Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HELP: RelevantKnowledge! [Solved]


  • This topic is locked This topic is locked

#1
Dark_Star_Qc

Dark_Star_Qc

    Member

  • Member
  • PipPipPip
  • 177 posts
I noticed a new icon in my system tray: RelevantKnowledge. Simultaneously, I can no longer use Mozilla Firefox (it keeps crashing). I tried uninstalling and reinstalling it but the problem persists. I did a google search for RelevantKnowledge and learned it's spyware. I need help removing.

Here are the OTL logs:

OTL logfile created on: 2012-01-13 19:38:42 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Linda\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 1,49 Gb Available Physical Memory | 49,55% Memory free
6,21 Gb Paging File | 4,45 Gb Available in Paging File | 71,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 228,13 Gb Total Space | 54,78 Gb Free Space | 24,01% Space Free | Partition Type: NTFS
Drive D: | 227,87 Gb Total Space | 227,49 Gb Free Space | 99,83% Space Free | Partition Type: NTFS

Computer Name: LINDA-PC | User Name: Linda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-01-13 19:37:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Linda\Desktop\OTL.scr
PRC - [2012-01-03 16:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011-12-14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2011-12-13 17:42:08 | 000,922,976 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011-10-11 18:30:46 | 000,111,632 | ---- | M] (TMRG, Inc.) -- C:\Program Files\RelevantKnowledge\rlservice.exe
PRC - [2011-10-11 18:30:42 | 002,940,432 | ---- | M] (TMRG, Inc.) -- C:\Program Files\RelevantKnowledge\rlvknlg.exe
PRC - [2011-07-01 13:40:28 | 000,129,352 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
PRC - [2011-07-01 13:38:58 | 000,298,824 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2011-05-24 19:54:54 | 000,329,544 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2011-05-24 18:40:12 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2011-05-10 07:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011-05-10 07:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010-12-01 14:49:56 | 001,589,208 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsGui.exe
PRC - [2010-11-02 05:29:43 | 000,025,976 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2010-10-27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010-09-11 11:48:12 | 001,052,676 | ---- | M] (NCH Software) -- C:\Program Files\NCH Swift Sound\VRS\vrs.exe
PRC - [2010-09-11 11:46:16 | 000,745,476 | ---- | M] (NCH Software) -- C:\Program Files\NCH Swift Sound\MSRS\msrs.exe
PRC - [2010-08-25 10:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010-03-18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010-03-12 17:41:16 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2010-03-01 21:38:54 | 003,231,232 | ---- | M] (DownloadHQ Group) -- C:\Program Files\DownloadHQ\DownloadHQ.exe
PRC - [2010-01-15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009-07-17 22:12:12 | 000,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe
PRC - [2009-04-11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008-08-18 09:51:22 | 001,699,784 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2008-03-05 01:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008-03-05 01:38:28 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008-01-25 20:49:04 | 000,269,448 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2008-01-20 21:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008-01-09 20:43:28 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2008-01-09 20:43:26 | 000,326,176 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe
PRC - [2007-12-19 20:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007-12-07 15:28:22 | 000,196,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvraidservice.exe
PRC - [2007-10-17 12:38:20 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2007-10-11 13:53:22 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007-09-10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007-09-06 12:02:04 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2007-06-27 19:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007-06-27 19:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007-01-04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2004-05-02 12:02:51 | 000,062,464 | ---- | M] (Elias Fotinis) -- C:\Program Files\DeskPins\DeskPins.exe


========== Modules (No Company Name) ==========

MOD - [2012-01-05 03:05:59 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\fecd1103dd16dc1192402770caf56575\System.Web.ni.dll
MOD - [2012-01-05 03:05:52 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll
MOD - [2011-10-13 02:33:48 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll
MOD - [2011-10-13 02:32:39 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8645de531003807d00822e03986a075d\System.ServiceProcess.ni.dll
MOD - [2011-10-13 02:32:18 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011-10-13 02:32:16 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bcb66dbad2b45d05235b37a02f737eb5\Accessibility.ni.dll
MOD - [2011-10-13 02:30:54 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011-10-13 02:30:42 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011-10-13 02:30:35 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011-10-13 02:29:48 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011-10-13 02:29:13 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011-07-01 13:40:28 | 000,129,352 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
MOD - [2011-07-01 13:39:40 | 000,009,032 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\lang\gui-eng.dll
MOD - [2010-11-02 05:29:43 | 000,047,616 | ---- | M] () -- C:\Program Files\Uniblue\RegistryBooster\cache.dll
MOD - [2009-11-03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008-12-26 14:08:08 | 001,679,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2971.38833__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2008-12-26 14:08:08 | 000,688,128 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.2971.39016__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
MOD - [2008-12-26 14:08:08 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2971.39038__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2008-12-26 14:08:08 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2971.38792__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2008-12-26 14:08:08 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2971.38846__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2008-12-26 14:08:08 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2971.39030__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2008-12-26 14:08:08 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2971.38993__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2008-12-26 14:08:08 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2971.38825__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2008-12-26 14:08:08 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2971.38946__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2008-12-26 14:08:08 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2971.38812__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2008-12-26 14:08:07 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2971.39063__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2008-12-26 14:07:57 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2971.39069__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2008-12-26 14:07:57 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2971.38806__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2008-12-26 14:07:56 | 000,901,120 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2971.39032__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2008-12-26 14:07:56 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2971.38955__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2008-12-26 14:07:56 | 000,663,552 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.2971.38995__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
MOD - [2008-12-26 14:07:56 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2971.38859__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2008-12-26 14:07:56 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2971.38947__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2008-12-26 14:07:56 | 000,442,368 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.2971.39089__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
MOD - [2008-12-26 14:07:56 | 000,442,368 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2971.38940__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2008-12-26 14:07:56 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2971.38813__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2008-12-26 14:07:56 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2971.39022__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2008-12-26 14:07:56 | 000,352,256 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2971.39002__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2008-12-26 14:07:56 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2971.38852__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2008-12-26 14:07:56 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2971.38972__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2008-12-26 14:07:56 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2971.39009__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2008-12-26 14:07:56 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2971.38954__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2008-12-26 14:07:56 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.2971.39089__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2008-12-26 14:07:56 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2971.39001__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2008-12-26 14:07:56 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2971.38946__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2008-12-26 14:07:56 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2971.39061__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2008-12-26 14:07:56 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2971.38865__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2008-12-26 14:07:56 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2971.38954__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2008-12-26 14:07:56 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2971.38971__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2008-12-26 14:07:56 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2971.38986__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2008-12-26 14:07:55 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2939.23744__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.2939.23747__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2008-12-26 14:07:55 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2008-12-26 14:07:55 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2008-12-26 14:07:55 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2008-12-26 14:07:55 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2939.23763__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2008-12-26 14:07:55 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2008-12-26 14:07:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2008-12-26 14:07:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll
MOD - [2008-12-26 14:07:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2008-12-26 14:07:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll
MOD - [2008-12-26 14:07:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2008-12-26 14:07:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2008-12-26 14:07:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2008-12-26 14:07:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2008-12-26 14:07:54 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2008-12-26 14:07:54 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2008-12-26 14:07:54 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2008-12-26 14:07:51 | 001,507,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2971.38799__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2008-12-26 14:07:51 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2971.38819__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2008-12-26 14:07:51 | 000,413,696 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2971.39044__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2008-12-26 14:07:51 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2971.39053__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2008-12-26 14:07:51 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2971.38784__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2008-12-26 14:07:51 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2971.39051__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2008-12-26 14:07:51 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2008-12-26 14:07:51 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2008-12-26 14:07:51 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2008-12-26 14:07:51 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2971.39081__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2008-12-26 14:07:51 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2008-12-26 14:07:51 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2008-12-26 14:07:51 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2008-12-26 14:07:51 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2008-12-26 14:07:51 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2008-12-26 14:07:51 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2008-12-26 14:07:51 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.2971.39092__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2008-12-26 14:07:51 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2971.38783__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2008-12-26 14:07:50 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2971.38784__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2008-12-26 14:07:50 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2971.38782__90ba9c70f846762e\APM.Server.dll
MOD - [2008-12-26 14:07:50 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2971.38783__90ba9c70f846762e\AEM.Server.dll
MOD - [2008-12-26 14:07:50 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2971.39053__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2008-12-26 14:07:50 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2008-03-05 01:38:16 | 000,227,888 | ---- | M] () -- C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
MOD - [2008-02-20 20:30:04 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2008-02-19 17:08:00 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008-01-09 20:43:26 | 000,326,176 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe
MOD - [2008-01-09 20:43:12 | 000,057,344 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll
MOD - [2008-01-09 20:42:54 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll
MOD - [2007-12-19 20:09:42 | 000,003,584 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\fr\eSettings.Plugin.resources.dll
MOD - [2007-12-19 20:09:38 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll
MOD - [2007-12-19 20:09:00 | 000,011,264 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\fr\eSettings.Presenter.resources.dll
MOD - [2007-12-19 20:08:54 | 000,155,648 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll
MOD - [2007-12-19 20:08:28 | 003,420,160 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.View.dll
MOD - [2007-12-19 20:08:10 | 000,032,768 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll
MOD - [2007-10-17 12:38:24 | 000,003,584 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\fr\ePerformance.Plugin.resources.dll
MOD - [2007-10-17 12:38:20 | 000,045,056 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Plugin.dll
MOD - [2007-10-17 12:38:00 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.dll
MOD - [2007-10-17 12:38:00 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Presenter.dll
MOD - [2007-10-17 12:37:58 | 000,040,960 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Library.dll
MOD - [2007-10-17 11:55:10 | 000,020,480 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.Interface.dll
MOD - [2007-10-17 11:55:10 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\MemCheck.Interface.dll
MOD - [2007-02-13 06:26:30 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll


========== Win32 Services (SafeList) ==========

SRV - [2011-12-14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011-10-11 18:30:46 | 000,111,632 | ---- | M] (TMRG, Inc.) [Auto | Running] -- C:\Program Files\RelevantKnowledge\rlservice.exe -- (RelevantKnowledge)
SRV - [2011-07-01 13:40:36 | 000,063,976 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2011-07-01 13:38:58 | 000,298,824 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2011-05-24 19:54:54 | 000,329,544 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2011-05-24 18:40:12 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2011-05-10 07:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010-10-31 20:03:48 | 000,161,144 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist Express Customer\240\g2ax_service.exe -- (GoToAssist Express Customer)
SRV - [2010-09-11 11:48:12 | 001,052,676 | ---- | M] (NCH Software) [Auto | Running] -- C:\Program Files\NCH Swift Sound\VRS\vrs.exe -- (VRSService)
SRV - [2010-09-11 11:46:16 | 000,745,476 | ---- | M] (NCH Software) [Auto | Running] -- C:\Program Files\NCH Swift Sound\MSRS\msrs.exe -- (MSRSService)
SRV - [2010-03-18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010-03-12 17:41:16 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010-01-15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008-08-18 09:51:22 | 001,699,784 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2008-03-05 01:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008-01-25 20:49:04 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2008-01-20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007-12-19 20:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007-10-17 12:38:20 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2007-09-10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007-01-04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - [2011-12-19 21:46:50 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2011-09-06 16:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011-09-06 16:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011-09-06 16:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011-09-06 16:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011-05-10 07:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011-05-10 06:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010-12-02 22:30:44 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010-09-22 14:19:02 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hssdrv.sys -- (HssDrv)
DRV - [2010-06-22 21:47:58 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2009-09-28 22:27:11 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009-08-14 08:08:50 | 000,105,984 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qcusbser.sys -- (qcusbser)
DRV - [2009-07-15 02:00:26 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2009-04-27 19:39:08 | 000,087,696 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2009-04-27 19:39:08 | 000,079,888 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2009-04-27 19:39:08 | 000,041,424 | ---- | M] (Sun Microsystems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2009-04-27 19:39:06 | 000,100,944 | ---- | M] (Sun Microsystems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2008-02-19 19:52:50 | 003,514,368 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007-12-21 10:51:08 | 007,629,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007-12-08 00:28:10 | 000,140,320 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007-12-08 00:28:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007-11-06 11:30:48 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport)
DRV - [2007-11-06 11:30:46 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (tvicport)
DRV - [2007-09-25 09:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2007-09-10 13:17:40 | 001,035,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007-07-16 04:38:06 | 000,030,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2007-07-07 08:13:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007-07-02 21:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2007-01-29 05:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2006-12-12 16:59:56 | 000,016,512 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\Windows\System32\drivers\aspi32.sys -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.ca.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eis.esnips.co...d2-41fde8d1391d

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eis.esnips.co...d2-41fde8d1391d
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:4.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://websearch.ask...&apn_dtid=&&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Linda\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Linda\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Logia\eSnipsDownloader\ext [2011-05-22 10:20:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3C5F0F00-683D-4847-89C8-E7AF64FD1CFB}: C:\Program Files\RelevantKnowledge [2012-01-13 19:23:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-01-13 18:06:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-01-13 18:04:08 | 000,000,000 | ---D | M]

