Photo Story 3 for Windows
2011-08-09 21:11 . 2011-08-18 21:32 -------- d-----w- c:\users\Owner\AppData\Local\CutePDF Writer
2011-08-09 05:13 . 2011-08-08 18:09 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-08-08 19:43 . 2011-08-08 19:43 -------- d-----w- c:\users\Owner\.WHCC
2011-08-08 19:43 . 2011-08-08 19:44 -------- d-----w- c:\users\Owner\.roescache
2011-08-08 19:42 . 2011-08-08 19:42 -------- d-----w- c:\windows\Sun
2011-08-08 18:13 . 2011-08-08 18:13 -------- d-----w- c:\program files (x86)\PrtScr
2011-08-08 18:09 . 2011-08-08 18:09 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-08-08 18:05 . 2011-07-21 18:59 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-08-08 18:05 . 2011-08-08 18:05 -------- d-----w- c:\programdata\Lavasoft
2011-08-08 18:05 . 2011-08-08 18:05 -------- d-----w- c:\program files (x86)\Lavasoft
2011-08-08 17:53 . 2011-08-08 17:53 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2011-08-08 17:53 . 2011-08-08 17:53 -------- d-----w- c:\programdata\Malwarebytes
2011-08-08 17:53 . 2011-07-06 23:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-08 17:53 . 2011-08-08 17:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-08-08 17:53 . 2011-07-06 23:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-08 16:45 . 2011-08-08 16:45 -------- d-----w- c:\program files\DIFX
2011-08-08 16:45 . 2011-08-08 16:45 -------- d-----w- c:\program files\WDCSAM
2011-08-07 23:44 . 2011-08-07 23:44 -------- d-----w- c:\program files (x86)\X-Rite
2011-08-07 23:44 . 2011-08-07 23:44 -------- d-----w- c:\programdata\X-Rite
2011-08-07 22:07 . 2011-08-07 22:07 -------- d-----w- c:\program files (x86)\GPLGS
2011-08-07 22:07 . 2009-11-05 12:40 85504 ----a-w- c:\windows\system32\cpwmon64.dll
2011-08-07 22:07 . 2011-08-07 22:07 -------- d-----w- c:\program files (x86)\Acro Software
2011-08-07 21:57 . 2011-08-07 21:57 -------- d-----w- c:\program files (x86)\uTorrent
2011-08-07 21:56 . 2011-08-09 23:14 -------- d-----w- c:\users\Owner\AppData\Roaming\uTorrent
2011-08-07 21:56 . 2011-08-07 21:56 -------- d-----w- c:\users\Owner\AppData\Local\uTorrent
2011-08-07 21:44 . 2011-08-07 21:44 -------- d-----w- c:\users\Owner\AppData\Roaming\Imagenomic
2011-08-07 21:42 . 2011-08-07 22:10 -------- d-----w- c:\program files (x86)\Imagenomic
2011-08-07 21:30 . 2011-08-07 21:30 -------- d-----w- c:\users\Owner\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-08-07 21:30 . 2011-08-07 21:30 -------- d-----w- c:\users\Owner\AppData\Roaming\Adobe Mini Bridge CS5
2011-08-07 21:28 . 2011-08-07 21:28 -------- d-----w- c:\users\Owner\AppData\Local\Western Digital
2011-08-07 21:09 . 2011-08-07 21:09 -------- d-----w- c:\users\Owner\AppData\Roaming\Pantone
2011-08-07 21:05 . 2011-08-07 21:05 -------- d-----w- c:\program files (x86)\Pantone
2011-08-07 19:34 . 2011-03-03 11:58 232960 ----a-w- c:\windows\system32\Spool\prtprocs\x64\EKIJ5000PPR.dll
2011-08-07 19:30 . 2011-08-07 19:31 -------- d-----w- c:\users\Owner\AppData\Local\Eastman_Kodak_Company
2011-08-07 19:29 . 2011-08-07 19:29 -------- d-----w- c:\users\Owner\AppData\Local\Eastman Kodak Company
2011-08-07 19:29 . 2011-08-07 19:29 -------- d-----w- c:\windows\SysWow64\kodak
2011-08-07 19:27 . 2011-08-07 19:27 -------- d-----w- c:\windows\SysWow64\spool
2011-08-07 19:27 . 2011-08-07 19:27 -------- d-----w- c:\program files (x86)\Kodak
2011-08-07 19:25 . 2011-08-20 14:51 -------- d-----w- c:\programdata\Kodak
2011-08-07 19:11 . 2011-08-07 19:11 -------- d-----w- c:\programdata\MumboJumbo
2011-08-07 17:09 . 2011-08-07 17:09 -------- d-----w- C:\MoTemp
2011-08-07 17:05 . 2011-08-07 17:05 -------- d-----w- c:\users\Owner\AppData\Roaming\PACE Anti-Piracy
2011-08-07 17:05 . 2011-08-07 17:05 -------- d-----w- c:\users\Owner\AppData\Local\PACE Anti-Piracy
2011-08-07 17:05 . 2011-08-07 17:05 -------- d-----w- c:\programdata\PACE Anti-Piracy
2011-08-07 17:05 . 2011-08-07 17:05 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy
2011-08-07 16:04 . 2011-08-07 16:04 -------- d-----w- c:\program files (x86)\Adobe Story
2011-08-07 07:05 . 2011-08-07 07:05 -------- d-----w- c:\programdata\ALM
2011-08-07 06:55 . 2011-08-07 06:55 -------- d-----w- c:\users\Owner\Adobe Flash Builder 4
2011-08-07 06:31 . 2011-08-07 06:31 -------- d-----w- c:\program files (x86)\My Company Name
2011-08-07 06:14 . 2011-08-07 06:14 154 ----a-w- c:\users\Owner\AppData\Roaming\Tr.exe
2011-08-07 02:41 . 2011-08-07 02:41 -------- d-----w- C:\My Works
2011-08-07 02:33 . 2011-08-07 02:33 -------- d-----w- c:\program files (x86)\Caricature Software
2011-08-07 02:11 . 2011-08-07 02:11 -------- d-----w- c:\program files (x86)\Right Hemisphere
2011-08-07 01:12 . 2011-08-07 01:12 -------- d-----w- c:\programdata\Photo User
2011-08-07 00:55 . 2011-08-07 00:56 -------- d-----w- c:\users\Owner\AppData\Roaming\ImTOO
2011-08-07 00:55 . 2011-08-07 00:55 -------- d-----w- c:\users\Owner\AppData\Roaming\ImageResizeGuide
2011-08-07 00:45 . 2011-08-07 00:45 -------- d-----w- c:\users\Owner\AppData\Roaming\mresreg
2011-08-07 00:21 . 2011-08-07 00:21 -------- d-----w- c:\users\Owner\AppData\Roaming\BeautyGuide
2011-08-07 00:13 . 2011-08-07 00:13 -------- d-----w- c:\users\Owner\AppData\Roaming\AdobeCaptivateReviewer2.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
2011-08-07 00:12 . 2011-08-07 00:12 -------- d-----w- c:\users\Owner\AppData\Roaming\QuizResultsAnalyzer.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
2011-08-06 23:58 . 2011-08-06 23:58 -------- d-----w- c:\users\Owner\AppData\Roaming\Chief Architect Premier X3
2011-08-06 23:56 . 2011-08-06 23:56 -------- d-----w- c:\users\Owner\AppData\Roaming\Rylstim Budget
2011-08-06 23:03 . 2011-08-06 23:06 -------- d-----w- c:\program files (x86)\Microsoft MapPoint 2011
2011-08-06 22:57 . 2011-08-06 23:00 -------- d-----w- c:\program files (x86)\Microsoft Streets & Trips 2011
2011-08-06 21:32 . 2011-08-06 22:32 23112 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-08-06 21:30 . 2011-08-06 22:30 -------- d-----w- c:\programdata\Hitman Pro
2011-08-06 20:35 . 2011-08-06 20:35 -------- d-----w- c:\windows\SysWow64\Quark ShapeMaker Presets
2011-08-06 19:20 . 2011-08-06 19:20 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2011-08-06 14:26 . 2011-08-06 14:26 58288 ----a-w- c:\windows\SysWow64\snacnp.dll
2011-08-06 14:26 . 2011-08-06 14:26 58288 ----a-w- c:\windows\system32\snacnp.dll
2011-08-06 14:26 . 2011-08-06 14:26 42632 ----a-w- c:\windows\system32\drivers\WGX64.SYS
2011-08-06 14:26 . 2011-08-06 14:26 102832 ----a-w- c:\windows\system32\FwsVpn.dll
2011-08-06 14:26 . 2011-08-06 14:26 374704 ----a-w- c:\windows\SysWow64\sysfer.dll
2011-08-06 14:26 . 2011-08-06 14:26 10672 ----a-w- c:\windows\SysWow64\sysferThunk.dll
2011-08-06 14:26 . 2011-08-06 14:26 513456 ----a-w- c:\windows\system32\sysfer.dll
2011-08-06 14:26 . 2011-08-06 14:26 147632 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2011-08-06 14:26 . 2011-08-06 14:26 11184 ----a-w- c:\windows\system32\sysferThunk.dll
2011-08-06 14:20 . 2011-08-06 14:20 -------- d-----w- c:\windows\system32\drivers\SEP
2011-08-06 13:41 . 2011-08-06 13:41 -------- d-----w- c:\program files (x86)\Wondershare
2011-08-06 13:38 . 2011-08-06 13:38 -------- d-----w- c:\program files (x86)\LifePhotoMaker
2011-08-06 13:38 . 2011-08-06 13:38 -------- d-----w- c:\programdata\LifePhotoMaker
2011-08-06 13:37 . 2010-10-08 17:53 24832 ----a-w- c:\windows\SysWow64\PteVideo.dll
2011-08-06 13:37 . 2011-08-06 13:37 -------- d-----w- c:\programdata\PicturesToExe
2011-08-06 13:37 . 2011-08-06 13:37 -------- d-----w- c:\program files (x86)\WnSoft PicturesToExe
2011-08-06 13:35 . 2011-08-06 13:35 118272 --sha-r- c:\windows\SysWow64\VBAEN32Q.dll
2011-08-06 13:31 . 2011-08-06 13:31 -------- d-----w- c:\program files\WatermarkSoftware
2011-08-06 13:26 . 2011-08-06 13:27 -------- d-----w- c:\programdata\Visual Watermark
2011-08-06 13:26 . 2011-08-06 13:26 -------- d-----w- c:\program files (x86)\Visual Watermark
2011-08-06 13:25 . 2011-08-06 13:25 -------- d-----w- c:\program files (x86)\Vinny Loan Check
2011-08-06 13:22 . 2011-08-07 01:30 -------- d-----w- c:\program files (x86)\Trix DrawingCenter 6.5
2011-08-06 13:11 . 2011-08-06 14:51 -------- d-----w- c:\program files (x86)\Total PDF Converter
2011-08-06 13:10 . 2011-08-06 13:11 -------- d-----w- c:\users\Owner\AppData\Roaming\Softplicity
2011-08-06 13:10 . 2011-08-06 13:10 -------- d-----w- c:\program files (x86)\TotalMovieConverter
2011-08-06 13:04 . 2011-08-06 13:04 -------- d-----w- c:\users\Owner\AppData\Roaming\SuperMP3Download
2011-08-06 13:04 . 2011-08-06 13:04 -------- d-----w- c:\programdata\SuperMP3Download
2011-08-06 13:02 . 2011-08-06 18:53 -------- d-----w- c:\program files (x86)\SuperMp3Download
2011-08-06 12:53 . 2011-08-06 12:53 -------- d-----w- c:\program files (x86)\DIGISTUDIO
2011-08-06 12:52 . 2011-08-06 12:52 -------- d-----w- c:\windows\uninstall
2011-08-06 12:50 . 2010-10-15 17:19 181688 ----a-w- c:\windows\snui.exe
2011-08-06 12:50 . 2011-08-06 12:50 -------- d-----w- C:\Softwarenetz
2011-08-06 12:49 . 2011-08-06 12:49 -------- d-----w- c:\users\Owner\AppData\Local\assembly
2011-08-06 12:44 . 2011-08-06 12:47 -------- d-----w- c:\program files (x86)\Smart PC Solutions
2011-08-06 12:43 . 2011-08-06 12:43 -------- d-----w- c:\program files\SlideShow Prime
2011-08-06 12:42 . 2011-08-06 12:42 -------- d-----w- c:\program files (x86)\SlideShow Prime
2011-08-06 12:28 . 2011-08-06 12:28 -------- d-----w- c:\program files (x86)\Simply Software
2011-08-06 07:01 . 2011-08-06 07:01 -------- d-----w- c:\programdata\Act
2011-08-06 06:58 . 2011-08-06 06:58 -------- d-----w- c:\users\Owner\AppData\Local\IsolatedStorage
2011-08-06 06:57 . 2003-08-28 18:08 536576 ------w- c:\windows\SysWow64\msvcr70d.dll
2011-08-06 06:57 . 2003-08-28 18:06 94208 ------w- c:\windows\SysWow64\msvci70d.dll
2011-08-06 06:55 . 2011-08-06 06:55 -------- d-----w- c:\programdata\Sage Software, Inc
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-06 14:26 . 2009-11-10 00:03 287152 ----a-w- c:\windows\system32\SymVPN.dll
2011-08-06 14:22 . 2011-02-10 15:20 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-08-06 00:45 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-06-06 19:55 . 2011-06-06 19:55 53656 ----a-w- c:\windows\system32\AdobePDF.dll
2011-06-06 19:55 . 2011-06-06 19:55 24984 ----a-w- c:\windows\system32\AdobePDFUI.dll
2011-06-03 05:57 . 2011-08-05 23:31 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-28 04:07 . 2011-05-28 04:07 745592 ----a-w- c:\windows\system32\drivers\SEP\0C01029F\136B.105\x64\srtsp64.sys
2011-05-28 04:07 . 2011-05-28 04:07 40568 ----a-w- c:\windows\system32\drivers\SEP\0C01029F\136B.105\x64\srtspx64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-06-20 2736128]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-10 5466496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2010-03-05 411864]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.EXE" [2011-03-03 2922496]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
TTK.lnk - c:\program files (x86)\Talking Time Keeper\TalkingTimeKeeper.exe [2011-2-8 1429504]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
hueyTray.lnk - c:\program files (x86)\Pantone\huey\hueyTray.exe [2011-8-7 901120]
Ralink Wireless Utility.lnk - c:\program files (x86)\Ralink\Common\RaUI.exe [2011-8-5 1828128]
taskmgr.exe - Shortcut.lnk - c:\windows\System32\taskmgr.exe [2010-11-20 257024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0lsdelete
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-07 136176]
R3 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-06 169408]
R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R3 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-07 136176]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [x]
R3 LTXMD_VAC;Litex Media Virtual Audio Cable (WDM);c:\windows\system32\drivers\lmvac.sys [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-03-21 53248]
R3 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-03-07 131072]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x]
R3 SureThing Labelflash service;SureThing Labelflash service;c:\program files (x86)\Common Files\SureThing Shared\stllssvr.exe [2008-06-18 74384]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 SyDvCtrl;SyDvCtrl;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\SyDvCtrl64.sys [2011-06-18 29664]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-05-06 44896]
R4 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [2010-05-06 367456]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMEFA64.SYS [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20110812.001\BHDrvx64.sys [2011-07-23 1151096]
S1 IDSVia64;IDSVia64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20110817.030\IDSvia64.sys [2011-06-23 488056]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\Drivers\SEP\0C01029F\136B.105\x64\Ironx64.SYS [x]
S1 SYMNETS;Symantec Network Security WFP Driver;c:\windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-10 139648]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/02/07 17:19];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-11-18 02:29 146928]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-08-04 3975088]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2010-06-24 109056]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-03-05 235752]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-03-09 366000]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-07-21 2151640]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [2010-05-06 42884448]
S2 MSSQL$BAM;SQL Server (BAM);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2010-09-30 3140424]
S2 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Ralink\Common\RalinkRegistryWriter64.exe [2008-09-05 210720]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-19 386344]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x]
S2 SepMasterService;Symantec Endpoint Protection;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe [2011-06-15 137224]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AODDriver;AODDriver;c:\program files\ASUS\GPU Boost Driver\amd64\AODDriver.sys [2010-03-12 52280]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-08-03 136824]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-08-08 17152]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AODDRIVER
*NewlyCreated* - LAVASOFT_KERNEXPLORER
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 19:05 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-02-07 c:\windows\Tasks\1 Copernic Intra-Daily ~Owner-PC Owner.job
- c:\program files (x86)\Copernic Agent\CopernicAgent.exe [2011-02-07 00:16]
.
2011-02-07 c:\windows\Tasks\2 Copernic Daily ~Owner-PC Owner.job
- c:\program files (x86)\Copernic Agent\CopernicAgent.exe [2011-02-07 00:16]
.
2011-02-07 c:\windows\Tasks\3 Copernic Weekly ~Owner-PC Owner.job
- c:\program files (x86)\Copernic Agent\CopernicAgent.exe [2011-02-07 00:16]
.
2011-02-07 c:\windows\Tasks\4 Copernic Monthly ~Owner-PC Owner.job
- c:\program files (x86)\Copernic Agent\CopernicAgent.exe [2011-02-07 00:16]
.
2011-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-07 18:27]
.
2011-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-07 18:27]
.
2011-08-20 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~2\SMARTD~1\Messages\SDNotify.exe [2011-02-08 16:21]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2010-09-30 4042568]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-03-03 2922496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: MasterCook: Select Image - c:\program files (x86)\MasterCook 9\Web\MCIEContext.hta
IE: Open with WordPerfect - c:\program files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta
IE: Search Using Copernic Agent - c:\program files (x86)\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mun666m9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2481032&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2481032&q=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{124d001a-bdcb-472f-aa59-bbe7e4bc3204} - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe
Notify-SEP - c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll
SafeBoot-ccEvtMgr
SafeBoot-ccSetMgr
SafeBoot-Symantec Antivirus
SafeBoot-Symantec Antvirus
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-ProCooking - c:\program files (x86)\ProCooking\Uninstall_ProCooking\Uninstall Professional Cooking
AddRemove-Random House Webster's Unabridged Dictionary - c:\program files (x86)\Random House
AddRemove-Talking Calculator - c:\windows\system32\SpoonUninstall.exe
AddRemove-Talking Time Keeper - c:\windows\system32\SpoonUninstall.exe
AddRemove-ROES.whcc - c:\windows\system32\javaws.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SepMasterService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\sms.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SmcService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe\" /prefetch:1"
"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z
[\]^_ê\01\00ë\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~ê\01\00ë\00\00\00\00Ö\00\00\00\00\00\00\00\00‘’“"
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SPBBCDrv]