[2009-11-10 10:06:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Linda\AppData\Roaming\Mozilla\Extensions
[2009-11-10 10:06:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Linda\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012-01-13 18:06:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\4jt4nlrf.default\extensions
[2012-01-11 07:45:06 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\4jt4nlrf.default\extensions\[email protected]
[2012-01-11 07:53:33 | 000,002,392 | ---- | M] () -- C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\4jt4nlrf.default\searchplugins\askcom.xml
[2009-09-28 22:58:09 | 000,002,399 | ---- | M] () -- C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\4jt4nlrf.default\searchplugins\daemon-search.xml
[2010-02-17 22:15:47 | 000,000,266 | ---- | M] () -- C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\4jt4nlrf.default\searchplugins\Search.xml
[2012-01-13 18:06:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011-08-20 17:16:55 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2012-01-13 18:06:46 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2011-12-21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009-03-05 17:08:04 | 000,049,664 | ---- | M] () -- C:\Program Files\mozilla firefox\components\FFComm.dll
[2011-05-04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011-12-20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011-05-22 10:20:22 | 000,002,029 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\esnips.xml
[2011-12-20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&output=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2006-09-18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (eSnipsBHO Class) - {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - C:\Program Files\Logia\eSnipsDownloader\eSnipsBHO.dll (Logia Media)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [Apanel] C:\ACERSW\config\SetApanel.cmd File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [eSnips_Downloader] C:\Program Files\Logia\eSnipsDownloader\eSnips_Downloader.exe (Logia Ltd.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [downloadhq] C:\Program Files\DownloadHQ\DownloadHQ.exe (DownloadHQ Group)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskPins.lnk = C:\Program Files\DeskPins\DeskPins.exe (Elias Fotinis)
O4 - Startup: C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Vegas Red Casino - {D5AE2D6D-38A7-425c-86C0-E4ABBDB9EC68} - C:\Casino\Vegas Red Casino\casino.exe File not found
O9 - Extra 'Tools' menuitem : Vegas Red Casino - {D5AE2D6D-38A7-425c-86C0-E4ABBDB9EC68} - C:\Casino\Vegas Red Casino\casino.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Bejeweled%203/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Mahjong%20Towers%20Eternity/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B89E525-B2FE-4E02-B769-D671257BBDE6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC5E9ED1-D009-43D4-AA4D-D31723C2C0CD}: NameServer = 10.94.16.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist Express Customer: DllName - (C:\Program Files\Citrix\GoToAssist Express Customer\240\g2ax_winlogon.dll) - C:\Program Files\Citrix\GoToAssist Express Customer\240\g2ax_winlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Linda\Documents\Laurence\P4230094_Rogne JPM3.jpg
O24 - Desktop BackupWallPaper: C:\Users\Linda\Documents\Laurence\P4230094_Rogne JPM3.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{dc4b8955-acab-11de-a6c8-00218509134c}\Shell - "" = AutoRun
O33 - MountPoints2\{dc4b8955-acab-11de-a6c8-00218509134c}\Shell\AutoRun\command - "" = K:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012-01-13 19:37:21 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Linda\Desktop\OTL.scr
[2012-01-13 19:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
[2011-12-30 13:45:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2011-12-28 16:08:40 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Roaming\tiger-k
[2011-12-26 20:14:05 | 000,000,000 | ---D | C] -- C:\Program Files\RelevantKnowledge
[2011-12-26 20:11:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leawo
[2011-12-26 20:11:15 | 000,000,000 | ---D | C] -- C:\Program Files\Leawo
[2011-12-26 20:02:46 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\Seven Zip
[2011-12-26 13:45:36 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\DownloadHQ
[2011-12-26 13:43:14 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DownloadHQ
[2011-12-26 13:43:14 | 000,000,000 | ---D | C] -- C:\Program Files\DownloadHQ
[2011-12-26 13:36:35 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
[2011-12-26 13:36:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
[2011-12-26 13:36:34 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2011-12-26 13:24:23 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Roaming\Broad Intelligence
[2011-12-26 13:24:17 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaCoder
[2011-12-26 13:23:56 | 000,000,000 | ---D | C] -- C:\Program Files\MediaCoder
[2011-12-26 01:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2011-12-26 01:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar
[2011-12-26 01:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2011-12-26 00:58:46 | 000,000,000 | ---D | C] -- C:\Users\Linda\Documents\My Digital Editions
[2011-12-26 00:42:29 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\Kobo
[2011-12-26 00:42:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kobo
[2011-12-26 00:40:44 | 000,000,000 | ---D | C] -- C:\Program Files\Kobo
[2011-12-19 21:46:50 | 000,037,376 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\System32\libusb0.dll
[2011-12-19 21:46:50 | 000,021,504 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\System32\drivers\libusb0.sys
[2008-12-26 14:26:11 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-01-13 19:37:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Linda\Desktop\OTL.scr
[2012-01-13 19:22:01 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-01-13 19:08:24 | 000,605,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012-01-13 19:08:24 | 000,104,680 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012-01-13 19:06:07 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-01-13 19:06:07 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2012-01-13 19:02:00 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-53930244-3333630975-3341998274-1000UA.job
[2012-01-13 19:02:00 | 000,001,026 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-53930244-3333630975-3341998274-1000Core.job
[2012-01-13 19:01:21 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012-01-13 19:01:21 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012-01-13 19:01:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-01-13 18:06:46 | 000,000,834 | ---- | M] () -- C:\Users\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012-01-13 18:06:46 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012-01-13 11:28:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012-01-08 15:13:29 | 000,100,864 | ---- | M] () -- C:\Users\Linda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-01-08 02:38:00 | 000,000,454 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job
[2012-01-03 19:06:12 | 000,108,120 | ---- | M] () -- C:\Users\Linda\Desktop\Dallas.jpg
[2011-12-30 13:45:46 | 000,001,947 | ---- | M] () -- C:\Users\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk
[2011-12-30 13:45:46 | 000,001,923 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Digital Editions.lnk
[2011-12-26 20:11:28 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Leawo AVI Converter.lnk
[2011-12-26 13:24:17 | 000,000,868 | ---- | M] () -- C:\Users\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\MediaCoder.lnk
[2011-12-26 13:24:17 | 000,000,844 | ---- | M] () -- C:\Users\Linda\Desktop\MediaCoder.lnk
[2011-12-26 00:42:18 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\Kobo.lnk
[2011-12-19 21:46:50 | 000,037,376 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\Windows\System32\libusb0.dll
[2011-12-19 21:46:50 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\Windows\System32\drivers\libusb0.sys
[2011-12-15 03:25:37 | 000,300,168 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-01-13 18:06:46 | 000,000,834 | ---- | C] () -- C:\Users\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012-01-13 18:06:46 | 000,000,822 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012-01-13 18:06:46 | 000,000,810 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012-01-03 19:06:09 | 000,108,120 | ---- | C] () -- C:\Users\Linda\Desktop\Dallas.jpg
[2011-12-30 13:45:46 | 000,001,947 | ---- | C] () -- C:\Users\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk
[2011-12-30 13:45:46 | 000,001,935 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions.lnk
[2011-12-30 13:45:46 | 000,001,923 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Digital Editions.lnk
[2011-12-26 20:11:28 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Leawo AVI Converter.lnk
[2011-12-26 13:24:17 | 000,000,868 | ---- | C] () -- C:\Users\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\MediaCoder.lnk
[2011-12-26 13:24:17 | 000,000,844 | ---- | C] () -- C:\Users\Linda\Desktop\MediaCoder.lnk
[2011-12-26 00:42:18 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\Kobo.lnk
[2011-05-23 10:08:24 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini
[2011-01-08 20:59:03 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011-01-08 20:33:41 | 000,153,600 | ---- | C] () -- C:\Windows\System32\WS_ContextMenu.dll
[2010-06-09 13:51:28 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2010-04-16 19:04:01 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010-02-28 12:55:23 | 000,000,680 | ---- | C] () -- C:\Users\Linda\AppData\Local\d3d9caps.dat
[2010-01-13 23:02:01 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009-09-12 10:34:39 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2009-09-12 10:34:39 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2009-09-12 10:34:39 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2009-09-12 10:34:39 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2009-09-12 10:34:39 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2009-09-12 10:34:39 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2009-09-12 10:34:39 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2009-09-12 10:34:39 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2009-09-12 10:34:39 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2009-09-12 10:34:39 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2009-09-12 10:34:39 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2009-09-12 10:34:39 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2009-09-12 10:34:39 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2009-09-12 10:34:39 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2009-09-12 10:34:39 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2009-09-12 10:34:39 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009-09-12 10:32:34 | 000,000,044 | ---- | C] () -- C:\Windows\EPSNX400.ini
[2009-09-01 17:26:55 | 000,000,121 | ---- | C] () -- C:\Windows\bdagent.INI
[2009-08-29 02:05:53 | 000,081,984 | ---- | C] () -- C:\Windows\System32\bdod.bin
[2009-08-18 13:09:39 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009-08-18 13:09:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009-08-03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009-08-03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009-07-22 17:25:20 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009-06-13 21:43:20 | 000,000,168 | ---- | C] () -- C:\Windows\wininit.ini
[2009-05-21 16:42:02 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009-05-19 08:35:39 | 000,000,210 | ---- | C] () -- C:\Windows\CWPlayerCfg.Ini
[2009-02-09 21:23:14 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2009-02-09 21:22:17 | 000,000,029 | ---- | C] () -- C:\Windows\atid.ini
[2009-01-05 01:52:20 | 000,100,864 | ---- | C] () -- C:\Users\Linda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-12-28 11:52:24 | 000,000,708 | ---- | C] () -- C:\Users\Linda\AppData\Roaming\wklnhst.dat
[2008-12-27 03:10:19 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008-12-26 14:30:55 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2008-12-26 14:30:55 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2008-12-26 14:27:12 | 000,077,824 | ---- | C] () -- C:\Windows\System32\drivers\INT15_DETECT.EXE
[2008-12-26 14:26:11 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2008-12-26 14:07:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008-12-26 14:05:21 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008-12-26 14:05:20 | 000,165,746 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008-12-26 14:05:20 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008-12-26 14:05:20 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2008-12-26 14:05:20 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008-03-16 15:42:41 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2008-03-16 15:10:10 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2008-03-16 14:16:12 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008-03-16 14:03:42 | 000,001,108 | ---- | C] () -- C:\Windows\generic.ini
[2008-03-16 14:03:42 | 000,000,132 | ---- | C] () -- C:\Windows\Alaunch.ini
[2006-11-02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006-11-02 07:47:37 | 000,300,168 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006-11-02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006-11-02 05:33:01 | 000,605,940 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006-11-02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006-11-02 05:33:01 | 000,104,680 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006-11-02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006-11-02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006-11-02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006-11-02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006-11-02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006-11-02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001-12-26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001-09-06 17:42:54 | 000,000,036 | ---- | C] () -- C:\Windows\A3W.ini
[2001-09-04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001-07-30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001-07-23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2011-08-13 11:03:53 | 000,000,000 | -HSD | M] -- C:\Users\Linda\AppData\Roaming\.#
[2008-12-26 14:34:20 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Acer
[2008-03-16 14:49:03 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Acer GameZone Console
[2010-02-28 12:46:37 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\AntispywareBot
[2011-05-23 09:44:07 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Atari
[2011-05-22 11:54:59 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Audacity
[2009-09-02 17:30:44 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\BitDefender
[2009-09-28 22:47:49 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Blitware
[2011-12-26 13:24:23 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Broad Intelligence
[2009-03-19 18:17:21 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\com.doubleperfect.ggpo.0753AD3679DBFCA1E7F470171B7D0DB8B404A7EA.1
[2009-09-28 23:07:59 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\DAEMON Tools Lite
[2009-09-28 22:27:03 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\DAEMON Tools Pro
[2009-11-04 00:12:58 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Damdai
[2009-12-15 11:57:47 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\El Conjugador
[2010-04-14 19:15:22 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\EPSON
[2009-05-29 07:08:06 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\eSobi
[2011-12-30 11:55:10 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\foobar2000
[2011-05-22 11:54:01 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Free Audio Editor
[2009-01-17 07:36:09 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Goodsol
[2011-05-17 06:54:20 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\gtk-2.0
[2008-12-26 14:34:19 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Leadertech
[2011-12-28 16:08:39 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Leawo
[2012-01-13 19:08:29 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\LimeWire
[2011-05-22 10:20:23 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Logia
[2011-01-08 21:00:50 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Moyea
[2010-09-11 11:48:26 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\NCH Swift Sound
[2010-09-15 06:10:30 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Recordpad
[2009-01-03 00:32:47 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\SpinTop
[2009-06-18 18:48:25 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\SystemRequirementsLab
[2010-08-27 07:10:46 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Template
[2011-12-28 16:09:29 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\tiger-k
[2011-08-29 07:15:43 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\TP
[2010-11-10 06:56:09 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\uniblue
[2012-01-13 19:08:37 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\uTorrent
[2012-01-08 02:38:00 | 000,000,454 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job
[2012-01-13 19:06:07 | 000,000,332 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
[2012-01-13 18:59:03 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:8842A96D
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:7149F3EF
@Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:55422315
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:2F4A0A6B
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:9E22BBE8
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:55818279

< End of report >



------------------------------------



OTL Extras logfile created on: 2012-01-13 19:38:42 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Linda\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 1,49 Gb Available Physical Memory | 49,55% Memory free
6,21 Gb Paging File | 4,45 Gb Available in Paging File | 71,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 228,13 Gb Total Space | 54,78 Gb Free Space | 24,01% Space Free | Partition Type: NTFS
Drive D: | 227,87 Gb Total Space | 227,49 Gb Free Space | 99,83% Space Free | Partition Type: NTFS

Computer Name: LINDA-PC | User Name: Linda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{040A5FF4-1118-418D-9866-5476E6842CE6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{068DF9DF-CE67-4C5A-9CAC-DB6C1E078A87}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{0D7E7935-0D52-47FE-A188-899C8A990B4D}" = rport=138 | protocol=17 | dir=out | app=system |
"{10F9170A-DC31-4E91-9AB6-FC280B339DE0}" = lport=138 | protocol=17 | dir=in | app=system |
"{37F607C2-284B-4CB5-9014-895D2E571E69}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{47A6AED8-A83E-46A5-8F5D-604F43EC3A0D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5415C27E-45B9-4820-946D-4694829CEB95}" = rport=137 | protocol=17 | dir=out | app=system |
"{57105829-1A1C-4CCB-A910-86667079A3E7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{720AB563-E8FE-4F6C-ADA4-3EA24BD4E544}" = lport=2869 | protocol=6 | dir=in | app=system |
"{809E952E-72A3-45DA-8543-6F72E98E26CB}" = lport=4100 | protocol=17 | dir=in | name=upnp router control port |
"{8F5D6AE2-C628-499A-B58D-63D034446AAB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{954553FB-94DF-43B0-AA45-EEF2BFF521BA}" = lport=139 | protocol=6 | dir=in | app=system |
"{A7F68CAB-24C9-48E4-8D34-8CD97C88227F}" = rport=139 | protocol=6 | dir=out | app=system |
"{B2D1CF5E-EAB9-4E28-B017-AD8FA5D6E690}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C61DEACF-44A9-486B-83C4-1A40BA691222}" = rport=445 | protocol=6 | dir=out | app=system |
"{CD6B3102-34FD-4F73-B483-8C41393BDCD4}" = lport=445 | protocol=6 | dir=in | app=system |
"{CF20F232-C880-46E2-BD1B-7AA7B603C1D3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D1E6EA7B-95DF-40BF-8739-3FAF65414F3B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D9C77D2D-0C62-48D5-9F93-C12428403880}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E07863D6-8105-4B5B-A5A8-3BA605E40FD9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F417EA7A-9388-4960-B87B-06746FCB080B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F44949A8-94A2-4D30-93DD-2A782EAD00F0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F7377A03-32E9-4336-8411-C03869BD5C11}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0838EBC8-E663-4B66-866E-FA6DBCF15D59}" = protocol=1 | dir=out | [email protected],-28544 |
"{0A8A1534-BD28-46F6-9CA9-ECC60F40E410}" = protocol=1 | dir=in | [email protected],-28543 |
"{1599FD2C-F29D-46C2-B9AA-9ED69FA0A4C3}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{173969C0-F670-4DBF-9570-97324A6713B6}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{1ABBD73E-7B08-47D0-B694-CCEDF53B6F6A}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{1C4C93FE-A809-4596-9008-F2B3D08EFF21}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{1F90B495-9ADE-47AC-9530-8C2C2CA48ABD}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{20A33BFC-01CD-4127-9C32-C7DA6FCD5FCA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{24E429E7-CED5-4DC7-AD87-92BBA056071E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2CA36D6C-7E8A-45FC-BEE4-5DAF62D64107}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{31EB5216-7D72-4C17-8DF2-FA5B69B7869E}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{34FFB7A0-1A20-4347-B608-04B53942437D}" = protocol=6 | dir=in | app=c:\users\linda\downloads\3gpconvertersetup.exe |
"{38D0A2A9-099B-4256-A928-F810181F14E9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{39863CA9-3184-4F99-9510-39E313EE846B}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{479ECCE8-031F-4BCF-B7EB-31702685CE3A}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{49A12236-69A5-4A8D-A922-09F6F7CB7754}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{4C294858-6B1A-4B89-A2A6-405DABD744A4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4D28F399-76C1-4F69-A98B-145C52AAEBFC}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{6A4CAF56-9623-4AFA-854B-D47483B10A3B}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe |
"{70441C18-3E53-4EFF-B676-D2C732DCB557}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe |
"{7DC067A8-B0E3-4313-9110-AF4E161E15EC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7DD43CEF-4847-4132-97EC-9EB1965C200B}" = protocol=6 | dir=in | app=c:\users\linda\appdata\local\temp\~os5c67.tmp\rlvknlg.exe |
"{84BB645A-5F9B-44EB-ADAE-4354AF107AD1}" = protocol=17 | dir=in | app=c:\users\linda\appdata\local\temp\7zsdff2.tmp\symnrt.exe |
"{89EC6C5A-4AB0-4332-8222-0B151E8A8E96}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8A7520D5-A8CD-4998-9766-90FDE9060FF6}" = protocol=17 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{8B14073C-8DF3-460C-A5D7-2A4303C5D37D}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{8E5AC746-02CF-4513-9F72-04A74B446FFC}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe |
"{92E72A5C-B72B-4379-94AE-F07E353CAB52}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe |
"{94063567-A94D-492C-A5FE-C8A914B9B6F4}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{A4413086-4FAF-4E62-8077-480B57875EF8}" = protocol=6 | dir=in | app=c:\users\linda\appdata\local\temp\~os5b3f.tmp\rlvknlg.exe |
"{A95B326A-DD98-4550-8653-CE41D482B8FA}" = dir=in | app=c:\program files\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe |
"{B30E2A90-DF68-48D4-94D1-240213326E85}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{B3CB2823-7266-4730-A1E8-62CFCE4EF5B7}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B4499393-1FA9-42A0-ADAA-94946735DA45}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{B631B083-CC86-4B07-B0C0-C5ECE51CAAA0}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{BDCB107B-4450-4115-8B46-F70E77776510}" = protocol=58 | dir=in | [email protected],-28545 |
"{BE36BF55-C18D-4CB0-8F3E-10E171D0EF9D}" = protocol=58 | dir=out | [email protected],-28546 |
"{C318B0A4-B2D0-4D2E-9441-555DC11A8A75}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C4ED1D25-12EA-474D-A3DA-C1FE95B6C266}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{CC629500-0671-49A9-9C7B-C75316C50354}" = protocol=6 | dir=in | app=c:\users\linda\appdata\local\temp\7zsdff2.tmp\symnrt.exe |
"{CD5DC196-3F73-4772-945B-665E0182F5F5}" = protocol=17 | dir=in | app=c:\users\linda\downloads\3gpconvertersetup.exe |
"{ED2C8899-0F7B-4055-9B94-6532B733779E}" = protocol=6 | dir=in | app=c:\users\linda\appdata\local\temp\~os4d1b.tmp\rlvknlg.exe |
"{F578644D-E241-428A-9E89-CE2D8448C616}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{F8FD3EF0-7E5A-497A-8777-034A106D806C}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{F9A4C7B5-7EED-4912-984B-C97497DDCC83}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FA7A4DCB-A9DE-40B7-9032-CEEC060DDCBF}" = protocol=6 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{FDA65146-4764-4BBA-ACB9-707F8D9A8392}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"TCP Query User{0F2098FB-EA86-49F8-A29B-8768B6F0DA2F}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{1101FFBD-5789-4A32-B8AC-1709CC519868}C:\program files\downloadhq\downloadhq.exe" = protocol=6 | dir=in | app=c:\program files\downloadhq\downloadhq.exe |
"TCP Query User{1ECFC746-D685-4509-80CD-30599263EDE5}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{240369D5-ADE2-4739-A3EC-8BA3BE0EF38E}C:\users\linda\appdata\local\apps\2.0\cxy2d0t1.k6h\4w1x71v6.czp\2dff..tion_fcdf29b345c9098a_0001.0000_89b83da73a004bb4\2df freeplay client.exe" = protocol=6 | dir=in | app=c:\users\linda\appdata\local\apps\2.0\cxy2d0t1.k6h\4w1x71v6.czp\2dff..tion_fcdf29b345c9098a_0001.0000_89b83da73a004bb4\2df freeplay client.exe |
"TCP Query User{386FC08D-B078-4239-8D24-E5CB7E91F531}E:\easysetupassistant\easysetupassistant.exe" = protocol=6 | dir=in | app=e:\easysetupassistant\easysetupassistant.exe |
"TCP Query User{3CA50967-2AF0-438F-97E8-F847C184B158}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{45348198-370E-45DD-A0A6-59DDA100AECA}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{4C8E4D3F-260C-4DA7-B125-065E3684BFAE}C:\users\linda\desktop\immaterial and missing power\cowcaster.exe" = protocol=6 | dir=in | app=c:\users\linda\desktop\immaterial and missing power\cowcaster.exe |
"TCP Query User{70FA6043-A046-47C1-91CB-9C4D1EA9DDDB}C:\users\linda\appdata\roaming\damdai\2df\freeplay\freeplay_emu.exe" = protocol=6 | dir=in | app=c:\users\linda\appdata\roaming\damdai\2df\freeplay\freeplay_emu.exe |
"TCP Query User{742FE18D-63D6-466D-8963-FD02FF6EBE04}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{8F917F24-F23A-4983-86BE-B749DB05B758}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{99DA85AA-6305-4023-B724-BE80C61B7DD7}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{ABDD3112-511B-4A0F-8F8C-AA9A0D1CE77D}C:\program files\ggpo\ggpofba.exe" = protocol=6 | dir=in | app=c:\program files\ggpo\ggpofba.exe |
"TCP Query User{DA3A38E1-7DBD-4A3D-BE9A-73C70294F03D}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{E06C083A-3474-4F7C-9A07-22F93092C34F}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"TCP Query User{EB9746BE-FD63-4171-93FE-0AB44B0B40B1}C:\program files\ggpo\ggpo.exe" = protocol=6 | dir=in | app=c:\program files\ggpo\ggpo.exe |
"TCP Query User{EE407EBE-540B-41B9-B988-DC8972BF3A4F}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{F5BFDC82-B8FB-45DA-BFF9-B0722391FBA0}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{2A4BE886-5F61-4D30-86FB-0AB39BF102C2}C:\users\linda\desktop\immaterial and missing power\cowcaster.exe" = protocol=17 | dir=in | app=c:\users\linda\desktop\immaterial and missing power\cowcaster.exe |
"UDP Query User{353BD60C-06B6-46D2-9404-C4A3A0CBD9F0}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{475582BD-48B4-4761-BB0F-9167013D1735}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{55CFF293-E8DC-4C10-BDF9-37C2953BA3FF}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{568F2C6A-A7B1-46C2-BF79-06497CF725E4}C:\users\linda\appdata\roaming\damdai\2df\freeplay\freeplay_emu.exe" = protocol=17 | dir=in | app=c:\users\linda\appdata\roaming\damdai\2df\freeplay\freeplay_emu.exe |
"UDP Query User{5ADCB34B-4691-4F57-B009-C0326E0A28D9}E:\easysetupassistant\easysetupassistant.exe" = protocol=17 | dir=in | app=e:\easysetupassistant\easysetupassistant.exe |
"UDP Query User{5E6F8B93-C36C-4F12-8767-84BCB51C4958}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{71767655-E174-4C00-9127-155D07A6898A}C:\users\linda\appdata\local\apps\2.0\cxy2d0t1.k6h\4w1x71v6.czp\2dff..tion_fcdf29b345c9098a_0001.0000_89b83da73a004bb4\2df freeplay client.exe" = protocol=17 | dir=in | app=c:\users\linda\appdata\local\apps\2.0\cxy2d0t1.k6h\4w1x71v6.czp\2dff..tion_fcdf29b345c9098a_0001.0000_89b83da73a004bb4\2df freeplay client.exe |
"UDP Query User{88F5415E-BC1C-401A-A937-210D78FC6852}C:\program files\ggpo\ggpofba.exe" = protocol=17 | dir=in | app=c:\program files\ggpo\ggpofba.exe |
"UDP Query User{89E07E44-7CD3-4892-BFC2-0DC75B6B0D49}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{8F56739C-2F88-4F59-84A1-1F15E4813291}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{9529DA20-1D7C-4F2B-A404-C2F14953BDD9}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"UDP Query User{9B3700FA-E6BE-4725-B7D7-3BEDE739E5CA}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{9DA3A951-78CC-40A4-B7BE-832203F46B4B}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{9E52535D-C886-4FEA-86CD-7AC3674F5F50}C:\program files\ggpo\ggpo.exe" = protocol=17 | dir=in | app=c:\program files\ggpo\ggpo.exe |
"UDP Query User{D82F89D5-7200-4F51-84C4-67D58140AB44}C:\program files\downloadhq\downloadhq.exe" = protocol=17 | dir=in | app=c:\program files\downloadhq\downloadhq.exe |
"UDP Query User{EEE93EC3-520F-412B-89F9-89270D86E2D5}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{F4C028BE-48EB-48C7-BD4B-3E877486602E}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00E139DD-A721-6CAD-BD4C-6FF597FC52BD}" = Catalyst Control Center Graphics Light
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{02F1F814-3458-9AE2-B360-6BA8C8DF9049}" = Catalyst Control Center Localization Danish
"{0542231F-2010-4C7B-9169-EC0C0CB9F371}" = Sun xVM VirtualBox
"{062D3AEE-6E5C-BCE9-4BE4-1190D29EE352}" = CCC Help Thai
"{06A4892F-EC84-7384-B401-52F30FC122FE}" = Catalyst Control Center Localization Japanese
"{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}" = Uniblue RegistryBooster
"{0CC4C654-6439-52F7-FB58-7A6A720166ED}" = CCC Help Turkish
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{173823FE-9525-76D1-D97B-0FE91E155252}" = Skins
"{1A214451-2E9B-D3D3-47C6-A5721559CB4C}" = CCC Help Chinese Standard
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 26
"{26ED1160-22B1-4b19-8C21-42A1BACAAF75}" = pdfforge Toolbar v4.9
"{277D09B9-B42D-2AC2-C924-EDDFCF2107A3}" = Catalyst Control Center Core Implementation
"{286062BC-BDD5-9672-C020-136205720097}" = Catalyst Control Center Localization German
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2BA19C43-B671-8CEE-9354-4045F2CA7EB4}" = Catalyst Control Center Graphics Full Existing
"{2C1F489E-5720-996D-B4C1-EDC85CE1B65E}" = CCC Help Finnish
"{2CF047B3-E199-A69F-6D92-AADFBA7FF661}" = Catalyst Control Center Localization Chinese Traditional
"{2D62916C-976C-4425-8833-8814D9A7A54D}" = ArcSoft Print Creations
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2DFF2037-F943-84F0-BE0C-64D0CDD77E58}" = Catalyst Control Center Localization French
"{36CCF09A-3ABB-C137-4EFD-07E91590D001}" = Catalyst Control Center Localization Swedish
"{39140291-BEC7-7D17-B3AC-BA327051FA0B}" = ccc-core-static
"{3A146779-C87B-332C-EBBC-8579497D68BA}" = Catalyst Control Center Localization Greek
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{423C4F57-FABA-53C2-BD7C-2C5A2EFC50B4}" = Catalyst Control Center Localization Spanish
"{4254E189-9BDD-3319-C681-F60AF423A509}" = CCC Help Polish
"{431643EB-1687-CB60-C9C9-E9E60937E87E}" = Catalyst Control Center Graphics Previews Vista
"{4677674C-59CE-41B0-AA32-44A30A9D1EEB}" = Catalyst Control Center - Branding
"{47A3FE80-528F-482B-8143-B3A4645557FC}" = Microsoft LifeCam
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BBCED26-53AA-B0F9-753C-B7D7822F5B54}" = CCC Help Norwegian
"{4F99A59A-FA06-50CE-720F-983F59D14344}" = Catalyst Control Center Localization Thai
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.6
"{555A4211-DCF8-2A4B-8521-F077D1C72E52}" = Catalyst Control Center Localization Turkish
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61F260E7-05DE-9EBD-C5F0-4D8AF9FC16A3}" = CCC Help Chinese Traditional
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{68BD9036-0952-4849-AE7A-963BB53EDB71}" = GGPO
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7C03DBF2-0F03-F9E8-3CBE-B07CB7F59318}" = CCC Help Greek
"{7D42B43A-EA63-4234-B00A-757C15B2B185}_is1" = Leawo AVI Converter version 5.0.0.0
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112310577}" = Flip Words 2
"{85C89C8C-4FD7-C7E2-97A7-847D947FFDDB}" = Catalyst Control Center Localization Chinese Standard
"{864A44F1-6AB7-5016-B275-DC2AC43D09E7}" = Catalyst Control Center Localization Portuguese
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8E279E44-FBBF-3C62-899C-E8D021697D52}" = ccc-utility
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96C48A0F-0368-554A-6833-F9B7D264B59F}" = CCC Help Italian
"{96C61636-0F21-403C-5348-AAE3C857BD72}" = Catalyst Control Center Graphics Full New
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF5B5DE-6161-F211-2052-54BB67F32008}" = Catalyst Control Center Localization Finnish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B075B92E-C60E-57C2-BDA4-A60E5FF71591}" = CCC Help Dutch
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B420E03C-A7A8-7142-8BF1-D6798B98AC8A}" = CCC Help Korean
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{BE63EA03-29BF-4E9D-73C9-095850F069C8}" = CCC Help Swedish
"{BFFDAD41-BAAB-5602-CD1A-EE1171D14D40}" = Catalyst Control Center Localization Hungarian
"{C3452F04-DA8E-2119-1925-D0E050A64186}" = ATI Catalyst Install Manager
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C8CF9485-B188-A9B0-FEE3-3F423779F89C}" = Catalyst Control Center Localization Dutch
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{CEA453C2-40E0-9B65-A90D-DA8611C29F32}" = CCC Help Hungarian
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition
"{d08d9f98-1c78-4704-87e6-368b0023d831}" = RelevantKnowledge
"{D17E2A02-5D61-C6F9-8D78-90FE1112C19A}" = CCC Help Spanish
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D53BAED6-CF1C-FF87-DE1A-D879D22EF67C}" = Catalyst Control Center Localization Czech
"{D5C388EB-9848-80F6-02F4-DBFED2DF02E8}" = CCC Help French
"{D7E3DAA3-78CB-A30F-FD58-94ED333AE524}" = CCC Help English
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DE44BDEC-6005-6676-DBA4-FC314F53DD49}" = Catalyst Control Center Localization Norwegian
"{E05830A9-573F-8253-C280-921FF1474DA5}" = Catalyst Control Center Localization Russian
"{E0D6A886-A34F-7303-C485-91FA655E83D5}" = CCC Help Japanese
"{E53B1B0E-C8DA-4105-2C41-210571998AB6}" = Catalyst Control Center Localization Korean
"{E927B65C-A081-8B68-705C-932883697B80}" = Catalyst Control Center Localization Italian
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF70BC30-AEE6-5C73-DC7C-3C3B9A73D8FE}" = Catalyst Control Center Localization Polish
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F37200BB-2C03-42D9-DBE3-C6240D53DF06}" = CCC Help Portuguese
"{F57D72B6-7FBB-3C60-A19D-55C7B8042934}" = CCC Help Russian
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{F7FE23D7-980C-6250-6873-4BD1660FE4CB}" = CCC Help Czech
"{F90E2693-78D9-7CCB-4617-2383A0A31CD2}" = CCC Help Danish
"{F917BAC3-BC13-E3A0-EE98-74D9DA33BAE6}" = CCC Help German
"7-Zip" = 7-Zip 4.65
"Acer Assist" = Acer Assist
"Acer GameZone Console_is1" = Acer GameZone Console DTV 2.0.1.1
"Acer Registration" = Acer Registration
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"avast" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"Bejeweled 2" = Bejeweled 2
"Bejeweled 3" = Bejeweled 3
"BFGC" = Big Fish Games Client
"Bicycle Card Games 1.0" = Bicycle Card Games
"Carbonite Backup" = Carbonite
"Champ500" = Championship Five Hundred All-Stars 7.30
"CleanUp!" = CleanUp!
"DeskPins" = DeskPins (remove only)
"Digital Editions" = Adobe Digital Editions
"DownloadHQ" = DownloadHQ
"EPSON Scanner" = EPSON Scan
"EPSON Stylus NX400 Series" = EPSON Stylus NX400 Series Printer Uninstall
"eSnips_Downloader" = eSnips Downloader
"Express" = Express Dictate
"ExpressBurn" = Express Burn Disc Burning Software
"foobar2000" = foobar2000 v0.9.6.8
"Free Audio Editor" = Free Audio Editor
"Google Updater" = Google Updater
"GoToAssist Express Customer" = GoToAssist Customer 1.5.0.240
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HotspotShield" = Hotspot Shield 2.06
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"iSofter DVD Audio Ripper Deluxe_is1" = iSofter DVD Audio Ripper Deluxe 3.0.2007.228
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.6.0 (Basic)
"Kobo" = Kobo
"LimeWire" = LimeWire 5.3.6
"Mahjong Towers Eternity" = Mahjong Towers Eternity
"McAfee Security Scan" = McAfee Security Scan Plus
"MediaCoder" = MediaCoder 0.7.2.4536
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"mIRC" = mIRC
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MSRS" = MSRS Recording System
"NVIDIA Drivers" = NVIDIA Drivers
"Pretty Good Solitaire_is1" = Pretty Good Solitaire version 12.0.1
"RealPlayer 12.0" = RealPlayer
"Recordpad" = RecordPad Sound Recorder
"Scribe" = Express Scribe
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spyware Doctor" = Spyware Doctor with AntiVirus 8.0
"Switch" = Switch Sound File Converter
"SystemRequirementsLab" = System Requirements Lab
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.8a
"VRS" = VRS Recording System
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinZip Self-Extractor" = WinZip Self-Extractor
"Yahoo! Companion" = Yahoo! Barre d'outils
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = système de mise à jour de Ask Toolbar Updater
"Google Chrome" = Google Chrome
"Neo Final Burn Alpha" = Neo Final Burn Alpha
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2011-10-01 08:38:21 | Computer Name = Linda-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Users\Linda\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
for one of the following reasons: there is a problem with the network connection,
the disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Windows Explorer because of
this error. Program: Windows Explorer File: C:\Users\Linda\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db

The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C000007F Disk
type: 3

Error - 2011-10-01 08:38:29 | Computer Name = Linda-PC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module thumbcache.dll, version 6.0.6001.18000, time stamp
0x4791a787, exception code 0xc0000006, fault offset 0x0000cc95, process id 0x1280,
application start time 0x01cc803704e0d5b0.

Error - 2011-10-01 08:38:29 | Computer Name = Linda-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Users\Linda\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
for one of the following reasons: there is a problem with the network connection,
the disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Windows Explorer because of
this error. Program: Windows Explorer File: C:\Users\Linda\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db

The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C000007F Disk
type: 3

Error - 2011-10-01 08:38:36 | Computer Name = Linda-PC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module thumbcache.dll, version 6.0.6001.18000, time stamp
0x4791a787, exception code 0xc0000006, fault offset 0x0000cc95, process id 0xda4,
application start time 0x01cc8037091f90d0.

Error - 2011-10-01 08:38:36 | Computer Name = Linda-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Users\Linda\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
for one of the following reasons: there is a problem with the network connection,
the disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Windows Explorer because of
this error. Program: Windows Explorer File: C:\Users\Linda\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db

The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C000007F Disk
type: 3

Error - 2011-10-01 08:39:33 | Computer Name = Linda-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module thumbcache.dll, version 6.0.6001.18000, time stamp
0x4791a787, exception code 0xc0000006, fault offset 0x0000cc95, process id 0x1408,
application start time 0x01cc80372a232a30.

Error - 2011-10-01 08:39:33 | Computer Name = Linda-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Users\Linda\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
for one of the following reasons: there is a problem with the network connection,
the disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Windows Explorer because of
this error. Program: Windows Explorer File: C:\Users\Linda\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db

The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C000007F Disk
type: 3

Error - 2011-10-01 08:39:42 | Computer Name = Linda-PC | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: Linda-PC\Linda Checkpoint ID: 7 Error Code: 0x80070070 Error
description: There is not enough space on the disk.

Error - 2011-10-01 08:43:20 | Computer Name = Linda-PC | Source = WinMgmt | ID = 10
Description =

Error - 2011-10-01 08:43:38 | Computer Name = Linda-PC | Source = Application Error | ID = 1000
Description = Faulting application CVHSVC.EXE, version 14.0.6009.1000, time stamp
0x4cbf07ed, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
exception code 0xc0000374, fault offset 0x000b06fc, process id 0x1268, application
start time 0x01cc8037bd5158df.

[ System Events ]
Error - 2012-01-08 11:46:27 | Computer Name = Linda-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 2012-01-11 04:21:33 | Computer Name = Linda-PC | Source = ACPI | ID = 327685
Description = AMLI: ACPI BIOS is attempting to write to an illegal IO port address
(0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to
system instability. Please contact your system vendor for technical assistance.

Error - 2012-01-11 04:21:33 | Computer Name = Linda-PC | Source = ACPI | ID = 327684
Description = AMLI: ACPI BIOS is attempting to read from an illegal IO port address
(0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to
system instability. Please contact your system vendor for technical assistance.

Error - 2012-01-11 04:23:49 | Computer Name = Linda-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2012-01-11 04:23:53 | Computer Name = Linda-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 2012-01-12 15:43:05 | Computer Name = Linda-PC | Source = bowser | ID = 8003
Description =

Error - 2012-01-13 19:59:57 | Computer Name = Linda-PC | Source = ACPI | ID = 327685
Description = AMLI: ACPI BIOS is attempting to write to an illegal IO port address
(0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to
system instability. Please contact your system vendor for technical assistance.

Error - 2012-01-13 19:59:57 | Computer Name = Linda-PC | Source = ACPI | ID = 327684
Description = AMLI: ACPI BIOS is attempting to read from an illegal IO port address
(0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to
system instability. Please contact your system vendor for technical assistance.

Error - 2012-01-13 20:01:54 | Computer Name = Linda-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2012-01-13 20:01:54 | Computer Name = Linda-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

Edited by Dark_Star_Qc, 13 January 2012 - 09:39 PM.

  • 0

Advertisements


#2
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Hi, Dark_Star_Qc! Posted ImageMy nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.

I am currently reviewing your log and will return with the first step to clean your computer later today.

CompCav
  • 0

#3
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Step 1.

To repair errors, locate bad sectors, and recover readable information, at the command prompt, type CHKDSK volume: /R and then press ENTER. /R presumes to include actions of /F and adds sector recovery. /R is more thorough therefore scans take longer.
Note: /r is the recommended switch to use.
•Click Start > Run... then type in CMD and click on OK.
•At the Command Prompt C:\ > type the following: chkdsk c: /r and hit the Enter.
Note: chkdsk c: /r presumes that the disk upon which you wish to run Error Checking is your C: Drive (most often)
•When prompted with: Would you like to schedule this volume to be checked next time the system
restarts (Y/N)
Type Y and hit Enter

Then reboot your computer and allow it to do the check disk scan:
Posted Image
Note: Do not touch either the keyboard or Mouse, otherwise the CHKDSK will be canceled and you computer will continue to boot-up as normal.

When CHKDSK has completed its scans, the machine will proceed to load and Boot to Windows, without need for the user to take any action.


Step 2.

You have several programs, including RelevantKnowledge that need to be removed.

Click Start >> Control Panel >> Add or Remove Programs and Uninstall the followling programs (Red are optional P2P that we strongly recommend you uninstall)

Uniblue RegistryBooster
Google Toolbar for Internet Explorer
Ask Toolbar
RelevantKnowledge

LimeWire 5.3.6
µTorrent
DownloadHQ
Viewpoint Media Player
système de mise à jour de Ask Toolbar Updater




Step 3.

We need to run an OTL Fix

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    PRC - [2012-01-03 16:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
    PRC - [2011-12-14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
    PRC - [2011-12-13 17:42:08 | 000,922,976 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
    PRC - [2011-10-11 18:30:46 | 000,111,632 | ---- | M] (TMRG, Inc.) -- C:\Program Files\RelevantKnowledge\rlservice.exe
    PRC - [2011-10-11 18:30:42 | 002,940,432 | ---- | M] (TMRG, Inc.) -- C:\Program Files\RelevantKnowledge\rlvknlg.exe
    PRC - [2010-11-02 05:29:43 | 000,025,976 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
    PRC - [2010-03-01 21:38:54 | 003,231,232 | ---- | M] (DownloadHQ Group) -- C:\Program Files\DownloadHQ\DownloadHQ.exe
    SRV - [2011-12-14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
    SRV - [2011-10-11 18:30:46 | 000,111,632 | ---- | M] (TMRG, Inc.) [Auto | Running] -- C:\Program Files\RelevantKnowledge\rlservice.exe -- (RelevantKnowledge)
    SRV - [2007-01-04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
    IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.selectedEngine: "Ask.com"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: [email protected]:4.9
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=UT2V5&o=15150&locale=en_US&apn_uid=B22F6E68-F64B-4818-92CC-647A8E14EBBE&apn_ptnrs=UF&apn_sauid=8FF90CC0-A2EC-4A1B-B5E3-1720141270CD&apn_dtid=&&q="
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
    [2012-01-11 07:45:06 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\4jt4nlrf.default\extensions\[email protected]
    [2012-01-11 07:53:33 | 000,002,392 | ---- | M] () -- C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\4jt4nlrf.default\searchplugins\askcom.xml
    [2009-09-28 22:58:09 | 000,002,399 | ---- | M] () -- C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\4jt4nlrf.default\searchplugins\daemon-search.xml
    [2010-02-17 22:15:47 | 000,000,266 | ---- | M] () -- C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\4jt4nlrf.default\searchplugins\Search.xml
    [2012-01-13 18:06:46 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
    [2011-05-04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
    O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
    O4 - HKCU..\Run: [downloadhq] C:\Program Files\DownloadHQ\DownloadHQ.exe (DownloadHQ Group)
    O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
    O4 - Startup: C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
    O9 - Extra Button: Vegas Red Casino - {D5AE2D6D-38A7-425c-86C0-E4ABBDB9EC68} - C:\Casino\Vegas Red Casino\casino.exe File not found
    O9 - Extra 'Tools' menuitem : Vegas Red Casino - {D5AE2D6D-38A7-425c-86C0-E4ABBDB9EC68} - C:\Casino\Vegas Red Casino\casino.exe File not found
    O15 - HKLM\..Trusted Domains: localhost ([]http in Local intranet)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
    [2012-01-13 19:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
    [2011-12-26 13:45:36 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\DownloadHQ
    [2011-12-26 13:43:14 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DownloadHQ
    [2011-12-26 13:43:14 | 000,000,000 | ---D | C] -- C:\Program Files\DownloadHQ
    [2011-12-26 01:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar
    [2009-09-02 17:30:44 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\BitDefender
    [2012-01-13 19:08:29 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\LimeWire
    [2010-11-10 06:56:09 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\uniblue
    [2012-01-13 19:08:37 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\uTorrent
    [2012-01-08 02:38:00 | 000,000,454 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job
    [2012-01-13 19:06:07 | 000,000,332 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
    @Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:8842A96D
    @Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:7149F3EF
    @Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:55422315
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:2F4A0A6B
    @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:9E22BBE8
    @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:55818279
    
    
    
    
    :files
    ipconfig /flushdns /c
    C:\Program Files\RelevantKnowledge\rlservice.exe
    C:\Program Files\RelevantKnowledge\rlvknlg.exe
    C:\Program Files\RelevantKnowledge
    C:\Program Files\Ask.com\Updater\Updater.exe
    C:\Program Files\Ask.com
    C:\Program Files\Uniblue
    C:\Program Files\DownloadHQ
    
    
    
    
    
    
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [createrestorepoint]
    [Reboot]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


Step 4.