"ImagePath"=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.032"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.abr"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.ani"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.apd"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.arw"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.bay"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.bmp"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.bw"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.bwf"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.cel"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.cr2"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.crw"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.cs1"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.cur"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.dcr"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.dcx"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.dib"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.djv"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.djvu"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.dng"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.emf"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.eps"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.erf"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.fff"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.flc"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.fli"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.fpx"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.gif"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.hdr"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.icl"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.icn"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS130.Document.ico"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.iff"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.ilbm"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.int"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.inta"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.iw4"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.j2c"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.j2k"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jbr"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.jfif"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.jif"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.jp2"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.jpc"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.jpe"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.jpeg"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Jpeg"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jpk"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jpx"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserChoice]
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
@Denied: (2) (LocalSystem)
"Progid"="Winamp.File.KAR"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.kdc"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.lbm"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.m15"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.m1a"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.m2a"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.m75"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.mef"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.mos"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.mpv"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.mrw"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.nef"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.nrw"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.orf"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.pbm"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pbr"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.pcd"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pct"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.pcx"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.pef"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.pgm"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.pic"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pics"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pict"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pix"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.png"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.ppm"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.psd"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.psp"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pspbrush"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.pspimage"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.qtpf"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.raf"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.ras"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.raw"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.rgb"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.rgba"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.rle"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.rsb"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.rw2"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.rwl"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.sdv"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.sfil"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.sgi"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.smf"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.sml"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.sr2"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.srf"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.srw"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.swa"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.tga"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.thm"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.tif"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.tiff"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tsdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.tsdr"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.ttc"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.ttf"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.ulw"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30po"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30pp"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30ppf"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v40po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.v40po"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v40pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.v40pp"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v40ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.v40ppf"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.vfw"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.wbm"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.wbmp"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.wmf"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.xbm"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3435487432-1234031240-4110876318-1000)
"Progid"="ACDSee Pro 4.xif"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.xmp"
.
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.xpm"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:f2,c7,a3,85,31,cd,d6,6f,c9,ef,50,d6,3b,5f,85,ab,02,70,7a,0b,9e,
37,bf,aa,69,48,72,92,d9,70,7e,45,c8,13,9b,17,3f,af,6b,92,d5,f1,32,d1,f6,8f,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="F384734A74E49BA11102E47A9436C53001855545318142DBF445D3776FA602125A49BFFC719F01AF232921D660DAA6E51190106D0BEFADF19D1B27258A9F2C986B7A0D5500A29984466F0CFB5FCC71E4B693B5CE4AFADFE3A76F9A1576D3056A95E510582FDBBBB7D16A0A5A5A4FFEBE5389FBE71159D2631DC254735291C7F72E3180FDB6CA8595848003D7BDB76DBEAD3E9CADA75743D6ED647FDFDCB77261ECCF19B36E07561DFE6F64509EF09CE0EF52D405775334D66C7B4A6EF83BC77F6F0F19DBD3B75181C746FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5CA2D97226D213B555A6A0AC4980AC7933FA7D3F2BEB797E61C5120BD32B6E04BE83D54984CD8E88ED8205425FF3F4675AE8ECDB3F6056F69A34D955070C5A09DFD6D08D4643C0FB48DB9E632353515C6D9B309A214B239C5584C4572BC83252A4F2E62EFAD3C30A2C923835C5D417A9BCDA11B6BC89EDE4D410E969DF1D60BD92DF1BB6183F7F198481651CB154CC5C39EF509015B9FAA62EB1D801D90A058D07A96ADAA705127313842E25E5772C68A8AA23AC3D3E3F1D4FC7123E645371E4B0E1426F49E9CA47ECFE0C7D76A12126A6DCAFB1DBBE656BF33888605B8031CE949C04702D782FA7F9D56E7989FCCF501E5E136C2F26CB143068274BB1DE7B380AF285F89B7D758BF6F2388FDAF88B06D2095DCB86A48680EAC4CA0AEA7DC2733B0111CC6D890E4B754441DAB947DE4A5ABA1265C5ACDA7CDEBEC4C82131A9342AE764D1117295A6D9BAD4190ADE86061DD7A9EE67F4443899C7D85880910716A94C32108AD0E240DC4C30AEC1777583DAC510C6F478EFC880D7412D4C7BE79361D6A1B7ED02FD9E0C728821ED91CFF3246F256B90F6C026C76BAA60D70F8A11CCB2C91A6627A22A47AB039C2CEEEFE7DE44BC806D744DAC7B02B42F8DAFE2513D14BA2C32A5C134C2F7BAEEB01662D7C4B5204E5536611D7A9E767AEA859780D42BF5092327806D88DEC08BC2CFE920633A88C02349799BF5C9F846807D862A0CB4F16D211738EBF4681689BD2AFA001ECDA9E7C6FA4AB1778E38BD74C7BDBFAEEA98BBA4A7722A3924B3A41078BF1929EEA47745DFB7C9577CA52B7ED80097DC8EC6F9BCCDF20859A181B93D5116740E1F13C6B74F5E3645272581ECE6C5E909E44F520CC3ABC62E77614D5E0D8EFD2CE580D249630D29C42791532170BA55FC37F8124886C70D654026051B4B6F0434CD6CBBBA7A443DAA96375C9034BD5A52D0FC2CBA55A066FE97942D366D32392B65CB445FBA3CED249756F644B6E25E7A83893544B649BE4E21E933021A04B6EC40865420085E9A2ECAA5A5584071ABB7234168557306E97F02552B643BC677A57377F8F910CA"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:f2,c7,a3,85,31,cd,d6,6f,c9,ef,50,d6,3b,5f,85,ab,02,70,7a,0b,9e,
37,bf,aa,69,48,72,92,d9,70,7e,45,c8,13,9b,17,3f,af,6b,92,d5,f1,32,d1,f6,8f,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\rundll32.exe
c:\program files\ASUS\GPU Boost Driver\GpuBoostServer.exe
c:\program files (x86)\ASUS\TurboV EVO\TurboVHELP.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\IoctlSvc.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Ralink\Common\RalinkRegistryWriter.exe
c:\program files (x86)\Photodex\ProShowGold\ScsiAccess.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AWSC.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AWSC.exe
.
**************************************************************************
.
Completion time: 2011-08-20 10:59:45 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-20 14:59
.
Pre-Run: 1,724,799,873,024 bytes free
Post-Run: 1,729,377,308,672 bytes free
.
- - End Of File - - 0E6E41F7127C2A546F583792BD070266