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image


Step 5.

  • Download OTL to your Desktop
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Standard output is selected.
  • Select Scan all users
  • Under Extra Registry select Use SafeList
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    iexplorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    C:\Windows\assembly\tmp\U\*.* /s
    CREATERESTOREPOINT

  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan won't take long.

  • When the scan completes, it will open OTL.Txt in Notepad window and the Extras.txt file on the task bar.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file, the Extras.txt file, and post them with your next reply.


Step 6.

Please post:

OTL fix log
aswMBR log
OTL.txt
Extras.txt


How is the computer performing now? What issues remain?
  • 0

#4
Dark_Star_Qc

Dark_Star_Qc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 177 posts
Step 1 - would not let me run the utility. Message is:

"Access denied as you do not have sufficient privileges. You have to invoke this utility running in elevated mode."

In addition, I did not know how long it would take to get help here, so I downloaded and ran malwarebytes.

Relevant Knowledge icon is no longer in my tray.

Edited by Dark_Star_Qc, 14 January 2012 - 02:39 PM.

  • 0

#5
Dark_Star_Qc

Dark_Star_Qc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 177 posts
This is the new otl log after running malwarebytes.

OTL logfile created on: 2012-01-14 15:16:01 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Linda\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 55,78% Memory free
6,21 Gb Paging File | 4,70 Gb Available in Paging File | 75,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 228,13 Gb Total Space | 59,04 Gb Free Space | 25,88% Space Free | Partition Type: NTFS
Drive D: | 227,87 Gb Total Space | 227,49 Gb Free Space | 99,83% Space Free | Partition Type: NTFS

Computer Name: LINDA-PC | User Name: Linda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-01-13 19:37:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Linda\Desktop\OTL.scr
PRC - [2012-01-03 16:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011-12-21 02:24:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011-12-13 17:42:08 | 000,922,976 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011-07-01 13:40:28 | 000,129,352 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
PRC - [2011-05-10 07:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010-12-01 14:49:56 | 001,589,208 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsGui.exe
PRC - [2010-11-02 05:29:43 | 000,025,976 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2010-10-27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010-08-25 10:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010-05-24 06:30:58 | 001,234,432 | ---- | M] (Logia Ltd.) -- C:\Program Files\Logia\eSnipsDownloader\eSnips_Downloader.exe
PRC - [2010-03-01 21:38:54 | 003,231,232 | ---- | M] (DownloadHQ Group) -- C:\Program Files\DownloadHQ\DownloadHQ.exe
PRC - [2010-01-15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009-04-11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-04-11 01:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008-03-05 01:38:28 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008-01-20 21:23:50 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2008-01-20 21:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008-01-09 20:43:28 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2008-01-09 20:43:26 | 000,326,176 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe
PRC - [2007-12-07 15:28:22 | 000,196,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvraidservice.exe
PRC - [2007-10-11 13:53:22 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007-09-06 12:02:04 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2007-06-27 19:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007-06-27 19:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2004-05-02 12:02:51 | 000,062,464 | ---- | M] (Elias Fotinis) -- C:\Program Files\DeskPins\DeskPins.exe


========== Modules (No Company Name) ==========

MOD - [2012-01-05 03:05:59 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\fecd1103dd16dc1192402770caf56575\System.Web.ni.dll
MOD - [2012-01-05 03:05:52 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll
MOD - [2011-12-21 02:24:51 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011-10-13 02:33:48 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll
MOD - [2011-10-13 02:32:39 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8645de531003807d00822e03986a075d\System.ServiceProcess.ni.dll
MOD - [2011-10-13 02:32:18 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011-10-13 02:30:54 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011-10-13 02:30:42 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011-10-13 02:30:35 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011-10-13 02:29:48 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011-10-13 02:29:13 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011-09-30 20:14:16 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011-07-01 13:40:28 | 000,129,352 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
MOD - [2011-07-01 13:39:40 | 000,009,032 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\lang\gui-eng.dll
MOD - [2010-11-02 05:29:43 | 000,047,616 | ---- | M] () -- C:\Program Files\Uniblue\RegistryBooster\cache.dll
MOD - [2009-11-03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008-12-26 14:08:08 | 001,679,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2971.38833__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2008-12-26 14:08:08 | 000,688,128 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.2971.39016__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
MOD - [2008-12-26 14:08:08 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2971.39038__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2008-12-26 14:08:08 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2971.38792__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2008-12-26 14:08:08 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2971.38846__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2008-12-26 14:08:08 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2971.39030__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2008-12-26 14:08:08 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2971.38993__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2008-12-26 14:08:08 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2971.38825__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2008-12-26 14:08:08 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2971.38946__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2008-12-26 14:08:08 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2971.38812__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2008-12-26 14:08:07 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2971.39063__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2008-12-26 14:07:57 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2971.39069__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2008-12-26 14:07:57 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2971.38806__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2008-12-26 14:07:56 | 000,901,120 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2971.39032__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2008-12-26 14:07:56 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2971.38955__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2008-12-26 14:07:56 | 000,663,552 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.2971.38995__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
MOD - [2008-12-26 14:07:56 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2971.38859__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2008-12-26 14:07:56 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2971.38947__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2008-12-26 14:07:56 | 000,442,368 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.2971.39089__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
MOD - [2008-12-26 14:07:56 | 000,442,368 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2971.38940__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2008-12-26 14:07:56 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2971.38813__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2008-12-26 14:07:56 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2971.39022__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2008-12-26 14:07:56 | 000,352,256 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2971.39002__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2008-12-26 14:07:56 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2971.38852__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2008-12-26 14:07:56 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2971.38972__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2008-12-26 14:07:56 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2971.39009__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2008-12-26 14:07:56 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2971.38954__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2008-12-26 14:07:56 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.2971.39089__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2008-12-26 14:07:56 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2971.39001__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2008-12-26 14:07:56 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2971.38946__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2008-12-26 14:07:56 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2971.39061__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2008-12-26 14:07:56 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2971.38865__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2008-12-26 14:07:56 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2971.38954__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2008-12-26 14:07:56 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2971.38971__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2008-12-26 14:07:56 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2971.38986__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2008-12-26 14:07:55 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2939.23744__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.2939.23747__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2008-12-26 14:07:55 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2008-12-26 14:07:55 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2008-12-26 14:07:55 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2008-12-26 14:07:55 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2939.23763__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2008-12-26 14:07:55 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2008-12-26 14:07:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2008-12-26 14:07:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll
MOD - [2008-12-26 14:07:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2008-12-26 14:07:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll
MOD - [2008-12-26 14:07:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2008-12-26 14:07:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2008-12-26 14:07:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2008-12-26 14:07:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2008-12-26 14:07:54 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2008-12-26 14:07:54 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2008-12-26 14:07:54 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2008-12-26 14:07:51 | 001,507,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2971.38799__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2008-12-26 14:07:51 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2971.38819__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2008-12-26 14:07:51 | 000,413,696 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2971.39044__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2008-12-26 14:07:51 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2971.39053__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2008-12-26 14:07:51 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2971.38784__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2008-12-26 14:07:51 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2971.39051__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2008-12-26 14:07:51 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2008-12-26 14:07:51 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2008-12-26 14:07:51 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2008-12-26 14:07:51 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2971.39081__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2008-12-26 14:07:51 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2008-12-26 14:07:51 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2008-12-26 14:07:51 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2008-12-26 14:07:51 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2008-12-26 14:07:51 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2008-12-26 14:07:51 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2008-12-26 14:07:51 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.2971.39092__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2008-12-26 14:07:51 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2971.38783__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2008-12-26 14:07:50 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2971.38784__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2008-12-26 14:07:50 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2971.38782__90ba9c70f846762e\APM.Server.dll
MOD - [2008-12-26 14:07:50 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2971.38783__90ba9c70f846762e\AEM.Server.dll
MOD - [2008-12-26 14:07:50 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2971.39053__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2008-12-26 14:07:50 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2008-03-05 01:38:16 | 000,227,888 | ---- | M] () -- C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
MOD - [2008-02-20 20:30:04 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2008-02-19 17:08:00 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008-01-09 20:43:26 | 000,326,176 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe
MOD - [2008-01-09 20:43:12 | 000,057,344 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll
MOD - [2008-01-09 20:42:54 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll
MOD - [2007-12-19 20:09:42 | 000,003,584 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\fr\eSettings.Plugin.resources.dll
MOD - [2007-12-19 20:09:38 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll
MOD - [2007-12-19 20:09:00 | 000,011,264 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\fr\eSettings.Presenter.resources.dll
MOD - [2007-12-19 20:08:54 | 000,155,648 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll
MOD - [2007-12-19 20:08:28 | 003,420,160 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.View.dll
MOD - [2007-12-19 20:08:10 | 000,032,768 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll
MOD - [2007-10-17 12:38:24 | 000,003,584 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\fr\ePerformance.Plugin.resources.dll
MOD - [2007-10-17 12:38:20 | 000,045,056 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Plugin.dll
MOD - [2007-10-17 12:38:00 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.dll
MOD - [2007-10-17 12:38:00 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Presenter.dll
MOD - [2007-10-17 12:37:58 | 000,040,960 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Library.dll
MOD - [2007-10-17 11:55:10 | 000,020,480 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.Interface.dll
MOD - [2007-10-17 11:55:10 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\MemCheck.Interface.dll
MOD - [2007-02-13 06:26:30 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll


========== Win32 Services (SafeList) ==========

SRV - [2011-12-14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011-07-01 13:40:36 | 000,063,976 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2011-07-01 13:38:58 | 000,298,824 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2011-05-24 19:54:54 | 000,329,544 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2011-05-24 18:40:12 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2011-05-10 07:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010-10-31 20:03:48 | 000,161,144 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist Express Customer\240\g2ax_service.exe -- (GoToAssist Express Customer)
SRV - [2010-09-11 11:48:12 | 001,052,676 | ---- | M] (NCH Software) [Auto | Running] -- C:\Program Files\NCH Swift Sound\VRS\vrs.exe -- (VRSService)
SRV - [2010-09-11 11:46:16 | 000,745,476 | ---- | M] (NCH Software) [Auto | Running] -- C:\Program Files\NCH Swift Sound\MSRS\msrs.exe -- (MSRSService)
SRV - [2010-03-18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010-03-12 17:41:16 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010-01-15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008-08-18 09:51:22 | 001,699,784 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2008-03-05 01:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008-01-25 20:49:04 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2008-01-20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007-12-19 20:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007-10-17 12:38:20 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2007-09-10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007-01-04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - [2011-12-19 21:46:50 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2011-09-06 16:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011-09-06 16:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011-09-06 16:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011-09-06 16:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011-05-10 07:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011-05-10 06:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010-12-02 22:30:44 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010-09-22 14:19:02 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hssdrv.sys -- (HssDrv)
DRV - [2010-06-22 21:47:58 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2009-09-28 22:27:11 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009-08-14 08:08:50 | 000,105,984 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qcusbser.sys -- (qcusbser)
DRV - [2009-07-15 02:00:26 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2009-04-27 19:39:08 | 000,087,696 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2009-04-27 19:39:08 | 000,079,888 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2009-04-27 19:39:08 | 000,041,424 | ---- | M] (Sun Microsystems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2009-04-27 19:39:06 | 000,100,944 | ---- | M] (Sun Microsystems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2008-02-19 19:52:50 | 003,514,368 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007-12-21 10:51:08 | 007,629,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007-12-08 00:28:10 | 000,140,320 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007-12-08 00:28:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007-11-06 11:30:48 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport)
DRV - [2007-11-06 11:30:46 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (tvicport)
DRV - [2007-09-25 09:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2007-09-10 13:17:40 | 001,035,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007-07-16 04:38:06 | 000,030,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2007-07-07 08:13:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007-07-02 21:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2007-01-29 05:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2006-12-12 16:59:56 | 000,016,512 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\Windows\System32\drivers\aspi32.sys -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.ca.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eis.esnips.co...d2-41fde8d1391d

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eis.esnips.co...d2-41fde8d1391d
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:4.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://websearch.ask...&apn_dtid=&&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Linda\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Linda\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Logia\eSnipsDownloader\ext [2011-05-22 10:20:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3C5F0F00-683D-4847-89C8-E7AF64FD1CFB}: C:\Program Files\RelevantKnowledge
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-01-13 18:06:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-01-13 18:04:08 | 000,000,000 | ---D | M]

[2009-11-10 10:06:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Linda\AppData\Roaming\Mozilla\Extensions
[2009-11-10 10:06:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Linda\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012-01-13 18:06:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\4jt4nlrf.default\extensions
[2012-01-11 07:45:06 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\4jt4nlrf.default\extensions\[email protected]
[2012-01-11 07:53:33 | 000,002,392 | ---- | M] () -- C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\4jt4nlrf.default\searchplugins\askcom.xml
[2009-09-28 22:58:09 | 000,002,399 | ---- | M] () -- C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\4jt4nlrf.default\searchplugins\daemon-search.xml
[2010-02-17 22:15:47 | 000,000,266 | ---- | M] () -- C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\4jt4nlrf.default\searchplugins\Search.xml
[2012-01-13 18:06:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011-08-20 17:16:55 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2012-01-13 18:06:46 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2011-12-21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009-03-05 17:08:04 | 000,049,664 | ---- | M] () -- C:\Program Files\mozilla firefox\components\FFComm.dll
[2011-05-04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011-12-20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011-05-22 10:20:22 | 000,002,029 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\esnips.xml
[2011-12-20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&output=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2006-09-18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (eSnipsBHO Class) - {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - C:\Program Files\Logia\eSnipsDownloader\eSnipsBHO.dll (Logia Media)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [Apanel] C:\ACERSW\config\SetApanel.cmd File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [eSnips_Downloader] C:\Program Files\Logia\eSnipsDownloader\eSnips_Downloader.exe (Logia Ltd.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [downloadhq] C:\Program Files\DownloadHQ\DownloadHQ.exe (DownloadHQ Group)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskPins.lnk = C:\Program Files\DeskPins\DeskPins.exe (Elias Fotinis)
O4 - Startup: C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Vegas Red Casino - {D5AE2D6D-38A7-425c-86C0-E4ABBDB9EC68} - C:\Casino\Vegas Red Casino\casino.exe File not found
O9 - Extra 'Tools' menuitem : Vegas Red Casino - {D5AE2D6D-38A7-425c-86C0-E4ABBDB9EC68} - C:\Casino\Vegas Red Casino\casino.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Bejeweled%203/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Mahjong%20Towers%20Eternity/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B89E525-B2FE-4E02-B769-D671257BBDE6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC5E9ED1-D009-43D4-AA4D-D31723C2C0CD}: NameServer = 10.94.16.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist Express Customer: DllName - (C:\Program Files\Citrix\GoToAssist Express Customer\240\g2ax_winlogon.dll) - C:\Program Files\Citrix\GoToAssist Express Customer\240\g2ax_winlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Linda\Documents\Laurence\P4230094_Rogne JPM3.jpg
O24 - Desktop BackupWallPaper: C:\Users\Linda\Documents\Laurence\P4230094_Rogne JPM3.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{dc4b8955-acab-11de-a6c8-00218509134c}\Shell - "" = AutoRun
O33 - MountPoints2\{dc4b8955-acab-11de-a6c8-00218509134c}\Shell\AutoRun\command - "" = K:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012-01-14 09:46:07 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Roaming\Malwarebytes
[2012-01-14 09:45:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012-01-14 09:45:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012-01-14 09:45:54 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012-01-14 09:45:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012-01-13 19:37:21 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Linda\Desktop\OTL.scr
[2012-01-11 01:10:36 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012-01-11 01:10:34 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012-01-11 01:10:33 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012-01-11 01:10:31 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012-01-11 01:10:31 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2011-12-30 13:45:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2011-12-28 16:08:40 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Roaming\tiger-k
[2011-12-26 20:11:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leawo
[2011-12-26 20:11:15 | 000,000,000 | ---D | C] -- C:\Program Files\Leawo
[2011-12-26 20:02:46 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\Seven Zip
[2011-12-26 13:45:36 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\DownloadHQ
[2011-12-26 13:43:14 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DownloadHQ
[2011-12-26 13:43:14 | 000,000,000 | ---D | C] -- C:\Program Files\DownloadHQ
[2011-12-26 13:36:35 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
[2011-12-26 13:36:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
[2011-12-26 13:36:34 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2011-12-26 13:24:23 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Roaming\Broad Intelligence
[2011-12-26 13:24:17 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaCoder
[2011-12-26 13:23:56 | 000,000,000 | ---D | C] -- C:\Program Files\MediaCoder
[2011-12-26 01:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2011-12-26 01:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar
[2011-12-26 01:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2011-12-26 00:58:46 | 000,000,000 | ---D | C] -- C:\Users\Linda\Documents\My Digital Editions
[2011-12-26 00:42:29 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\Kobo
[2011-12-26 00:42:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kobo
[2011-12-26 00:40:44 | 000,000,000 | ---D | C] -- C:\Program Files\Kobo
[2011-12-19 21:46:50 | 000,037,376 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\System32\libusb0.dll
[2011-12-19 21:46:50 | 000,021,504 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\System32\drivers\libusb0.sys
[2008-12-26 14:26:11 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-01-14 15:22:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-01-14 15:07:26 | 000,605,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012-01-14 15:07:26 | 000,104,680 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012-01-14 15:02:21 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-53930244-3333630975-3341998274-1000UA.job
[2012-01-14 15:01:28 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-01-14 15:01:25 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2012-01-14 15:00:22 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012-01-14 15:00:21 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012-01-14 15:00:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-01-14 11:28:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012-01-14 09:45:55 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-01-14 03:18:53 | 000,299,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012-01-13 19:37:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Linda\Desktop\OTL.scr
[2012-01-13 19:02:00 | 000,001,026 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-53930244-3333630975-3341998274-1000Core.job
[2012-01-13 18:06:46 | 000,000,834 | ---- | M] () -- C:\Users\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012-01-13 18:06:46 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012-01-08 15:13:29 | 000,100,864 | ---- | M] () -- C:\Users\Linda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-01-08 02:38:00 | 000,000,454 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job
[2012-01-03 19:06:12 | 000,108,120 | ---- | M] () -- C:\Users\Linda\Desktop\Dallas.jpg
[2011-12-30 13:45:46 | 000,001,947 | ---- | M] () -- C:\Users\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk
[2011-12-30 13:45:46 | 000,001,923 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Digital Editions.lnk
[2011-12-26 20:11:28 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Leawo AVI Converter.lnk
[2011-12-26 13:24:17 | 000,000,868 | ---- | M] () -- C:\Users\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\MediaCoder.lnk
[2011-12-26 13:24:17 | 000,000,844 | ---- | M] () -- C:\Users\Linda\Desktop\MediaCoder.lnk
[2011-12-26 00:42:18 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\Kobo.lnk
[2011-12-19 21:46:50 | 000,037,376 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\Windows\System32\libusb0.dll
[2011-12-19 21:46:50 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\Windows\System32\drivers\libusb0.sys
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-01-14 09:45:55 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-01-13 18:06:46 | 000,000,834 | ---- | C] () -- C:\Users\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012-01-13 18:06:46 | 000,000,822 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012-01-13 18:06:46 | 000,000,810 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012-01-03 19:06:09 | 000,108,120 | ---- | C] () -- C:\Users\Linda\Desktop\Dallas.jpg
[2011-12-30 13:45:46 | 000,001,947 | ---- | C] () -- C:\Users\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk
[2011-12-30 13:45:46 | 000,001,935 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions.lnk
[2011-12-30 13:45:46 | 000,001,923 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Digital Editions.lnk
[2011-12-26 20:11:28 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Leawo AVI Converter.lnk
[2011-12-26 13:24:17 | 000,000,868 | ---- | C] () -- C:\Users\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\MediaCoder.lnk
[2011-12-26 13:24:17 | 000,000,844 | ---- | C] () -- C:\Users\Linda\Desktop\MediaCoder.lnk
[2011-12-26 00:42:18 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\Kobo.lnk
[2011-05-23 10:08:24 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini
[2011-01-08 20:59:03 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011-01-08 20:33:41 | 000,153,600 | ---- | C] () -- C:\Windows\System32\WS_ContextMenu.dll
[2010-06-09 13:51:28 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2010-04-16 19:04:01 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010-02-28 12:55:23 | 000,000,680 | ---- | C] () -- C:\Users\Linda\AppData\Local\d3d9caps.dat
[2010-01-13 23:02:01 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009-09-12 10:34:39 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2009-09-12 10:34:39 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2009-09-12 10:34:39 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2009-09-12 10:34:39 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2009-09-12 10:34:39 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2009-09-12 10:34:39 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2009-09-12 10:34:39 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2009-09-12 10:34:39 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2009-09-12 10:34:39 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2009-09-12 10:34:39 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2009-09-12 10:34:39 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2009-09-12 10:34:39 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2009-09-12 10:34:39 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2009-09-12 10:34:39 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2009-09-12 10:34:39 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2009-09-12 10:34:39 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009-09-12 10:32:34 | 000,000,044 | ---- | C] () -- C:\Windows\EPSNX400.ini
[2009-09-01 17:26:55 | 000,000,121 | ---- | C] () -- C:\Windows\bdagent.INI
[2009-08-29 02:05:53 | 000,081,984 | ---- | C] () -- C:\Windows\System32\bdod.bin
[2009-08-18 13:09:39 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009-08-18 13:09:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009-08-03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009-08-03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009-07-22 17:25:20 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009-06-13 21:43:20 | 000,000,168 | ---- | C] () -- C:\Windows\wininit.ini
[2009-05-21 16:42:02 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009-05-19 08:35:39 | 000,000,210 | ---- | C] () -- C:\Windows\CWPlayerCfg.Ini
[2009-02-09 21:23:14 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2009-02-09 21:22:17 | 000,000,029 | ---- | C] () -- C:\Windows\atid.ini
[2009-01-05 01:52:20 | 000,100,864 | ---- | C] () -- C:\Users\Linda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-12-28 11:52:24 | 000,000,708 | ---- | C] () -- C:\Users\Linda\AppData\Roaming\wklnhst.dat
[2008-12-27 03:10:19 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008-12-26 14:30:55 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2008-12-26 14:30:55 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2008-12-26 14:27:12 | 000,077,824 | ---- | C] () -- C:\Windows\System32\drivers\INT15_DETECT.EXE
[2008-12-26 14:26:11 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2008-12-26 14:07:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008-12-26 14:05:21 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008-12-26 14:05:20 | 000,165,746 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008-12-26 14:05:20 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008-12-26 14:05:20 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2008-12-26 14:05:20 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008-03-16 15:42:41 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2008-03-16 15:10:10 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2008-03-16 14:16:12 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008-03-16 14:03:42 | 000,001,108 | ---- | C] () -- C:\Windows\generic.ini
[2008-03-16 14:03:42 | 000,000,132 | ---- | C] () -- C:\Windows\Alaunch.ini
[2006-11-02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006-11-02 07:47:37 | 000,299,904 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006-11-02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006-11-02 05:33:01 | 000,605,940 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006-11-02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006-11-02 05:33:01 | 000,104,680 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006-11-02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006-11-02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006-11-02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006-11-02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006-11-02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006-11-02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001-12-26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001-09-06 17:42:54 | 000,000,036 | ---- | C] () -- C:\Windows\A3W.ini
[2001-09-04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001-07-30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001-07-23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:8842A96D
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:7149F3EF
@Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:55422315
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:2F4A0A6B
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:9E22BBE8
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:55818279