Attached Files


Edited by etavares, 20 August 2011 - 10:19 AM.
paste cf log


#7 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:14 PM

Posted 20 August 2011 - 10:30 AM

Hello, chrisandsherri.
Yes, uTorrent has the same risks as FrostWire.



Step 1



1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open Notepad and copy/paste the text in the codebox below into Notepad:

File::
C:\Windows\SysWow64\VBAEN32Q.dll
C:\Windows\tasks\DOXRMK.job
RegLock::
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdv\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tsdr\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v40po\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v40pp\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v40ppf\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
[HKEY_USERS\S-1-5-21-3435487432-1234031240-4110876318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
DDS::
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2481032&q=
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2481032&SearchSource=3&q={searchTerms}
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.



Step 2

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#8 chrisandsherri

chrisandsherri
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 20 August 2011 - 01:09 PM

ComboFix.text log:
ComboFix 11-08-19.02 - Owner 08/20/2011 11:41:50.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.7935.5514 [GMT -4:00]
Running from: c:\users\Owner\Desktop\Maintenance\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\Maintenance\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\SysWow64\VBAEN32Q.dll"
"c:\windows\tasks\DOXRMK.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\VBAEN32Q.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-07-20 to 2011-08-20 )))))))))))))))))))))))))))))))
.
.
2011-08-20 16:05 . 2011-08-20 16:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-20 03:51 . 2011-08-20 03:51 -------- d-----w- C:\LCA_Sample_Pack_Textures
2011-08-20 01:37 . 2011-08-20 01:37 -------- d-----w- c:\program files (x86)\Citrix
2011-08-14 20:59 . 2011-08-14 20:59 -------- d-----w- c:\users\Owner\AppData\Roaming\com.StudioCloud.Desktop.3.F2DAE273367737D97F8409B8C86CCCEDC39FC38E.1
2011-08-14 20:58 . 2011-08-14 21:01 -------- d-----w- c:\program files (x86)\StudioCloud 3.0
2011-08-14 20:22 . 2011-08-14 20:35 -------- d-----w- c:\programdata\StudioPlus Software
2011-08-14 20:22 . 2011-08-14 20:35 -------- d-----w- c:\program files (x86)\StudioPlus 2011
2011-08-12 19:23 . 2011-08-12 19:23 -------- d-----w- c:\users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2011-08-12 19:22 . 2011-08-12 19:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-12 19:22 . 2011-08-12 19:22 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-08-10 19:55 . 2011-08-10 19:55 -------- d-----w- c:\program files (x86)\ESET
2011-08-09 23:12 . 2011-08-09 23:12 -------- d-----w- c:\users\Owner\AppData\Local\MicroVision Applications
2011-08-09 23:12 . 2011-08-09 23:12 -------- d-----w- c:\program files (x86)\SureThing CD Labeler 5
2011-08-09 22:56 . 2011-08-09 22:56 -------- d-----w- c:\program files (x86)\Common Files\LightScribe
2011-08-09 22:55 . 2011-08-09 22:55 -------- d-----w- c:\program files (x86)\LightScribe
2011-08-09 22:32 . 2011-08-09 22:32 -------- d-----w- c:\program files (x86)\Photo Story 3 for Windows
2011-08-09 21:11 . 2011-08-18 21:32 -------- d-----w- c:\users\Owner\AppData\Local\CutePDF Writer
2011-08-09 05:13 . 2011-08-08 18:09 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-08-08 19:43 . 2011-08-08 19:43 -------- d-----w- c:\users\Owner\.WHCC
2011-08-08 19:43 . 2011-08-08 19:44 -------- d-----w- c:\users\Owner\.roescache
2011-08-08 19:42 . 2011-08-08 19:42 -------- d-----w- c:\windows\Sun
2011-08-08 18:13 . 2011-08-08 18:13 -------- d-----w- c:\program files (x86)\PrtScr
2011-08-08 18:09 . 2011-08-08 18:09 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-08-08 18:05 . 2011-07-21 18:59 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-08-08 18:05 . 2011-08-08 18:05 -------- d-----w- c:\programdata\Lavasoft
2011-08-08 18:05 . 2011-08-08 18:05 -------- d-----w- c:\program files (x86)\Lavasoft
2011-08-08 17:53 . 2011-08-08 17:53 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2011-08-08 17:53 . 2011-08-08 17:53 -------- d-----w- c:\programdata\Malwarebytes
2011-08-08 17:53 . 2011-07-06 23:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-08 17:53 . 2011-08-08 17:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-08-08 17:53 . 2011-07-06 23:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-08 16:45 . 2011-08-08 16:45 -------- d-----w- c:\program files\DIFX
2011-08-08 16:45 . 2011-08-08 16:45 -------- d-----w- c:\program files\WDCSAM
2011-08-07 23:44 . 2011-08-07 23:44 -------- d-----w- c:\program files (x86)\X-Rite
2011-08-07 23:44 . 2011-08-07 23:44 -------- d-----w- c:\programdata\X-Rite
2011-08-07 22:07 . 2011-08-07 22:07 -------- d-----w- c:\program files (x86)\GPLGS
2011-08-07 22:07 . 2009-11-05 12:40 85504 ----a-w- c:\windows\system32\cpwmon64.dll
2011-08-07 22:07 . 2011-08-07 22:07 -------- d-----w- c:\program files (x86)\Acro Software
2011-08-07 21:57 . 2011-08-07 21:57 -------- d-----w- c:\program files (x86)\uTorrent
2011-08-07 21:56 . 2011-08-09 23:14 -------- d-----w- c:\users\Owner\AppData\Roaming\uTorrent
2011-08-07 21:56 . 2011-08-07 21:56 -------- d-----w- c:\users\Owner\AppData\Local\uTorrent
2011-08-07 21:44 . 2011-08-07 21:44 -------- d-----w- c:\users\Owner\AppData\Roaming\Imagenomic
2011-08-07 21:42 . 2011-08-07 22:10 -------- d-----w- c:\program files (x86)\Imagenomic
2011-08-07 21:30 . 2011-08-07 21:30 -------- d-----w- c:\users\Owner\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-08-07 21:30 . 2011-08-07 21:30 -------- d-----w- c:\users\Owner\AppData\Roaming\Adobe Mini Bridge CS5
2011-08-07 21:28 . 2011-08-07 21:28 -------- d-----w- c:\users\Owner\AppData\Local\Western Digital
2011-08-07 21:09 . 2011-08-07 21:09 -------- d-----w- c:\users\Owner\AppData\Roaming\Pantone
2011-08-07 21:05 . 2011-08-07 21:05 -------- d-----w- c:\program files (x86)\Pantone
2011-08-07 19:34 . 2011-03-03 11:58 232960 ----a-w- c:\windows\system32\Spool\prtprocs\x64\EKIJ5000PPR.dll
2011-08-07 19:30 . 2011-08-07 19:31 -------- d-----w- c:\users\Owner\AppData\Local\Eastman_Kodak_Company
2011-08-07 19:29 . 2011-08-07 19:29 -------- d-----w- c:\users\Owner\AppData\Local\Eastman Kodak Company
2011-08-07 19:29 . 2011-08-07 19:29 -------- d-----w- c:\windows\SysWow64\kodak
2011-08-07 19:27 . 2011-08-07 19:27 -------- d-----w- c:\windows\SysWow64\spool
2011-08-07 19:27 . 2011-08-07 19:27 -------- d-----w- c:\program files (x86)\Kodak
2011-08-07 19:25 . 2011-08-20 16:08 -------- d-----w- c:\programdata\Kodak
2011-08-07 19:11 . 2011-08-07 19:11 -------- d-----w- c:\programdata\MumboJumbo
2011-08-07 17:09 . 2011-08-07 17:09 -------- d-----w- C:\MoTemp
2011-08-07 17:05 . 2011-08-07 17:05 -------- d-----w- c:\users\Owner\AppData\Roaming\PACE Anti-Piracy
2011-08-07 17:05 . 2011-08-07 17:05 -------- d-----w- c:\users\Owner\AppData\Local\PACE Anti-Piracy
2011-08-07 17:05 . 2011-08-07 17:05 -------- d-----w- c:\programdata\PACE Anti-Piracy
2011-08-07 17:05 . 2011-08-07 17:05 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy
2011-08-07 16:04 . 2011-08-07 16:04 -------- d-----w- c:\program files (x86)\Adobe Story
2011-08-07 07:05 . 2011-08-07 07:05 -------- d-----w- c:\programdata\ALM
2011-08-07 06:55 . 2011-08-07 06:55 -------- d-----w- c:\users\Owner\Adobe Flash Builder 4
2011-08-07 06:31 . 2011-08-07 06:31 -------- d-----w- c:\program files (x86)\My Company Name
2011-08-07 06:14 . 2011-08-07 06:14 154 ----a-w- c:\users\Owner\AppData\Roaming\Tr.exe
2011-08-07 02:41 . 2011-08-07 02:41 -------- d-----w- C:\My Works
2011-08-07 02:33 . 2011-08-07 02:33 -------- d-----w- c:\program files (x86)\Caricature Software
2011-08-07 02:11 . 2011-08-07 02:11 -------- d-----w- c:\program files (x86)\Right Hemisphere
2011-08-07 01:12 . 2011-08-07 01:12 -------- d-----w- c:\programdata\Photo User
2011-08-07 00:55 . 2011-08-07 00:56 -------- d-----w- c:\users\Owner\AppData\Roaming\ImTOO
2011-08-07 00:55 . 2011-08-07 00:55 -------- d-----w- c:\users\Owner\AppData\Roaming\ImageResizeGuide
2011-08-07 00:45 . 2011-08-07 00:45 -------- d-----w- c:\users\Owner\AppData\Roaming\mresreg
2011-08-07 00:21 . 2011-08-07 00:21 -------- d-----w- c:\users\Owner\AppData\Roaming\BeautyGuide
2011-08-07 00:13 . 2011-08-07 00:13 -------- d-----w- c:\users\Owner\AppData\Roaming\AdobeCaptivateReviewer2.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
2011-08-07 00:12 . 2011-08-07 00:12 -------- d-----w- c:\users\Owner\AppData\Roaming\QuizResultsAnalyzer.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
2011-08-06 23:58 . 2011-08-06 23:58 -------- d-----w- c:\users\Owner\AppData\Roaming\Chief Architect Premier X3
2011-08-06 23:56 . 2011-08-06 23:56 -------- d-----w- c:\users\Owner\AppData\Roaming\Rylstim Budget
2011-08-06 23:03 . 2011-08-06 23:06 -------- d-----w- c:\program files (x86)\Microsoft MapPoint 2011
2011-08-06 22:57 . 2011-08-06 23:00 -------- d-----w- c:\program files (x86)\Microsoft Streets & Trips 2011
2011-08-06 21:32 . 2011-08-06 22:32 23112 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-08-06 21:30 . 2011-08-06 22:30 -------- d-----w- c:\programdata\Hitman Pro
2011-08-06 20:35 . 2011-08-06 20:35 -------- d-----w- c:\windows\SysWow64\Quark ShapeMaker Presets
2011-08-06 19:20 . 2011-08-06 19:20 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2011-08-06 14:26 . 2011-08-06 14:26 58288 ----a-w- c:\windows\SysWow64\snacnp.dll
2011-08-06 14:26 . 2011-08-06 14:26 58288 ----a-w- c:\windows\system32\snacnp.dll
2011-08-06 14:26 . 2011-08-06 14:26 42632 ----a-w- c:\windows\system32\drivers\WGX64.SYS
2011-08-06 14:26 . 2011-08-06 14:26 102832 ----a-w- c:\windows\system32\FwsVpn.dll
2011-08-06 14:26 . 2011-08-06 14:26 374704 ----a-w- c:\windows\SysWow64\sysfer.dll
2011-08-06 14:26 . 2011-08-06 14:26 10672 ----a-w- c:\windows\SysWow64\sysferThunk.dll
2011-08-06 14:26 . 2011-08-06 14:26 513456 ----a-w- c:\windows\system32\sysfer.dll
2011-08-06 14:26 . 2011-08-06 14:26 147632 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2011-08-06 14:26 . 2011-08-06 14:26 11184 ----a-w- c:\windows\system32\sysferThunk.dll
2011-08-06 14:20 . 2011-08-06 14:20 -------- d-----w- c:\windows\system32\drivers\SEP
2011-08-06 13:41 . 2011-08-06 13:41 -------- d-----w- c:\program files (x86)\Wondershare
2011-08-06 13:38 . 2011-08-06 13:38 -------- d-----w- c:\program files (x86)\LifePhotoMaker
2011-08-06 13:38 . 2011-08-06 13:38 -------- d-----w- c:\programdata\LifePhotoMaker
2011-08-06 13:37 . 2010-10-08 17:53 24832 ----a-w- c:\windows\SysWow64\PteVideo.dll
2011-08-06 13:37 . 2011-08-06 13:37 -------- d-----w- c:\programdata\PicturesToExe
2011-08-06 13:37 . 2011-08-06 13:37 -------- d-----w- c:\program files (x86)\WnSoft PicturesToExe
2011-08-06 13:31 . 2011-08-06 13:31 -------- d-----w- c:\program files\WatermarkSoftware
2011-08-06 13:26 . 2011-08-06 13:27 -------- d-----w- c:\programdata\Visual Watermark
2011-08-06 13:26 . 2011-08-06 13:26 -------- d-----w- c:\program files (x86)\Visual Watermark
2011-08-06 13:25 . 2011-08-06 13:25 -------- d-----w- c:\program files (x86)\Vinny Loan Check
2011-08-06 13:22 . 2011-08-07 01:30 -------- d-----w- c:\program files (x86)\Trix DrawingCenter 6.5
2011-08-06 13:11 . 2011-08-06 14:51 -------- d-----w- c:\program files (x86)\Total PDF Converter
2011-08-06 13:10 . 2011-08-06 13:11 -------- d-----w- c:\users\Owner\AppData\Roaming\Softplicity
2011-08-06 13:10 . 2011-08-06 13:10 -------- d-----w- c:\program files (x86)\TotalMovieConverter
2011-08-06 13:04 . 2011-08-06 13:04 -------- d-----w- c:\users\Owner\AppData\Roaming\SuperMP3Download
2011-08-06 13:04 . 2011-08-06 13:04 -------- d-----w- c:\programdata\SuperMP3Download
2011-08-06 13:02 . 2011-08-06 18:53 -------- d-----w- c:\program files (x86)\SuperMp3Download
2011-08-06 12:53 . 2011-08-06 12:53 -------- d-----w- c:\program files (x86)\DIGISTUDIO