< End of report >
  • 0

#6
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
To do step one use an elevated prompt this way:

Click Start >> type cmd >> up above you will see cmd right click on cmd and click Run as Administrator then click Yes and the black box will appear.

At the Command Prompt C:\ > type the following: chkdsk c: /r and hit the Enter.
Note: chkdsk c: /r presumes that the disk upon which you wish to run Error Checking is your C: Drive (most often)
•When prompted with: Would you like to schedule this volume to be checked next time the system
restarts (Y/N)
Type Y and hit Enter

Then reboot your computer and allow it to do the check disk scan.

Please remove the programs in Step 2. that are still present.

Then continue with the steps 3 through 6 as requested. If MalwareBytes' removed something already the fixes and scans in these steps will run just fine, your log shows evidence that not all of the infection was removed!

CompCav
  • 0

#7
Dark_Star_Qc

Dark_Star_Qc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 177 posts
Followed steps 2 and 3. Here is new OTL log after fixes:

All processes killed
========== OTL ==========
No active process named Updater.exe was found!
Process ApplicationUpdater.exe killed successfully!
No active process named SearchSettings.exe was found!
No active process named rlservice.exe was found!
No active process named rlvknlg.exe was found!
No active process named rbmonitor.exe was found!
No active process named DownloadHQ.exe was found!
Service Application Updater stopped successfully!
Service Application Updater deleted successfully!
C:\Program Files\Application Updater\ApplicationUpdater.exe moved successfully.
Error: No service named RelevantKnowledge was found to stop!
Service\Driver key RelevantKnowledge not found.
File C:\Program Files\RelevantKnowledge\rlservice.exe not found.
Error: No service named Viewpoint Manager Service was found to stop!
Service\Driver key Viewpoint Manager Service not found.
File C:\Program Files\Viewpoint\Common\ViewpointService.exe not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
C:\Program Files\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: [email protected]:4.9 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 removed from extensions.enabledItems
Prefs.js: "http://websearch.ask...&apn_dtid=&&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@viewpoint.com/VMP\ not found.
File C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll not found.
Folder C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\4jt4nlrf.default\extensions\[email protected]\ not found.
C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\4jt4nlrf.default\searchplugins\askcom.xml moved successfully.
C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\4jt4nlrf.default\searchplugins\daemon-search.xml moved successfully.
C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\4jt4nlrf.default\searchplugins\Search.xml moved successfully.
C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM\components folder moved successfully.
C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM folder moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater not found.
File C:\Program Files\Ask.com\Updater\Updater.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\downloadhq deleted successfully.
C:\Program Files\DownloadHQ\DownloadHQ.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent deleted successfully.
C:\Program Files\uTorrent\uTorrent.exe moved successfully.
C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk moved successfully.
C:\Program Files\LimeWire\LimeWire.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D5AE2D6D-38A7-425c-86C0-E4ABBDB9EC68}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5AE2D6D-38A7-425c-86C0-E4ABBDB9EC68}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D5AE2D6D-38A7-425c-86C0-E4ABBDB9EC68}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5AE2D6D-38A7-425c-86C0-E4ABBDB9EC68}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\ not found.
C:\Users\Linda\AppData\Local\DownloadHQ\My Shared Folder folder moved successfully.
C:\Users\Linda\AppData\Local\DownloadHQ\Data folder moved successfully.
C:\Users\Linda\AppData\Local\DownloadHQ folder moved successfully.
Folder C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DownloadHQ\ not found.
C:\Program Files\DownloadHQ folder moved successfully.
C:\Program Files\pdfforge Toolbar\Res\Lang folder moved successfully.
C:\Program Files\pdfforge Toolbar\Res folder moved successfully.
C:\Program Files\pdfforge Toolbar\IE\4.9 folder moved successfully.
C:\Program Files\pdfforge Toolbar\IE folder moved successfully.
C:\Program Files\pdfforge Toolbar\FF\chrome\skin folder moved successfully.
C:\Program Files\pdfforge Toolbar\FF\chrome\locale\EN-US folder moved successfully.
C:\Program Files\pdfforge Toolbar\FF\chrome\locale folder moved successfully.
C:\Program Files\pdfforge Toolbar\FF\chrome\content folder moved successfully.
C:\Program Files\pdfforge Toolbar\FF\chrome folder moved successfully.
C:\Program Files\pdfforge Toolbar\FF folder moved successfully.
C:\Program Files\pdfforge Toolbar folder moved successfully.
C:\Users\Linda\AppData\Roaming\BitDefender\Desktop\Profiles\Logs\my_documents folder moved successfully.
C:\Users\Linda\AppData\Roaming\BitDefender\Desktop\Profiles\Logs\device_detection folder moved successfully.
C:\Users\Linda\AppData\Roaming\BitDefender\Desktop\Profiles\Logs\contextual folder moved successfully.
C:\Users\Linda\AppData\Roaming\BitDefender\Desktop\Profiles\Logs folder moved successfully.
C:\Users\Linda\AppData\Roaming\BitDefender\Desktop\Profiles folder moved successfully.
C:\Users\Linda\AppData\Roaming\BitDefender\Desktop folder moved successfully.
C:\Users\Linda\AppData\Roaming\BitDefender folder moved successfully.
C:\Users\Linda\AppData\Roaming\LimeWire\xml\data folder moved successfully.
C:\Users\Linda\AppData\Roaming\LimeWire\xml folder moved successfully.
C:\Users\Linda\AppData\Roaming\LimeWire\promotion folder moved successfully.
C:\Users\Linda\AppData\Roaming\LimeWire\mozilla-profile\updates\0 folder moved successfully.
C:\Users\Linda\AppData\Roaming\LimeWire\mozilla-profile\updates folder moved successfully.
C:\Users\Linda\AppData\Roaming\LimeWire\mozilla-profile\extensions folder moved successfully.
C:\Users\Linda\AppData\Roaming\LimeWire\mozilla-profile\Cache folder moved successfully.
C:\Users\Linda\AppData\Roaming\LimeWire\mozilla-profile folder moved successfully.
C:\Users\Linda\AppData\Roaming\LimeWire\certificate folder moved successfully.
C:\Users\Linda\AppData\Roaming\LimeWire\browser\xulrunner\res\html folder moved successfully.
C:\Users\Linda\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts folder moved successfully.
C:\Users\Linda\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables folder moved successfully.
C:\Users\Linda\AppData\Roaming\LimeWire\browser\xulrunner\res\dtd folder moved successfully.
C:\Users\Linda\AppData\Roaming\LimeWire\browser\xulrunner\res folder moved successfully.
C:\Users\Linda\AppData\Roaming\LimeWire\browser\xulrunner\plugins folder moved successfully.
C:\Users\Linda\AppData\Roaming\LimeWire\browser\xulrunner\modules folder moved successfully.
C:\Users\Linda\AppData\Roaming\LimeWire\browser\xulrunner\greprefs folder moved successfully.
C:\Users\Linda\AppData\Roaming\LimeWire\browser\xulrunner\dictionaries folder moved successfully.
C:\Users\Linda\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US\chrome folder moved successfully.
C:\Users\Linda\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US folder moved successfully.
C:\Users\Linda\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\chrome folder moved successfully.
C:\Users\Linda\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile folder moved successfully.
C:\Users\Linda\AppData\Roaming\LimeWire\browser\xulrunner\defaults\pref folder moved successfully.
C:\Users\Linda\AppData\Roaming\LimeWire\browser\xulrunner\defaults\autoconfig folder moved successfully.
C:\Users\Linda\AppData\Roaming\LimeWire\browser\xulrunner\defaults folder moved successfully.
C:\Users\Linda\AppData\Roaming\LimeWire\browser\xulrunner\components folder moved successfully.
C:\Users\Linda\AppData\Roaming\LimeWire\browser\xulrunner\chrome folder moved successfully.
C:\Users\Linda\AppData\Roaming\LimeWire\browser\xulrunner folder moved successfully.
C:\Users\Linda\AppData\Roaming\LimeWire\browser folder moved successfully.
C:\Users\Linda\AppData\Roaming\LimeWire\.AppSpecialShare folder moved successfully.
C:\Users\Linda\AppData\Roaming\LimeWire folder moved successfully.
C:\Users\Linda\AppData\Roaming\uniblue\speed up my pc 4 folder moved successfully.
C:\Users\Linda\AppData\Roaming\uniblue\RegistryBooster\_temp folder moved successfully.
C:\Users\Linda\AppData\Roaming\uniblue\RegistryBooster\history folder moved successfully.
C:\Users\Linda\AppData\Roaming\uniblue\RegistryBooster\backup folder moved successfully.
C:\Users\Linda\AppData\Roaming\uniblue\RegistryBooster folder moved successfully.
C:\Users\Linda\AppData\Roaming\uniblue folder moved successfully.
C:\Users\Linda\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.
C:\Users\Linda\AppData\Roaming\uTorrent\apps folder moved successfully.
C:\Users\Linda\AppData\Roaming\uTorrent folder moved successfully.
C:\Windows\Tasks\Driver Robot.job moved successfully.
C:\Windows\Tasks\RegistryBooster.job moved successfully.
ADS C:\ProgramData\TEMP:8842A96D deleted successfully.
ADS C:\ProgramData\TEMP:7149F3EF deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:55422315 deleted successfully.
ADS C:\ProgramData\TEMP:2F4A0A6B deleted successfully.
ADS C:\ProgramData\TEMP:9E22BBE8 deleted successfully.
ADS C:\ProgramData\TEMP:55818279 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Linda\Desktop\cmd.bat deleted successfully.
C:\Users\Linda\Desktop\cmd.txt deleted successfully.
File\Folder C:\Program Files\RelevantKnowledge\rlservice.exe not found.
File\Folder C:\Program Files\RelevantKnowledge\rlvknlg.exe not found.
File\Folder C:\Program Files\RelevantKnowledge not found.
File\Folder C:\Program Files\Ask.com\Updater\Updater.exe not found.
File\Folder C:\Program Files\Ask.com not found.
C:\Program Files\Uniblue\SpeedUpMyPC\ErrorLogs folder moved successfully.
C:\Program Files\Uniblue\SpeedUpMyPC folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\xt\LC_MESSAGES folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\xt folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\xs\LC_MESSAGES folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\xs folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\tr\LC_MESSAGES folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\tr folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\se\LC_MESSAGES folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\se folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\ru\LC_MESSAGES folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\ru folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\pt\LC_MESSAGES folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\pt folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\pl\LC_MESSAGES folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\pl folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\no\LC_MESSAGES folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\no folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\nl\LC_MESSAGES folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\nl folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\jp\LC_MESSAGES folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\jp folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\it\LC_MESSAGES folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\it folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\gr\LC_MESSAGES folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\gr folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\fr\LC_MESSAGES folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\fr folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\fi\LC_MESSAGES folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\fi folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\es\LC_MESSAGES folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\es folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\en\LC_MESSAGES folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\en folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\dk\LC_MESSAGES folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\dk folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\de\LC_MESSAGES folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\de folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\br\LC_MESSAGES folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\br folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster folder moved successfully.
C:\Program Files\Uniblue folder moved successfully.
File\Folder C:\Program Files\DownloadHQ not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41085 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Linda
->Temp folder emptied: 2002 bytes
->Temporary Internet Files folder emptied: 100108872 bytes
->Java cache emptied: 15776161 bytes
->FireFox cache emptied: 59004108 bytes
->Google Chrome cache emptied: 557424 bytes
->Flash cache emptied: 801507 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1386496 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 358918871 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 512,00 mb



OTL by OldTimer - Version 3.2.31.0 log created on 01142012_213000

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...
  • 0

#8
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Excellent progress, I am awaiting the aswMBR log and the custom scan OTL of steps 4 and 5.