2011-08-06 12:52 . 2011-08-06 12:52 -------- d-----w- c:\windows\uninstall
2011-08-06 12:50 . 2010-10-15 17:19 181688 ----a-w- c:\windows\snui.exe
2011-08-06 12:50 . 2011-08-06 12:50 -------- d-----w- C:\Softwarenetz
2011-08-06 12:49 . 2011-08-06 12:49 -------- d-----w- c:\users\Owner\AppData\Local\assembly
2011-08-06 12:44 . 2011-08-06 12:47 -------- d-----w- c:\program files (x86)\Smart PC Solutions
2011-08-06 12:43 . 2011-08-06 12:43 -------- d-----w- c:\program files\SlideShow Prime
2011-08-06 12:42 . 2011-08-06 12:42 -------- d-----w- c:\program files (x86)\SlideShow Prime
2011-08-06 12:28 . 2011-08-06 12:28 -------- d-----w- c:\program files (x86)\Simply Software
2011-08-06 07:01 . 2011-08-06 07:01 -------- d-----w- c:\programdata\Act
2011-08-06 06:58 . 2011-08-06 06:58 -------- d-----w- c:\users\Owner\AppData\Local\IsolatedStorage
2011-08-06 06:57 . 2003-08-28 18:08 536576 ------w- c:\windows\SysWow64\msvcr70d.dll
2011-08-06 06:57 . 2003-08-28 18:06 94208 ------w- c:\windows\SysWow64\msvci70d.dll
2011-08-06 06:55 . 2011-08-06 06:55 -------- d-----w- c:\programdata\Sage Software, Inc
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-06 14:26 . 2009-11-10 00:03 287152 ----a-w- c:\windows\system32\SymVPN.dll
2011-08-06 14:22 . 2011-02-10 15:20 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-08-06 00:45 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-06-06 19:55 . 2011-06-06 19:55 53656 ----a-w- c:\windows\system32\AdobePDF.dll
2011-06-06 19:55 . 2011-06-06 19:55 24984 ----a-w- c:\windows\system32\AdobePDFUI.dll
2011-06-03 05:57 . 2011-08-05 23:31 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-28 04:07 . 2011-05-28 04:07 745592 ----a-w- c:\windows\system32\drivers\SEP\0C01029F\136B.105\x64\srtsp64.sys
2011-05-28 04:07 . 2011-05-28 04:07 40568 ----a-w- c:\windows\system32\drivers\SEP\0C01029F\136B.105\x64\srtspx64.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-20_14.51.47 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-08-20 14:51 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-08-20 14:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-08-20 14:50 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-08-20 14:51 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-08-20 14:51 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-20 14:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-20 16:08 . 2011-08-20 16:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-08-20 14:50 . 2011-08-20 14:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-20 16:08 . 2011-08-20 16:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-08-20 14:50 . 2011-08-20 14:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2011-08-20 16:06 1411400 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-08-20 14:47 1411400 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-02-10 18:20 . 2011-08-20 16:06 17508488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3435487432-1234031240-4110876318-1000-12288.dat
- 2011-02-10 18:20 . 2011-08-20 14:48 17508488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3435487432-1234031240-4110876318-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-06-20 2736128]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-10 5466496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2010-03-05 411864]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.EXE" [2011-03-03 2922496]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
TTK.lnk - c:\program files (x86)\Talking Time Keeper\TalkingTimeKeeper.exe [2011-2-8 1429504]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
hueyTray.lnk - c:\program files (x86)\Pantone\huey\hueyTray.exe [2011-8-7 901120]
Ralink Wireless Utility.lnk - c:\program files (x86)\Ralink\Common\RaUI.exe [2011-8-5 1828128]
taskmgr.exe - Shortcut.lnk - c:\windows\System32\taskmgr.exe [2010-11-20 257024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SEP]
c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0lsdelete
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2010-06-24 109056]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-07 136176]
R3 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-06 169408]
R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R3 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-07 136176]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [x]
R3 LTXMD_VAC;Litex Media Virtual Audio Cable (WDM);c:\windows\system32\drivers\lmvac.sys [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-03-21 53248]
R3 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-03-07 131072]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x]
R3 SureThing Labelflash service;SureThing Labelflash service;c:\program files (x86)\Common Files\SureThing Shared\stllssvr.exe [2008-06-18 74384]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 SyDvCtrl;SyDvCtrl;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\SyDvCtrl64.sys [2011-06-18 29664]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-05-06 44896]
R4 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [2010-05-06 367456]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMEFA64.SYS [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20110812.001\BHDrvx64.sys [2011-07-23 1151096]
S1 IDSVia64;IDSVia64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20110817.030\IDSvia64.sys [2011-06-23 488056]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\Drivers\SEP\0C01029F\136B.105\x64\Ironx64.SYS [x]
S1 SYMNETS;Symantec Network Security WFP Driver;c:\windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-10 139648]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/02/07 17:19];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-11-18 02:29 146928]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-08-04 3975088]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-03-05 235752]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-03-09 366000]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-07-21 2151640]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [2010-05-06 42884448]
S2 MSSQL$BAM;SQL Server (BAM);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2010-09-30 3140424]
S2 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Ralink\Common\RalinkRegistryWriter64.exe [2008-09-05 210720]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-19 386344]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x]
S2 SepMasterService;Symantec Endpoint Protection;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe [2011-06-15 137224]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AODDriver;AODDriver;c:\program files\ASUS\GPU Boost Driver\amd64\AODDriver.sys [2010-03-12 52280]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-08-03 136824]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-08-08 17152]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AODDRIVER
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 19:05 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-02-07 c:\windows\Tasks\1 Copernic Intra-Daily ~Owner-PC Owner.job
- c:\program files (x86)\Copernic Agent\CopernicAgent.exe [2011-02-07 00:16]
.
2011-02-07 c:\windows\Tasks\2 Copernic Daily ~Owner-PC Owner.job
- c:\program files (x86)\Copernic Agent\CopernicAgent.exe [2011-02-07 00:16]
.
2011-02-07 c:\windows\Tasks\3 Copernic Weekly ~Owner-PC Owner.job
- c:\program files (x86)\Copernic Agent\CopernicAgent.exe [2011-02-07 00:16]
.
2011-02-07 c:\windows\Tasks\4 Copernic Monthly ~Owner-PC Owner.job
- c:\program files (x86)\Copernic Agent\CopernicAgent.exe [2011-02-07 00:16]
.
2011-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-07 18:27]
.
2011-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-07 18:27]
.
2011-08-20 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~2\SMARTD~1\Messages\SDNotify.exe [2011-02-08 16:21]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2010-09-30 4042568]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-03-03 2922496]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: MasterCook: Select Image - c:\program files (x86)\MasterCook 9\Web\MCIEContext.hta
IE: Open with WordPerfect - c:\program files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta
IE: Search Using Copernic Agent - c:\program files (x86)\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mun666m9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2481032&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2481032&q=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SepMasterService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\sms.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SmcService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe\" /prefetch:1"
"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z
[\]^_ê\01\00ë\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~ê\01\00ë\00\00\00\00Ö\00\00\00\00\00\00\00\00‘’“"
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SPBBCDrv]
"ImagePath"=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:f2,c7,a3,85,31,cd,d6,6f,c9,ef,50,d6,3b,5f,85,ab,02,70,7a,0b,9e,
37,bf,aa,69,48,72,92,d9,70,7e,45,c8,13,9b,17,3f,af,6b,92,d5,f1,32,d1,f6,8f,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="F384734A74E49BA11102E47A9436C53001855545318142DBF445D3776FA602125A49BFFC719F01AF232921D660DAA6E51190106D0BEFADF19D1B27258A9F2C986B7A0D5500A29984466F0CFB5FCC71E4B693B5CE4AFADFE3A76F9A1576D3056A95E510582FDBBBB7D16A0A5A5A4FFEBE5389FBE71159D2631DC254735291C7F72E3180FDB6CA8595848003D7BDB76DBEAD3E9CADA75743D6ED647FDFDCB77261ECCF19B36E07561DFE6F64509EF09CE0EF52D405775334D66C7B4A6EF83BC77F6F0F19DBD3B75181C746FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5CA2D97226D213B555A6A0AC4980AC7933FA7D3F2BEB797E61C5120BD32B6E04BE83D54984CD8E88ED8205425FF3F4675AE8ECDB3F6056F69A34D955070C5A09DFD6D08D4643C0FB48DB9E632353515C6D9B309A214B239C5584C4572BC83252A4F2E62EFAD3C30A2C923835C5D417A9BCDA11B6BC89EDE4D410E969DF1D60BD92DF1BB6183F7F198481651CB154CC5C39EF509015B9FAA62EB1D801D90A058D07A96ADAA705127313842E25E5772C68A8AA23AC3D3E3F1D4FC7123E645371E4B0E1426F49E9CA47ECFE0C7D76A12126A6DCAFB1DBBE656BF33888605B8031CE949C04702D782FA7F9D56E7989FCCF501E5E136C2F26CB143068274BB1DE7B380AF285F89B7D758BF6F2388FDAF88B06D2095DCB86A48680EAC4CA0AEA7DC2733B0111CC6D890E4B754441DAB947DE4A5ABA1265C5ACDA7CDEBEC4C82131A9342AE764D1117295A6D9BAD4190ADE86061DD7A9EE67F4443899C7D85880910716A94C32108AD0E240DC4C30AEC1777583DAC510C6F478EFC880D7412D4C7BE79361D6A1B7ED02FD9E0C728821ED91CFF3246F256B90F6C026C76BAA60D70F8A11CCB2C91A6627A22A47AB039C2CEEEFE7DE44BC806D744DAC7B02B42F8DAFE2513D14BA2C32A5C134C2F7BAEEB01662D7C4B5204E5536611D7A9E767AEA859780D42BF5092327806D88DEC08BC2CFE920633A88C02349799BF5C9F846807D862A0CB4F16D211738EBF4681689BD2AFA001ECDA9E7C6FA4AB1778E38BD74C7BDBFAEEA98BBA4A7722A3924B3A41078BF1929EEA47745DFB7C9577CA52B7ED80097DC8EC6F9BCCDF20859A181B93D5116740E1F13C6B74F5E3645272581ECE6C5E909E44F520CC3ABC62E77614D5E0D8EFD2CE580D249630D29C42791532170BA55FC37F8124886C70D654026051B4B6F0434CD6CBBBA7A443DAA96375C9034BD5A52D0FC2CBA55A066FE97942D366D32392B65CB445FBA3CED249756F644B6E25E7A83893544B649BE4E21E933021A04B6EC40865420085E9A2ECAA5A5584071ABB7234168557306E97F02552B643BC677A57377F8F910CA"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:f2,c7,a3,85,31,cd,d6,6f,c9,ef,50,d6,3b,5f,85,ab,02,70,7a,0b,9e,
37,bf,aa,69,48,72,92,d9,70,7e,45,c8,13,9b,17,3f,af,6b,92,d5,f1,32,d1,f6,8f,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\ASUS\GPU Boost Driver\GpuBoostServer.exe
c:\program files (x86)\ASUS\TurboV EVO\TurboVHELP.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\IoctlSvc.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Ralink\Common\RalinkRegistryWriter.exe
c:\program files (x86)\Photodex\ProShowGold\ScsiAccess.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2011-08-20 12:46:27 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-20 16:46
ComboFix2.txt 2011-08-20 14:59
.
Pre-Run: 1,729,438,265,344 bytes free
Post-Run: 1,729,134,727,168 bytes free
.
- - End Of File - - D90ADA86E53983FDFAA40979444387FC