I also need answers to the two questions in step 6!
  • 0

#9
Dark_Star_Qc

Dark_Star_Qc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 177 posts
Here is aswMBR log:

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-14 21:59:47
-----------------------------
21:59:47.923 OS Version: Windows 6.0.6002 Service Pack 2
21:59:47.923 Number of processors: 2 586 0x1706
21:59:47.924 ComputerName: LINDA-PC UserName: Linda
21:59:49.399 Initialize success
21:59:49.516 AVAST engine defs: 12011401
22:00:30.226 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006d
22:00:30.227 Disk 0 Vendor: Hitachi_ GM4O Size: 476940MB BusType: 6
22:00:30.256 Disk 0 MBR read successfully
22:00:30.258 Disk 0 MBR scan
22:00:30.260 Disk 0 unknown MBR code
22:00:30.264 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 9993 MB offset 63
22:00:30.279 Disk 0 Partition 2 80 (A) 06 FAT16 NTFS 233604 MB offset 20467712
22:00:30.309 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 233341 MB offset 498888704
22:00:30.323 Disk 0 scanning sectors +976771072
22:00:30.449 Disk 0 scanning C:\Windows\system32\drivers
22:00:49.687 Service scanning
22:00:50.826 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
22:00:51.422 Modules scanning
22:01:12.986 Disk 0 trace - called modules:
22:01:13.011 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x86d311f8]<<
22:01:13.014 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87839688]
22:01:13.017 3 CLASSPNP.SYS[8430f8b3] -> nt!IofCallDriver -> [0x86da5550]
22:01:13.021 5 acpi.sys[842126bc] -> nt!IofCallDriver -> \Device\0000006d[0x86db5300]
22:01:13.025 \Driver\nvstor32[0x86da3980] -> IRP_MJ_CREATE -> 0x86d311f8
22:01:14.591 AVAST engine scan C:\Windows
22:01:23.400 AVAST engine scan C:\Windows\system32
22:03:52.886 AVAST engine scan C:\Windows\system32\drivers
22:04:08.954 AVAST engine scan C:\Users\Linda
22:47:37.492 AVAST engine scan C:\ProgramData
22:51:39.130 Scan finished successfully
23:01:27.045 Disk 0 MBR has been saved successfully to "C:\Users\Linda\Desktop\MBR.dat"
23:01:27.052 The log file has been saved successfully to "C:\Users\Linda\Desktop\aswMBR.txt"
  • 0

#10
Dark_Star_Qc

Dark_Star_Qc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 177 posts
And final otl.txt and extras.txt logs:

OTL logfile created on: 2012-01-14 23:09:34 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Linda\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 1,38 Gb Available Physical Memory | 46,10% Memory free
6,20 Gb Paging File | 4,45 Gb Available in Paging File | 71,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 228,13 Gb Total Space | 57,04 Gb Free Space | 25,00% Space Free | Partition Type: NTFS
Drive D: | 227,87 Gb Total Space | 227,49 Gb Free Space | 99,83% Space Free | Partition Type: NTFS

Computer Name: LINDA-PC | User Name: Linda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-01-13 19:37:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Linda\Desktop\OTL.scr
PRC - [2011-12-21 02:24:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011-07-01 13:40:28 | 000,129,352 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
PRC - [2011-07-01 13:38:58 | 000,298,824 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2011-05-24 19:54:54 | 000,329,544 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2011-05-24 18:40:12 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2011-05-10 07:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011-05-10 07:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010-12-01 14:49:56 | 001,589,208 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsGui.exe
PRC - [2010-10-27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010-09-11 11:48:12 | 001,052,676 | ---- | M] (NCH Software) -- C:\Program Files\NCH Swift Sound\VRS\vrs.exe
PRC - [2010-09-11 11:46:16 | 000,745,476 | ---- | M] (NCH Software) -- C:\Program Files\NCH Swift Sound\MSRS\msrs.exe
PRC - [2010-08-25 10:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010-05-24 06:30:58 | 001,234,432 | ---- | M] (Logia Ltd.) -- C:\Program Files\Logia\eSnipsDownloader\eSnips_Downloader.exe
PRC - [2010-03-18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010-03-12 17:41:16 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2010-01-15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009-04-11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008-08-18 09:51:22 | 001,699,784 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2008-03-05 01:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008-03-05 01:38:28 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008-01-25 20:49:04 | 000,269,448 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2008-01-20 21:24:46 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Speech\Common\sapisvr.exe
PRC - [2008-01-20 21:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008-01-09 20:43:28 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2008-01-09 20:43:26 | 000,326,176 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe
PRC - [2007-12-19 20:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007-12-07 15:28:22 | 000,196,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvraidservice.exe
PRC - [2007-10-17 12:38:20 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2007-10-11 13:53:22 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007-09-10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007-09-06 12:02:04 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2007-06-27 19:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007-06-27 19:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2004-05-02 12:02:51 | 000,062,464 | ---- | M] (Elias Fotinis) -- C:\Program Files\DeskPins\DeskPins.exe


========== Modules (No Company Name) ==========

MOD - [2012-01-05 03:05:59 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\fecd1103dd16dc1192402770caf56575\System.Web.ni.dll
MOD - [2012-01-05 03:05:52 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll
MOD - [2011-12-21 02:24:51 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011-10-13 02:33:48 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll
MOD - [2011-10-13 02:32:39 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8645de531003807d00822e03986a075d\System.ServiceProcess.ni.dll
MOD - [2011-10-13 02:32:18 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011-10-13 02:30:54 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011-10-13 02:30:42 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011-10-13 02:30:35 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011-10-13 02:29:48 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011-10-13 02:29:13 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011-09-30 20:14:16 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011-07-01 13:40:28 | 000,129,352 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
MOD - [2011-07-01 13:39:40 | 000,009,032 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\lang\gui-eng.dll
MOD - [2009-11-03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009-01-18 14:50:02 | 000,417,792 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\AdobeXMP.dll
MOD - [2008-12-26 14:08:08 | 001,679,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2971.38833__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2008-12-26 14:08:08 | 000,688,128 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.2971.39016__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
MOD - [2008-12-26 14:08:08 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2971.39038__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2008-12-26 14:08:08 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2971.38792__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2008-12-26 14:08:08 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2971.38846__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2008-12-26 14:08:08 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2971.39030__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2008-12-26 14:08:08 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2971.38993__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2008-12-26 14:08:08 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2971.38825__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2008-12-26 14:08:08 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2971.38946__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2008-12-26 14:08:08 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2971.38812__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2008-12-26 14:08:07 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2971.39063__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2008-12-26 14:07:57 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2971.39069__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2008-12-26 14:07:57 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2971.38806__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2008-12-26 14:07:56 | 000,901,120 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2971.39032__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2008-12-26 14:07:56 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2971.38955__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2008-12-26 14:07:56 | 000,663,552 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.2971.38995__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
MOD - [2008-12-26 14:07:56 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2971.38859__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2008-12-26 14:07:56 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2971.38947__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2008-12-26 14:07:56 | 000,442,368 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.2971.39089__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
MOD - [2008-12-26 14:07:56 | 000,442,368 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2971.38940__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2008-12-26 14:07:56 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2971.38813__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2008-12-26 14:07:56 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2971.39022__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2008-12-26 14:07:56 | 000,352,256 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2971.39002__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2008-12-26 14:07:56 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2971.38852__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2008-12-26 14:07:56 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2971.38972__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2008-12-26 14:07:56 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2971.39009__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2008-12-26 14:07:56 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2971.38954__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2008-12-26 14:07:56 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.2971.39089__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2008-12-26 14:07:56 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2971.39001__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2008-12-26 14:07:56 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2971.38946__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2008-12-26 14:07:56 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2971.39061__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2008-12-26 14:07:56 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2971.38865__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2008-12-26 14:07:56 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2971.38954__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2008-12-26 14:07:56 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2971.38971__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2008-12-26 14:07:56 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2971.38986__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2008-12-26 14:07:55 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2939.23744__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.2939.23747__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2008-12-26 14:07:55 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2008-12-26 14:07:55 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2008-12-26 14:07:55 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2008-12-26 14:07:55 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2939.23763__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2008-12-26 14:07:55 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2008-12-26 14:07:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2008-12-26 14:07:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll
MOD - [2008-12-26 14:07:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2008-12-26 14:07:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll
MOD - [2008-12-26 14:07:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2008-12-26 14:07:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2008-12-26 14:07:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2008-12-26 14:07:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2008-12-26 14:07:55 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2008-12-26 14:07:54 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2008-12-26 14:07:54 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2008-12-26 14:07:54 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2008-12-26 14:07:51 | 001,507,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2971.38799__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2008-12-26 14:07:51 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2971.38819__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2008-12-26 14:07:51 | 000,413,696 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2971.39044__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2008-12-26 14:07:51 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2971.39053__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2008-12-26 14:07:51 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2971.38784__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2008-12-26 14:07:51 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2971.39051__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2008-12-26 14:07:51 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2008-12-26 14:07:51 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2008-12-26 14:07:51 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2008-12-26 14:07:51 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2971.39081__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2008-12-26 14:07:51 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2008-12-26 14:07:51 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2008-12-26 14:07:51 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2008-12-26 14:07:51 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2008-12-26 14:07:51 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2008-12-26 14:07:51 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2008-12-26 14:07:51 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.2971.39092__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2008-12-26 14:07:51 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2971.38783__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2008-12-26 14:07:50 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2971.38784__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2008-12-26 14:07:50 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2971.38782__90ba9c70f846762e\APM.Server.dll
MOD - [2008-12-26 14:07:50 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2971.38783__90ba9c70f846762e\AEM.Server.dll
MOD - [2008-12-26 14:07:50 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2971.39053__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2008-12-26 14:07:50 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2008-03-05 01:38:16 | 000,227,888 | ---- | M] () -- C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
MOD - [2008-02-20 20:30:04 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2008-02-19 17:08:00 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008-01-09 20:43:26 | 000,326,176 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe
MOD - [2008-01-09 20:43:12 | 000,057,344 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll
MOD - [2008-01-09 20:42:54 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll
MOD - [2007-12-19 20:09:42 | 000,003,584 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\fr\eSettings.Plugin.resources.dll
MOD - [2007-12-19 20:09:38 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll
MOD - [2007-12-19 20:09:00 | 000,011,264 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\fr\eSettings.Presenter.resources.dll
MOD - [2007-12-19 20:08:54 | 000,155,648 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll
MOD - [2007-12-19 20:08:28 | 003,420,160 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.View.dll
MOD - [2007-12-19 20:08:10 | 000,032,768 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll
MOD - [2007-11-16 15:02:18 | 000,479,232 | R--- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ccme_base.dll
MOD - [2007-11-16 15:02:18 | 000,401,408 | R--- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\cryptocme2.dll
MOD - [2007-10-17 12:38:24 | 000,003,584 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\fr\ePerformance.Plugin.resources.dll
MOD - [2007-10-17 12:38:20 | 000,045,056 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Plugin.dll
MOD - [2007-10-17 12:38:00 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.dll
MOD - [2007-10-17 12:38:00 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Presenter.dll
MOD - [2007-10-17 12:37:58 | 000,040,960 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Library.dll
MOD - [2007-10-17 11:55:10 | 000,020,480 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.Interface.dll
MOD - [2007-10-17 11:55:10 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\MemCheck.Interface.dll
MOD - [2007-02-13 06:26:30 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll


========== Win32 Services (SafeList) ==========

SRV - [2011-07-01 13:40:36 | 000,063,976 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2011-07-01 13:38:58 | 000,298,824 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2011-05-24 19:54:54 | 000,329,544 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2011-05-24 18:40:12 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2011-05-10 07:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010-10-31 20:03:48 | 000,161,144 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist Express Customer\240\g2ax_service.exe -- (GoToAssist Express Customer)
SRV - [2010-09-11 11:48:12 | 001,052,676 | ---- | M] (NCH Software) [Auto | Running] -- C:\Program Files\NCH Swift Sound\VRS\vrs.exe -- (VRSService)
SRV - [2010-09-11 11:46:16 | 000,745,476 | ---- | M] (NCH Software) [Auto | Running] -- C:\Program Files\NCH Swift Sound\MSRS\msrs.exe -- (MSRSService)
SRV - [2010-03-18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010-03-12 17:41:16 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010-01-15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008-08-18 09:51:22 | 001,699,784 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2008-03-05 01:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008-01-25 20:49:04 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2008-01-20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007-12-19 20:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007-10-17 12:38:20 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2007-09-10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)


========== Driver Services (SafeList) ==========

DRV - [2011-12-19 21:46:50 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2011-09-06 16:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011-09-06 16:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011-09-06 16:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011-09-06 16:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011-05-10 07:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011-05-10 06:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010-12-02 22:30:44 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010-09-22 14:19:02 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hssdrv.sys -- (HssDrv)
DRV - [2010-06-22 21:47:58 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2009-09-28 22:27:11 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009-08-14 08:08:50 | 000,105,984 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qcusbser.sys -- (qcusbser)
DRV - [2009-07-15 02:00:26 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2009-04-27 19:39:08 | 000,087,696 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2009-04-27 19:39:08 | 000,079,888 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2009-04-27 19:39:08 | 000,041,424 | ---- | M] (Sun Microsystems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2009-04-27 19:39:06 | 000,100,944 | ---- | M] (Sun Microsystems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2008-02-19 19:52:50 | 003,514,368 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007-12-21 10:51:08 | 007,629,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007-12-08 00:28:10 | 000,140,320 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007-12-08 00:28:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007-11-06 11:30:48 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport)
DRV - [2007-11-06 11:30:46 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (tvicport)
DRV - [2007-09-25 09:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2007-09-10 13:17:40 | 001,035,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007-07-16 04:38:06 | 000,030,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2007-07-07 08:13:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007-07-02 21:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2007-01-29 05:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2006-12-12 16:59:56 | 000,016,512 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\Windows\System32\drivers\aspi32.sys -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.ca.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eis.esnips.co...d2-41fde8d1391d


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-53930244-3333630975-3341998274-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eis.esnips.co...d2-41fde8d1391d
IE - HKU\S-1-5-21-53930244-3333630975-3341998274-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache =
IE - HKU\S-1-5-21-53930244-3333630975-3341998274-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Linda\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Linda\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Logia\eSnipsDownloader\ext [2011-05-22 10:20:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3C5F0F00-683D-4847-89C8-E7AF64FD1CFB}: C:\Program Files\RelevantKnowledge
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-01-13 18:06:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-01-14 21:30:07 | 000,000,000 | ---D | M]

[2009-11-10 10:06:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Linda\AppData\Roaming\Mozilla\Extensions
[2009-11-10 10:06:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Linda\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012-01-14 21:39:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\4jt4nlrf.default\extensions
[2012-01-13 18:06:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011-08-20 17:16:55 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011-12-21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009-03-05 17:08:04 | 000,049,664 | ---- | M] () -- C:\Program Files\mozilla firefox\components\FFComm.dll
[2011-12-20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011-05-22 10:20:22 | 000,002,029 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\esnips.xml
[2011-12-20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&output=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2012-01-14 21:30:47 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (eSnipsBHO Class) - {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - C:\Program Files\Logia\eSnipsDownloader\eSnipsBHO.dll (Logia Media)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKU\S-1-5-21-53930244-3333630975-3341998274-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [Apanel] C:\ACERSW\config\SetApanel.cmd File not found
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [eSnips_Downloader] C:\Program Files\Logia\eSnipsDownloader\eSnips_Downloader.exe (Logia Ltd.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-53930244-3333630975-3341998274-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-53930244-3333630975-3341998274-1000..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskPins.lnk = C:\Program Files\DeskPins\DeskPins.exe (Elias Fotinis)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Bejeweled%203/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Mahjong%20Towers%20Eternity/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave...ploader_v10.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B89E525-B2FE-4E02-B769-D671257BBDE6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC5E9ED1-D009-43D4-AA4D-D31723C2C0CD}: NameServer = 10.94.16.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist Express Customer: DllName - (C:\Program Files\Citrix\GoToAssist Express Customer\240\g2ax_winlogon.dll) - C:\Program Files\Citrix\GoToAssist Express Customer\240\g2ax_winlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Linda\Documents\Laurence\P4230094_Rogne JPM3.jpg
O24 - Desktop BackupWallPaper: C:\Users\Linda\Documents\Laurence\P4230094_Rogne JPM3.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{dc4b8955-acab-11de-a6c8-00218509134c}\Shell - "" = AutoRun
O33 - MountPoints2\{dc4b8955-acab-11de-a6c8-00218509134c}\Shell\AutoRun\command - "" = K:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk - - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan.lnk - - File not found
MsConfig - StartUpFolder: C:^Users^Linda^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk - - File not found
MsConfig - StartUpFolder: C:^Users^Linda^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Outil de détection de support PMB.lnk - C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe - (Sony Corporation)
MsConfig - StartUpFolder: C:^Users^Linda^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Product Registration.lnk - - File not found
MsConfig - StartUpFolder: C:^Users^Linda^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk - - File not found
MsConfig - StartUpFolder: C:^Users^Linda^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RollerCoaster Tycoon 3_ Wild Registration.lnk - - File not found
MsConfig - StartUpReg: AdobeUpdater - hkey= - key= - File not found
MsConfig - StartUpReg: Aim6 - hkey= - key= - File not found
MsConfig - StartUpReg: BlackBerryAutoUpdate - hkey= - key= - File not found
MsConfig - StartUpReg: Carbonite Backup - hkey= - key= - C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\Linda\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: IPHSend - hkey= - key= - C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe (America Online, Inc.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LifeCam - hkey= - key= - C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - StartUpReg: MsnMsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: MSRS - hkey= - key= - C:\Program Files\NCH Swift Sound\MSRS\msrs.exe (NCH Software)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Recordpad - hkey= - key= - C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe (NCH Software)
MsConfig - StartUpReg: SearchSettings - hkey= - key= - File not found
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: uTorrent - hkey= - key= - File not found
MsConfig - StartUpReg: VRS - hkey= - key= - C:\Program Files\NCH Swift Sound\VRS\vrs.exe (NCH Software)
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012-01-14 21:30:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-01-14 09:46:07 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Roaming\Malwarebytes
[2012-01-14 09:45:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012-01-14 09:45:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012-01-14 09:45:54 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012-01-14 09:45:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012-01-13 19:37:21 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Linda\Desktop\OTL.scr
[2012-01-11 01:10:36 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012-01-11 01:10:34 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012-01-11 01:10:33 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012-01-11 01:10:31 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012-01-11 01:10:31 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2011-12-30 13:45:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2011-12-28 16:08:40 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Roaming\tiger-k
[2011-12-26 20:11:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leawo
[2011-12-26 20:11:15 | 000,000,000 | ---D | C] -- C:\Program Files\Leawo
[2011-12-26 20:02:46 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\Seven Zip
[2011-12-26 13:36:35 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
[2011-12-26 13:36:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
[2011-12-26 13:36:34 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2011-12-26 13:24:23 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Roaming\Broad Intelligence
[2011-12-26 13:24:17 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaCoder
[2011-12-26 13:23:56 | 000,000,000 | ---D | C] -- C:\Program Files\MediaCoder
[2011-12-26 01:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2011-12-26 01:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2011-12-26 00:58:46 | 000,000,000 | ---D | C] -- C:\Users\Linda\Documents\My Digital Editions
[2011-12-26 00:42:29 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\Kobo
[2011-12-26 00:42:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kobo
[2011-12-26 00:40:44 | 000,000,000 | ---D | C] -- C:\Program Files\Kobo
[2011-12-19 21:46:50 | 000,037,376 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\System32\libusb0.dll
[2011-12-19 21:46:50 | 000,021,504 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\System32\drivers\libusb0.sys
[2008-12-26 14:26:11 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe

========== Files - Modified Within 30 Days ==========

[2012-01-14 23:02:00 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-53930244-3333630975-3341998274-1000UA.job
[2012-01-14 23:01:27 | 000,000,512 | ---- | M] () -- C:\Users\Linda\Desktop\MBR.dat
[2012-01-14 22:22:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-01-14 21:41:42 | 000,605,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012-01-14 21:41:42 | 000,104,680 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012-01-14 21:36:28 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-01-14 21:34:15 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012-01-14 21:34:15 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012-01-14 21:34:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-01-14 21:30:47 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012-01-14 11:28:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012-01-14 09:45:55 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-01-14 03:18:53 | 000,299,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012-01-13 19:37:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Linda\Desktop\OTL.scr
[2012-01-13 19:02:00 | 000,001,026 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-53930244-3333630975-3341998274-1000Core.job
[2012-01-13 18:06:46 | 000,000,834 | ---- | M] () -- C:\Users\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012-01-13 18:06:46 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012-01-08 15:13:29 | 000,100,864 | ---- | M] () -- C:\Users\Linda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-01-03 19:06:12 | 000,108,120 | ---- | M] () -- C:\Users\Linda\Desktop\Dallas.jpg
[2011-12-30 13:45:46 | 000,001,947 | ---- | M] () -- C:\Users\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk
[2011-12-30 13:45:46 | 000,001,923 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Digital Editions.lnk
[2011-12-26 20:11:28 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Leawo AVI Converter.lnk
[2011-12-26 13:24:17 | 000,000,868 | ---- | M] () -- C:\Users\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\MediaCoder.lnk
[2011-12-26 13:24:17 | 000,000,844 | ---- | M] () -- C:\Users\Linda\Desktop\MediaCoder.lnk
[2011-12-26 00:42:18 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\Kobo.lnk
[2011-12-19 21:46:50 | 000,037,376 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\Windows\System32\libusb0.dll
[2011-12-19 21:46:50 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\Windows\System32\drivers\libusb0.sys