I am running the aswMBR right now.

#9 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:14 PM

Posted 20 August 2011 - 03:11 PM

Please don't forget the aswMBR log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#10 chrisandsherri

chrisandsherri
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 20 August 2011 - 03:21 PM

I won't forget it. It's taking a while though.

#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:14 PM

Posted 20 August 2011 - 03:23 PM

INteresting. THat's usually a quick one. IF it doesn't complete in a bit let me know and we'll try an alternate method to look.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#12 chrisandsherri

chrisandsherri
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 20 August 2011 - 05:08 PM

It's still scanning my C:\drive!

#13 chrisandsherri

chrisandsherri
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 20 August 2011 - 06:09 PM

Not sure if this scan was completed when I saved it:

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-20 14:10:07
-----------------------------
14:10:07.886 OS Version: Windows x64 6.1.7601 Service Pack 1
14:10:07.886 Number of processors: 4 586 0x503
14:10:07.886 ComputerName: OWNER-PC UserName: Owner
14:10:13.674 Initialize success
14:11:43.857 AVAST engine defs: 11082000
14:14:58.255 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:14:58.258 Disk 0 Vendor: ST2000DL003-9VT166 CC32 Size: 1907729MB BusType: 3
14:14:58.272 Disk 0 MBR read successfully
14:14:58.274 Disk 0 MBR scan
14:14:58.277 Disk 0 Windows 7 default MBR code
14:14:58.279 Service scanning
14:14:59.541 Modules scanning
14:14:59.543 Disk 0 trace - called modules:
14:14:59.584 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
14:14:59.587 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80077ad060]
14:14:59.589 3 CLASSPNP.SYS[fffff8800162c43f] -> nt!IofCallDriver -> [0xfffffa800762b9b0]
14:14:59.592 5 ACPI.sys[fffff88000f417a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80076d1060]
14:15:05.759 AVAST engine scan C:\Windows
14:15:40.423 AVAST engine scan C:\Windows\system32
14:20:38.224 AVAST engine scan C:\Windows\system32\drivers
14:23:11.679 AVAST engine scan C:\Users\Owner
15:40:28.772 AVAST engine scan C:\ProgramData
19:07:40.908 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
19:07:40.927 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:14 PM

Posted 20 August 2011 - 07:18 PM

Hello, chrisandsherri.

NO, that worked great. Are you still getting redirected?



Step 1

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

We need run an OTL Script
  • Please download OTL from one of the following mirrors if you do not still have it.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Paste the following code under the Custom Scans/Fixes box at the bottom.
    :OTL
    O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - File not found
    O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] File not found
    O4 - HKLM..\Run: [Conime] File not found
    O4 - HKLM..\Run: [EKIJ5000StatusMonitor] File not found
    O4 - HKU\S-1-5-21-3435487432-1234031240-4110876318-1000..\Run: [AdobeBridge] File not found
    @Alternate Data Stream - 986 bytes -> C:\Users\Owner\AppData\Local\Temp:LZqZ9QyagqfGsvho2ziY06lnO51
    @Alternate Data Stream - 180 bytes -> C:\ProgramData\Temp:7B025EF9
    @Alternate Data Stream - 171 bytes -> C:\ProgramData\Temp:A31FAD21
    @Alternate Data Stream - 166 bytes -> C:\ProgramData\Temp:AA504BD4
    @Alternate Data Stream - 165 bytes -> C:\ProgramData\Temp:6C3B8FB5
    @Alternate Data Stream - 163 bytes -> C:\ProgramData\Temp:C39E55C5
    @Alternate Data Stream - 161 bytes -> C:\ProgramData\Temp:BFE23423
    @Alternate Data Stream - 160 bytes -> C:\ProgramData\Temp:35C82615
    @Alternate Data Stream - 1203 bytes -> C:\ProgramData\Microsoft:5M723jHmJxPCPXMvFlFSDiX
    @Alternate Data Stream - 1151 bytes -> C:\Program Files\Common Files\System:0gVGhxTmdU270J6vmxq9Pi
    @Alternate Data Stream - 1111 bytes -> C:\Program Files\Common Files\Microsoft Shared:yDQZzfxhi7KTn1uQMoz
    @Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:0A4A3F5A
    @Alternate Data Stream - 1029 bytes -> C:\ProgramData\Microsoft:8qMw4lfEg1rbYtUvoTre2
    :Commands
    [EMptyTemp]
    
  • Click the Run Fix button at the top.
  • let the program run unhindered and reboot when it is done.
  • You will get a log when it is done, please post that in your reply.
  • Please then create a new OTL report....
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • A report will open, copy and paste it in a reply here.



Step 2

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.



Step 3

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 chrisandsherri

chrisandsherri
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 20 August 2011 - 10:47 PM

I'm not getting redirected anymore. I'll run those scans and reply to you. I think I can see the light at the end of the tunnel!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users