========== Files Created - No Company Name ==========

[2012-01-14 23:01:27 | 000,000,512 | ---- | C] () -- C:\Users\Linda\Desktop\MBR.dat
[2012-01-14 09:45:55 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-01-13 18:06:46 | 000,000,834 | ---- | C] () -- C:\Users\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012-01-13 18:06:46 | 000,000,822 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012-01-13 18:06:46 | 000,000,810 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012-01-03 19:06:09 | 000,108,120 | ---- | C] () -- C:\Users\Linda\Desktop\Dallas.jpg
[2011-12-30 13:45:46 | 000,001,947 | ---- | C] () -- C:\Users\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk
[2011-12-30 13:45:46 | 000,001,935 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions.lnk
[2011-12-30 13:45:46 | 000,001,923 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Digital Editions.lnk
[2011-12-26 20:11:28 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Leawo AVI Converter.lnk
[2011-12-26 13:24:17 | 000,000,868 | ---- | C] () -- C:\Users\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\MediaCoder.lnk
[2011-12-26 13:24:17 | 000,000,844 | ---- | C] () -- C:\Users\Linda\Desktop\MediaCoder.lnk
[2011-12-26 00:42:18 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\Kobo.lnk
[2011-05-23 10:08:24 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini
[2011-01-08 20:59:03 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011-01-08 20:33:41 | 000,153,600 | ---- | C] () -- C:\Windows\System32\WS_ContextMenu.dll
[2010-06-09 13:51:28 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2010-04-16 19:04:01 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010-02-28 12:55:23 | 000,000,680 | ---- | C] () -- C:\Users\Linda\AppData\Local\d3d9caps.dat
[2010-01-13 23:02:01 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009-09-12 10:34:39 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2009-09-12 10:34:39 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2009-09-12 10:34:39 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2009-09-12 10:34:39 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2009-09-12 10:34:39 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2009-09-12 10:34:39 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2009-09-12 10:34:39 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2009-09-12 10:34:39 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2009-09-12 10:34:39 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2009-09-12 10:34:39 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2009-09-12 10:34:39 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2009-09-12 10:34:39 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2009-09-12 10:34:39 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2009-09-12 10:34:39 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2009-09-12 10:34:39 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2009-09-12 10:34:39 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009-09-12 10:32:34 | 000,000,044 | ---- | C] () -- C:\Windows\EPSNX400.ini
[2009-09-01 17:26:55 | 000,000,121 | ---- | C] () -- C:\Windows\bdagent.INI
[2009-08-29 02:05:53 | 000,081,984 | ---- | C] () -- C:\Windows\System32\bdod.bin
[2009-08-18 13:09:39 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009-08-18 13:09:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009-08-03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009-08-03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009-07-22 17:25:20 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009-06-13 21:43:20 | 000,000,168 | ---- | C] () -- C:\Windows\wininit.ini
[2009-05-21 16:42:02 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009-05-19 08:35:39 | 000,000,210 | ---- | C] () -- C:\Windows\CWPlayerCfg.Ini
[2009-02-09 21:23:14 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2009-02-09 21:22:17 | 000,000,029 | ---- | C] () -- C:\Windows\atid.ini
[2009-01-05 01:52:20 | 000,100,864 | ---- | C] () -- C:\Users\Linda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-12-28 11:52:24 | 000,000,708 | ---- | C] () -- C:\Users\Linda\AppData\Roaming\wklnhst.dat
[2008-12-27 03:10:19 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008-12-26 14:30:55 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2008-12-26 14:30:55 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2008-12-26 14:27:12 | 000,077,824 | ---- | C] () -- C:\Windows\System32\drivers\INT15_DETECT.EXE
[2008-12-26 14:26:11 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2008-12-26 14:07:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008-12-26 14:05:21 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008-12-26 14:05:20 | 000,165,746 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008-12-26 14:05:20 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008-12-26 14:05:20 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2008-12-26 14:05:20 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008-03-16 15:42:41 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2008-03-16 15:10:10 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2008-03-16 14:16:12 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008-03-16 14:03:42 | 000,001,108 | ---- | C] () -- C:\Windows\generic.ini
[2008-03-16 14:03:42 | 000,000,132 | ---- | C] () -- C:\Windows\Alaunch.ini
[2006-11-02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006-11-02 07:47:37 | 000,299,904 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006-11-02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006-11-02 05:33:01 | 000,605,940 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006-11-02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006-11-02 05:33:01 | 000,104,680 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006-11-02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006-11-02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006-11-02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006-11-02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006-11-02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006-11-02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001-12-26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001-09-06 17:42:54 | 000,000,036 | ---- | C] () -- C:\Windows\A3W.ini
[2001-09-04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001-07-30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001-07-23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2008-03-16 14:49:03 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2008-03-16 14:49:03 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
[2011-08-13 11:03:53 | 000,000,000 | -HSD | M] -- C:\Users\Linda\AppData\Roaming\.#
[2008-12-26 14:34:20 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Acer
[2008-03-16 14:49:03 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Acer GameZone Console
[2011-05-23 09:44:07 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Atari
[2011-05-22 11:54:59 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Audacity
[2009-09-28 22:47:49 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Blitware
[2011-12-26 13:24:23 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Broad Intelligence
[2009-03-19 18:17:21 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\com.doubleperfect.ggpo.0753AD3679DBFCA1E7F470171B7D0DB8B404A7EA.1
[2009-09-28 23:07:59 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\DAEMON Tools Lite
[2009-09-28 22:27:03 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\DAEMON Tools Pro
[2009-11-04 00:12:58 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Damdai
[2009-12-15 11:57:47 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\El Conjugador
[2010-04-14 19:15:22 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\EPSON
[2009-05-29 07:08:06 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\eSobi
[2011-12-30 11:55:10 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\foobar2000
[2011-05-22 11:54:01 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Free Audio Editor
[2009-01-17 07:36:09 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Goodsol
[2011-05-17 06:54:20 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\gtk-2.0
[2008-12-26 14:34:19 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Leadertech
[2011-12-28 16:08:39 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Leawo
[2011-05-22 10:20:23 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Logia
[2011-01-08 21:00:50 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Moyea
[2010-09-11 11:48:26 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\NCH Swift Sound
[2010-09-15 06:10:30 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Recordpad
[2009-01-03 00:32:47 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\SpinTop
[2009-06-18 18:48:25 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\SystemRequirementsLab
[2010-08-27 07:10:46 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Template
[2011-12-28 16:09:29 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\tiger-k
[2011-08-29 07:15:43 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\TP
[2012-01-14 21:32:58 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2008-12-01 13:54:20 | 000,364,032 | ---- | M] (Carbonite, Inc.) -- C:\CarboniteFixStatusfast.exe


< MD5 for: EXPLORER.EXE >
[2008-10-29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008-10-29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008-10-29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009-04-11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009-04-11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008-10-27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008-01-20 21:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008-01-20 21:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008-01-20 21:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2011-12-24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008-01-20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008-01-20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009-04-11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009-04-11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2011-12-24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008-01-20 21:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ShowIconsCommand: "C:\Users\Linda\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012-01-05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\HideIconsCommand: "C:\Users\Linda\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012-01-05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ReinstallCommand: "C:\Users\Linda\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012-01-05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Users\Linda\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-01-05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011-12-21 02:24:52 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011-12-21 02:24:52 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011-12-21 02:24:52 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011-12-21 02:24:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011-12-21 02:24:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011-12-21 02:24:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Linda\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012-01-05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Linda\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012-01-05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Linda\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012-01-05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Linda\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-01-05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011-11-02 23:45:23 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011-11-02 23:45:23 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011-11-02 23:45:23 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011-11-03 01:23:19 | 000,638,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011-11-03 01:23:19 | 000,638,240 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ShowIconsCommand: "C:\Users\Linda\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012-01-05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\HideIconsCommand: "C:\Users\Linda\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012-01-05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ReinstallCommand: "C:\Users\Linda\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012-01-05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Users\Linda\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-01-05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011-12-21 02:24:52 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011-12-21 02:24:52 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011-12-21 02:24:52 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011-12-21 02:24:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011-12-21 02:24:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011-12-21 02:24:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Linda\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012-01-05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Linda\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012-01-05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Linda\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012-01-05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Linda\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-01-05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011-11-02 23:45:23 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011-11-02 23:45:23 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011-11-02 23:45:23 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011-11-03 01:23:19 | 000,638,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011-11-03 01:23:19 | 000,638,240 | ---- | M] (Microsoft Corporation)

< C:\Windows\assembly\tmp\U\*.* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >



--------------------------------


OTL Extras logfile created on: 2012-01-14 23:09:34 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Linda\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 1,38 Gb Available Physical Memory | 46,10% Memory free
6,20 Gb Paging File | 4,45 Gb Available in Paging File | 71,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 228,13 Gb Total Space | 57,04 Gb Free Space | 25,00% Space Free | Partition Type: NTFS
Drive D: | 227,87 Gb Total Space | 227,49 Gb Free Space | 99,83% Space Free | Partition Type: NTFS

Computer Name: LINDA-PC | User Name: Linda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-53930244-3333630975-3341998274-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{040A5FF4-1118-418D-9866-5476E6842CE6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{068DF9DF-CE67-4C5A-9CAC-DB6C1E078A87}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{0D7E7935-0D52-47FE-A188-899C8A990B4D}" = rport=138 | protocol=17 | dir=out | app=system |
"{10F9170A-DC31-4E91-9AB6-FC280B339DE0}" = lport=138 | protocol=17 | dir=in | app=system |
"{37F607C2-284B-4CB5-9014-895D2E571E69}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{47A6AED8-A83E-46A5-8F5D-604F43EC3A0D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5415C27E-45B9-4820-946D-4694829CEB95}" = rport=137 | protocol=17 | dir=out | app=system |
"{57105829-1A1C-4CCB-A910-86667079A3E7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{720AB563-E8FE-4F6C-ADA4-3EA24BD4E544}" = lport=2869 | protocol=6 | dir=in | app=system |
"{809E952E-72A3-45DA-8543-6F72E98E26CB}" = lport=4100 | protocol=17 | dir=in | name=upnp router control port |
"{8F5D6AE2-C628-499A-B58D-63D034446AAB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{954553FB-94DF-43B0-AA45-EEF2BFF521BA}" = lport=139 | protocol=6 | dir=in | app=system |
"{A7F68CAB-24C9-48E4-8D34-8CD97C88227F}" = rport=139 | protocol=6 | dir=out | app=system |
"{B2D1CF5E-EAB9-4E28-B017-AD8FA5D6E690}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C61DEACF-44A9-486B-83C4-1A40BA691222}" = rport=445 | protocol=6 | dir=out | app=system |
"{CD6B3102-34FD-4F73-B483-8C41393BDCD4}" = lport=445 | protocol=6 | dir=in | app=system |
"{CF20F232-C880-46E2-BD1B-7AA7B603C1D3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D1E6EA7B-95DF-40BF-8739-3FAF65414F3B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D9C77D2D-0C62-48D5-9F93-C12428403880}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E07863D6-8105-4B5B-A5A8-3BA605E40FD9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F417EA7A-9388-4960-B87B-06746FCB080B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F44949A8-94A2-4D30-93DD-2A782EAD00F0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F7377A03-32E9-4336-8411-C03869BD5C11}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0838EBC8-E663-4B66-866E-FA6DBCF15D59}" = protocol=1 | dir=out | [email protected],-28544 |
"{0A8A1534-BD28-46F6-9CA9-ECC60F40E410}" = protocol=1 | dir=in | [email protected],-28543 |
"{1599FD2C-F29D-46C2-B9AA-9ED69FA0A4C3}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{173969C0-F670-4DBF-9570-97324A6713B6}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{1ABBD73E-7B08-47D0-B694-CCEDF53B6F6A}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{1C4C93FE-A809-4596-9008-F2B3D08EFF21}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{1F90B495-9ADE-47AC-9530-8C2C2CA48ABD}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{20A33BFC-01CD-4127-9C32-C7DA6FCD5FCA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{24E429E7-CED5-4DC7-AD87-92BBA056071E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2CA36D6C-7E8A-45FC-BEE4-5DAF62D64107}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{31EB5216-7D72-4C17-8DF2-FA5B69B7869E}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{34FFB7A0-1A20-4347-B608-04B53942437D}" = protocol=6 | dir=in | app=c:\users\linda\downloads\3gpconvertersetup.exe |
"{38D0A2A9-099B-4256-A928-F810181F14E9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{39863CA9-3184-4F99-9510-39E313EE846B}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{479ECCE8-031F-4BCF-B7EB-31702685CE3A}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{49A12236-69A5-4A8D-A922-09F6F7CB7754}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{4C294858-6B1A-4B89-A2A6-405DABD744A4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4D28F399-76C1-4F69-A98B-145C52AAEBFC}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{6A4CAF56-9623-4AFA-854B-D47483B10A3B}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe |
"{70441C18-3E53-4EFF-B676-D2C732DCB557}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe |
"{7DC067A8-B0E3-4313-9110-AF4E161E15EC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7DD43CEF-4847-4132-97EC-9EB1965C200B}" = protocol=6 | dir=in | app=c:\users\linda\appdata\local\temp\~os5c67.tmp\rlvknlg.exe |
"{84BB645A-5F9B-44EB-ADAE-4354AF107AD1}" = protocol=17 | dir=in | app=c:\users\linda\appdata\local\temp\7zsdff2.tmp\symnrt.exe |
"{89EC6C5A-4AB0-4332-8222-0B151E8A8E96}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8A7520D5-A8CD-4998-9766-90FDE9060FF6}" = protocol=17 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{8B14073C-8DF3-460C-A5D7-2A4303C5D37D}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{8E5AC746-02CF-4513-9F72-04A74B446FFC}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe |
"{92E72A5C-B72B-4379-94AE-F07E353CAB52}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe |
"{94063567-A94D-492C-A5FE-C8A914B9B6F4}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{A4413086-4FAF-4E62-8077-480B57875EF8}" = protocol=6 | dir=in | app=c:\users\linda\appdata\local\temp\~os5b3f.tmp\rlvknlg.exe |
"{A95B326A-DD98-4550-8653-CE41D482B8FA}" = dir=in | app=c:\program files\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe |
"{B30E2A90-DF68-48D4-94D1-240213326E85}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{B3CB2823-7266-4730-A1E8-62CFCE4EF5B7}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B4499393-1FA9-42A0-ADAA-94946735DA45}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{B631B083-CC86-4B07-B0C0-C5ECE51CAAA0}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{BDCB107B-4450-4115-8B46-F70E77776510}" = protocol=58 | dir=in | [email protected],-28545 |
"{BE36BF55-C18D-4CB0-8F3E-10E171D0EF9D}" = protocol=58 | dir=out | [email protected],-28546 |
"{C318B0A4-B2D0-4D2E-9441-555DC11A8A75}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C4ED1D25-12EA-474D-A3DA-C1FE95B6C266}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{CC629500-0671-49A9-9C7B-C75316C50354}" = protocol=6 | dir=in | app=c:\users\linda\appdata\local\temp\7zsdff2.tmp\symnrt.exe |
"{CD5DC196-3F73-4772-945B-665E0182F5F5}" = protocol=17 | dir=in | app=c:\users\linda\downloads\3gpconvertersetup.exe |
"{ED2C8899-0F7B-4055-9B94-6532B733779E}" = protocol=6 | dir=in | app=c:\users\linda\appdata\local\temp\~os4d1b.tmp\rlvknlg.exe |
"{F578644D-E241-428A-9E89-CE2D8448C616}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{F8FD3EF0-7E5A-497A-8777-034A106D806C}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{F9A4C7B5-7EED-4912-984B-C97497DDCC83}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FA7A4DCB-A9DE-40B7-9032-CEEC060DDCBF}" = protocol=6 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{FDA65146-4764-4BBA-ACB9-707F8D9A8392}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"TCP Query User{0F2098FB-EA86-49F8-A29B-8768B6F0DA2F}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{1101FFBD-5789-4A32-B8AC-1709CC519868}C:\program files\downloadhq\downloadhq.exe" = protocol=6 | dir=in | app=c:\program files\downloadhq\downloadhq.exe |
"TCP Query User{1ECFC746-D685-4509-80CD-30599263EDE5}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{240369D5-ADE2-4739-A3EC-8BA3BE0EF38E}C:\users\linda\appdata\local\apps\2.0\cxy2d0t1.k6h\4w1x71v6.czp\2dff..tion_fcdf29b345c9098a_0001.0000_89b83da73a004bb4\2df freeplay client.exe" = protocol=6 | dir=in | app=c:\users\linda\appdata\local\apps\2.0\cxy2d0t1.k6h\4w1x71v6.czp\2dff..tion_fcdf29b345c9098a_0001.0000_89b83da73a004bb4\2df freeplay client.exe |
"TCP Query User{386FC08D-B078-4239-8D24-E5CB7E91F531}E:\easysetupassistant\easysetupassistant.exe" = protocol=6 | dir=in | app=e:\easysetupassistant\easysetupassistant.exe |
"TCP Query User{3CA50967-2AF0-438F-97E8-F847C184B158}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{45348198-370E-45DD-A0A6-59DDA100AECA}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{4C8E4D3F-260C-4DA7-B125-065E3684BFAE}C:\users\linda\desktop\immaterial and missing power\cowcaster.exe" = protocol=6 | dir=in | app=c:\users\linda\desktop\immaterial and missing power\cowcaster.exe |
"TCP Query User{70FA6043-A046-47C1-91CB-9C4D1EA9DDDB}C:\users\linda\appdata\roaming\damdai\2df\freeplay\freeplay_emu.exe" = protocol=6 | dir=in | app=c:\users\linda\appdata\roaming\damdai\2df\freeplay\freeplay_emu.exe |
"TCP Query User{742FE18D-63D6-466D-8963-FD02FF6EBE04}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{8F917F24-F23A-4983-86BE-B749DB05B758}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{99DA85AA-6305-4023-B724-BE80C61B7DD7}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{ABDD3112-511B-4A0F-8F8C-AA9A0D1CE77D}C:\program files\ggpo\ggpofba.exe" = protocol=6 | dir=in | app=c:\program files\ggpo\ggpofba.exe |
"TCP Query User{DA3A38E1-7DBD-4A3D-BE9A-73C70294F03D}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{E06C083A-3474-4F7C-9A07-22F93092C34F}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"TCP Query User{EB9746BE-FD63-4171-93FE-0AB44B0B40B1}C:\program files\ggpo\ggpo.exe" = protocol=6 | dir=in | app=c:\program files\ggpo\ggpo.exe |
"TCP Query User{EE407EBE-540B-41B9-B988-DC8972BF3A4F}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{F5BFDC82-B8FB-45DA-BFF9-B0722391FBA0}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{2A4BE886-5F61-4D30-86FB-0AB39BF102C2}C:\users\linda\desktop\immaterial and missing power\cowcaster.exe" = protocol=17 | dir=in | app=c:\users\linda\desktop\immaterial and missing power\cowcaster.exe |
"UDP Query User{353BD60C-06B6-46D2-9404-C4A3A0CBD9F0}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{475582BD-48B4-4761-BB0F-9167013D1735}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{55CFF293-E8DC-4C10-BDF9-37C2953BA3FF}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{568F2C6A-A7B1-46C2-BF79-06497CF725E4}C:\users\linda\appdata\roaming\damdai\2df\freeplay\freeplay_emu.exe" = protocol=17 | dir=in | app=c:\users\linda\appdata\roaming\damdai\2df\freeplay\freeplay_emu.exe |
"UDP Query User{5ADCB34B-4691-4F57-B009-C0326E0A28D9}E:\easysetupassistant\easysetupassistant.exe" = protocol=17 | dir=in | app=e:\easysetupassistant\easysetupassistant.exe |
"UDP Query User{5E6F8B93-C36C-4F12-8767-84BCB51C4958}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{71767655-E174-4C00-9127-155D07A6898A}C:\users\linda\appdata\local\apps\2.0\cxy2d0t1.k6h\4w1x71v6.czp\2dff..tion_fcdf29b345c9098a_0001.0000_89b83da73a004bb4\2df freeplay client.exe" = protocol=17 | dir=in | app=c:\users\linda\appdata\local\apps\2.0\cxy2d0t1.k6h\4w1x71v6.czp\2dff..tion_fcdf29b345c9098a_0001.0000_89b83da73a004bb4\2df freeplay client.exe |
"UDP Query User{88F5415E-BC1C-401A-A937-210D78FC6852}C:\program files\ggpo\ggpofba.exe" = protocol=17 | dir=in | app=c:\program files\ggpo\ggpofba.exe |
"UDP Query User{89E07E44-7CD3-4892-BFC2-0DC75B6B0D49}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{8F56739C-2F88-4F59-84A1-1F15E4813291}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{9529DA20-1D7C-4F2B-A404-C2F14953BDD9}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"UDP Query User{9B3700FA-E6BE-4725-B7D7-3BEDE739E5CA}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{9DA3A951-78CC-40A4-B7BE-832203F46B4B}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{9E52535D-C886-4FEA-86CD-7AC3674F5F50}C:\program files\ggpo\ggpo.exe" = protocol=17 | dir=in | app=c:\program files\ggpo\ggpo.exe |
"UDP Query User{D82F89D5-7200-4F51-84C4-67D58140AB44}C:\program files\downloadhq\downloadhq.exe" = protocol=17 | dir=in | app=c:\program files\downloadhq\downloadhq.exe |
"UDP Query User{EEE93EC3-520F-412B-89F9-89270D86E2D5}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{F4C028BE-48EB-48C7-BD4B-3E877486602E}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00E139DD-A721-6CAD-BD4C-6FF597FC52BD}" = Catalyst Control Center Graphics Light
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{02F1F814-3458-9AE2-B360-6BA8C8DF9049}" = Catalyst Control Center Localization Danish
"{0542231F-2010-4C7B-9169-EC0C0CB9F371}" = Sun xVM VirtualBox
"{062D3AEE-6E5C-BCE9-4BE4-1190D29EE352}" = CCC Help Thai
"{06A4892F-EC84-7384-B401-52F30FC122FE}" = Catalyst Control Center Localization Japanese
"{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}" = Uniblue RegistryBooster
"{0CC4C654-6439-52F7-FB58-7A6A720166ED}" = CCC Help Turkish
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{173823FE-9525-76D1-D97B-0FE91E155252}" = Skins
"{1A214451-2E9B-D3D3-47C6-A5721559CB4C}" = CCC Help Chinese Standard
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 26
"{26ED1160-22B1-4b19-8C21-42A1BACAAF75}" = pdfforge Toolbar v4.9
"{277D09B9-B42D-2AC2-C924-EDDFCF2107A3}" = Catalyst Control Center Core Implementation
"{286062BC-BDD5-9672-C020-136205720097}" = Catalyst Control Center Localization German
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2BA19C43-B671-8CEE-9354-4045F2CA7EB4}" = Catalyst Control Center Graphics Full Existing
"{2C1F489E-5720-996D-B4C1-EDC85CE1B65E}" = CCC Help Finnish
"{2CF047B3-E199-A69F-6D92-AADFBA7FF661}" = Catalyst Control Center Localization Chinese Traditional
"{2D62916C-976C-4425-8833-8814D9A7A54D}" = ArcSoft Print Creations
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2DFF2037-F943-84F0-BE0C-64D0CDD77E58}" = Catalyst Control Center Localization French
"{36CCF09A-3ABB-C137-4EFD-07E91590D001}" = Catalyst Control Center Localization Swedish
"{39140291-BEC7-7D17-B3AC-BA327051FA0B}" = ccc-core-static
"{3A146779-C87B-332C-EBBC-8579497D68BA}" = Catalyst Control Center Localization Greek
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{423C4F57-FABA-53C2-BD7C-2C5A2EFC50B4}" = Catalyst Control Center Localization Spanish
"{4254E189-9BDD-3319-C681-F60AF423A509}" = CCC Help Polish
"{431643EB-1687-CB60-C9C9-E9E60937E87E}" = Catalyst Control Center Graphics Previews Vista
"{4677674C-59CE-41B0-AA32-44A30A9D1EEB}" = Catalyst Control Center - Branding
"{47A3FE80-528F-482B-8143-B3A4645557FC}" = Microsoft LifeCam
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BBCED26-53AA-B0F9-753C-B7D7822F5B54}" = CCC Help Norwegian
"{4F99A59A-FA06-50CE-720F-983F59D14344}" = Catalyst Control Center Localization Thai
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.6
"{555A4211-DCF8-2A4B-8521-F077D1C72E52}" = Catalyst Control Center Localization Turkish
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61F260E7-05DE-9EBD-C5F0-4D8AF9FC16A3}" = CCC Help Chinese Traditional
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{68BD9036-0952-4849-AE7A-963BB53EDB71}" = GGPO
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7C03DBF2-0F03-F9E8-3CBE-B07CB7F59318}" = CCC Help Greek
"{7D42B43A-EA63-4234-B00A-757C15B2B185}_is1" = Leawo AVI Converter version 5.0.0.0
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112310577}" = Flip Words 2
"{85C89C8C-4FD7-C7E2-97A7-847D947FFDDB}" = Catalyst Control Center Localization Chinese Standard
"{864A44F1-6AB7-5016-B275-DC2AC43D09E7}" = Catalyst Control Center Localization Portuguese
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8E279E44-FBBF-3C62-899C-E8D021697D52}" = ccc-utility
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96C48A0F-0368-554A-6833-F9B7D264B59F}" = CCC Help Italian
"{96C61636-0F21-403C-5348-AAE3C857BD72}" = Catalyst Control Center Graphics Full New
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF5B5DE-6161-F211-2052-54BB67F32008}" = Catalyst Control Center Localization Finnish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B075B92E-C60E-57C2-BDA4-A60E5FF71591}" = CCC Help Dutch
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B420E03C-A7A8-7142-8BF1-D6798B98AC8A}" = CCC Help Korean
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{BE63EA03-29BF-4E9D-73C9-095850F069C8}" = CCC Help Swedish
"{BFFDAD41-BAAB-5602-CD1A-EE1171D14D40}" = Catalyst Control Center Localization Hungarian
"{C3452F04-DA8E-2119-1925-D0E050A64186}" = ATI Catalyst Install Manager
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C8CF9485-B188-A9B0-FEE3-3F423779F89C}" = Catalyst Control Center Localization Dutch
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{CEA453C2-40E0-9B65-A90D-DA8611C29F32}" = CCC Help Hungarian
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition
"{D17E2A02-5D61-C6F9-8D78-90FE1112C19A}" = CCC Help Spanish
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D53BAED6-CF1C-FF87-DE1A-D879D22EF67C}" = Catalyst Control Center Localization Czech
"{D5C388EB-9848-80F6-02F4-DBFED2DF02E8}" = CCC Help French
"{D7E3DAA3-78CB-A30F-FD58-94ED333AE524}" = CCC Help English
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DE44BDEC-6005-6676-DBA4-FC314F53DD49}" = Catalyst Control Center Localization Norwegian
"{E05830A9-573F-8253-C280-921FF1474DA5}" = Catalyst Control Center Localization Russian
"{E0D6A886-A34F-7303-C485-91FA655E83D5}" = CCC Help Japanese
"{E53B1B0E-C8DA-4105-2C41-210571998AB6}" = Catalyst Control Center Localization Korean
"{E927B65C-A081-8B68-705C-932883697B80}" = Catalyst Control Center Localization Italian
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF70BC30-AEE6-5C73-DC7C-3C3B9A73D8FE}" = Catalyst Control Center Localization Polish
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F37200BB-2C03-42D9-DBE3-C6240D53DF06}" = CCC Help Portuguese
"{F57D72B6-7FBB-3C60-A19D-55C7B8042934}" = CCC Help Russian
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{F7FE23D7-980C-6250-6873-4BD1660FE4CB}" = CCC Help Czech
"{F90E2693-78D9-7CCB-4617-2383A0A31CD2}" = CCC Help Danish
"{F917BAC3-BC13-E3A0-EE98-74D9DA33BAE6}" = CCC Help German
"7-Zip" = 7-Zip 4.65
"Acer Assist" = Acer Assist
"Acer GameZone Console_is1" = Acer GameZone Console DTV 2.0.1.1
"Acer Registration" = Acer Registration
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"avast" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"Bejeweled 2" = Bejeweled 2
"Bejeweled 3" = Bejeweled 3
"BFGC" = Big Fish Games Client
"Bicycle Card Games 1.0" = Bicycle Card Games
"Carbonite Backup" = Carbonite
"Champ500" = Championship Five Hundred All-Stars 7.30
"CleanUp!" = CleanUp!
"DeskPins" = DeskPins (remove only)
"Digital Editions" = Adobe Digital Editions
"EPSON Scanner" = EPSON Scan
"EPSON Stylus NX400 Series" = EPSON Stylus NX400 Series Printer Uninstall
"eSnips_Downloader" = eSnips Downloader
"Express" = Express Dictate
"ExpressBurn" = Express Burn Disc Burning Software
"foobar2000" = foobar2000 v0.9.6.8
"Free Audio Editor" = Free Audio Editor
"Google Updater" = Google Updater
"GoToAssist Express Customer" = GoToAssist Customer 1.5.0.240
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HotspotShield" = Hotspot Shield 2.06
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"iSofter DVD Audio Ripper Deluxe_is1" = iSofter DVD Audio Ripper Deluxe 3.0.2007.228
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.6.0 (Basic)
"Kobo" = Kobo
"LimeWire" = LimeWire 5.3.6
"Mahjong Towers Eternity" = Mahjong Towers Eternity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"McAfee Security Scan" = McAfee Security Scan Plus
"MediaCoder" = MediaCoder 0.7.2.4536
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"mIRC" = mIRC
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MSRS" = MSRS Recording System
"NVIDIA Drivers" = NVIDIA Drivers
"Pretty Good Solitaire_is1" = Pretty Good Solitaire version 12.0.1
"RealPlayer 12.0" = RealPlayer
"Recordpad" = RecordPad Sound Recorder
"Scribe" = Express Scribe
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spyware Doctor" = Spyware Doctor with AntiVirus 8.0
"Switch" = Switch Sound File Converter
"SystemRequirementsLab" = System Requirements Lab
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"uTorrent" = µTorrent
"VLC media player" = VLC media player 0.9.8a
"VRS" = VRS Recording System
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinZip Self-Extractor" = WinZip Self-Extractor
"Yahoo! Companion" = Yahoo! Barre d'outils
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-53930244-3333630975-3341998274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Neo Final Burn Alpha" = Neo Final Burn Alpha
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2011-10-01 08:38:17 | Computer Name = Linda-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Users\Linda\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
for one of the following reasons: there is a problem with the network connection,
the disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Windows Explorer because of
this error. Program: Windows Explorer File: C:\Users\Linda\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db

The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C000007F Disk
type: 3

Error - 2011-10-01 08:38:21 | Computer Name = Linda-PC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module thumbcache.dll, version 6.0.6001.18000, time stamp
0x4791a787, exception code 0xc0000006, fault offset 0x0000cc95, process id 0x724,
application start time 0x01cc8037008e6b80.

Error - 2011-10-01 08:38:21 | Computer Name = Linda-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Users\Linda\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
for one of the following reasons: there is a problem with the network connection,
the disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Windows Explorer because of
this error. Program: Windows Explorer File: C:\Users\Linda\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db

The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C000007F Disk
type: 3

Error - 2011-10-01 08:38:29 | Computer Name = Linda-PC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module thumbcache.dll, version 6.0.6001.18000, time stamp
0x4791a787, exception code 0xc0000006, fault offset 0x0000cc95, process id 0x1280,
application start time 0x01cc803704e0d5b0.

Error - 2011-10-01 08:38:29 | Computer Name = Linda-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Users\Linda\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
for one of the following reasons: there is a problem with the network connection,
the disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Windows Explorer because of
this error. Program: Windows Explorer File: C:\Users\Linda\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db

The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C000007F Disk
type: 3

Error - 2011-10-01 08:38:36 | Computer Name = Linda-PC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module thumbcache.dll, version 6.0.6001.18000, time stamp
0x4791a787, exception code 0xc0000006, fault offset 0x0000cc95, process id 0xda4,
application start time 0x01cc8037091f90d0.

Error - 2011-10-01 08:38:36 | Computer Name = Linda-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Users\Linda\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
for one of the following reasons: there is a problem with the network connection,
the disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Windows Explorer because of
this error. Program: Windows Explorer File: C:\Users\Linda\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db

The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C000007F Disk
type: 3

Error - 2011-10-01 08:39:33 | Computer Name = Linda-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module thumbcache.dll, version 6.0.6001.18000, time stamp
0x4791a787, exception code 0xc0000006, fault offset 0x0000cc95, process id 0x1408,
application start time 0x01cc80372a232a30.

Error - 2011-10-01 08:39:33 | Computer Name = Linda-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Users\Linda\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
for one of the following reasons: there is a problem with the network connection,
the disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Windows Explorer because of
this error. Program: Windows Explorer File: C:\Users\Linda\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db

The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C000007F Disk
type: 3

Error - 2011-10-01 08:39:42 | Computer Name = Linda-PC | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: Linda-PC\Linda Checkpoint ID: 7 Error Code: 0x80070070 Error
description: There is not enough space on the disk.

[ System Events ]
Error - 2012-01-14 22:30:00 | Computer Name = Linda-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 2012-01-14 22:30:02 | Computer Name = Linda-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 2012-01-14 22:33:42 | Computer Name = Linda-PC | Source = ACPI | ID = 327685
Description = AMLI: ACPI BIOS is attempting to write to an illegal IO port address
(0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to
system instability. Please contact your system vendor for technical assistance.

Error - 2012-01-14 22:33:42 | Computer Name = Linda-PC | Source = ACPI | ID = 327684
Description = AMLI: ACPI BIOS is attempting to read from an illegal IO port address
(0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to
system instability. Please contact your system vendor for technical assistance.

Error - 2012-01-14 22:35:39 | Computer Name = Linda-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2012-01-14 22:35:39 | Computer Name = Linda-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 2012-01-14 22:50:55 | Computer Name = Linda-PC | Source = nvstor32 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.

Error - 2012-01-14 23:05:43 | Computer Name = Linda-PC | Source = nvstor32 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.

Error - 2012-01-14 23:49:58 | Computer Name = Linda-PC | Source = nvstor32 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.

Error - 2012-01-14 23:49:59 | Computer Name = Linda-PC | Source = nvstor32 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.


< End of report >
  • 0

Advertisements


#11
Dark_Star_Qc

Dark_Star_Qc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 177 posts
The problem I had with Firefox seems to be OK. I will try testing it further tomorrow.
  • 0

#12
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
How is the computer performing now? What issues remain?

Was this the newest Extras.txt because it still shows some of the programs that you needed to uninstall still installed?
  • 0

#13
Dark_Star_Qc

Dark_Star_Qc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 177 posts
Yes, it's the latest.

About Uniblue Registry Booster, I would like more info. I paid for this program. Is it really necessary to uninstall??

I wouldn't mind uninstalling Limewire, but uTorrent I really want to keep. Is that a major problem?

The computer seems to be running fine... faster than before. There no longer seems to be any issues with Firefox.

However, looking at the extras log, I still see many errors:

[ System Events ]
Error - 2012-01-14 22:30:00 | Computer Name = Linda-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 2012-01-14 22:30:02 | Computer Name = Linda-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 2012-01-14 22:33:42 | Computer Name = Linda-PC | Source = ACPI | ID = 327685
Description = AMLI: ACPI BIOS is attempting to write to an illegal IO port address
(0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to
system instability. Please contact your system vendor for technical assistance.

Error - 2012-01-14 22:33:42 | Computer Name = Linda-PC | Source = ACPI | ID = 327684
Description = AMLI: ACPI BIOS is attempting to read from an illegal IO port address
(0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to
system instability. Please contact your system vendor for technical assistance.

Error - 2012-01-14 22:35:39 | Computer Name = Linda-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2012-01-14 22:35:39 | Computer Name = Linda-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 2012-01-14 22:50:55 | Computer Name = Linda-PC | Source = nvstor32 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.

Error - 2012-01-14 23:05:43 | Computer Name = Linda-PC | Source = nvstor32 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.

Error - 2012-01-14 23:49:58 | Computer Name = Linda-PC | Source = nvstor32 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.

Error - 2012-01-14 23:49:59 | Computer Name = Linda-PC | Source = nvstor32 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.


Is this a problem??

Thank you!
  • 0

#14
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts

About Uniblue Registry Booster, I would like more info. I paid for this program. Is it really necessary to uninstall??

The use of registry cleaners/boosters has been tested extensively and the evidence shows two things:

The best they can do is little or no help. The worst they can do is create errors (like you have) and even make a system unbootable. Please do not use this program. It and many others are sold all over the internet and in big box stores and they are not effective in solving real computer problems.


I wouldn't mind uninstalling Limewire, but uTorrent I really want to keep. Is that a major problem?


P2P Warning!:

IMPORTANT I have noticed that there are signs of Limewire and uTorrent P2P (Person to Person) File Sharing Programs on your computer.

As long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur.

Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
infoworld

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall Limewire and uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep them, please do not use either of them until your computer is cleaned.


In summary I would not use either registry cleaners or P2P programs due to the risk they create. The majority of the people that need help here have these and they are often the conduit to their problems but not always.



Is this a problem??

We need to verify you are clean and address some of this that is a real concern. I plan to complete the cleaning process first and then go into the repair portion following a successful cleaning.

I will be back shortly with the next steps for you.

CompCav
  • 0

#15
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Step 1.

Please re run Malwarebytes' Anti-Malware


  • Please update at the update tab, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.


Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



Step 2.

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Run ESET Online Scan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  • ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


Step 3.

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Step 4.

  • Double click on the Posted Image icon to run it.
  • Click the Quick Scan button. Post the log it produces in your next reply. The scan won't take long.


Step 6.

Please post:

mbam log
eset log
security check log
OTL.txt


Please give me an update on how your computer is doing!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP