[Resolved] my computer is scanning for open ports on other computers o

Welcome to your place for tech questions! ( Log In or Join today ) Get answers from experts today. (it's 100% free) Virus removal forum

What the Tech > Spyware / Malware / Virus Removal > Virus, Spyware & Malware Removal

[Resolved] my computer is scanning for open ports on other computers o

Options

scat-2006 View Member Profile	Mar 23 2010, 09:15 AM Post #1
New Member Group: Authentic Member Posts: 5 Joined: 9-March 06 Member No.: 51,539 Operating System: Windows Xp	As the title says: my computer is scanning for open ports on other computers on my home network My desktop computer: Windows Vista x64 What happens is on my other computers all running Bitdefender Internet Security 2009 I see a popup message that it has blocked a scan for open ports from the ip address of my desktop computer. Now on my desktop computer prior to coming here I have ran the following Bitdefender Antivirus - nothing showing port scans all OK Webroot Spy Sweeper 2010 - nothing showing port scans all OK and no Malware or anything just cookies and now I come here for some help and or advise, I have followed the Preparing for the Malware Removal Process and the results are as follows: had a error while trying to run DDS Error was This Tool does not support your operating system which is Vista x64 I have attached the results of GMER as file: Gmer.txt Thank you for any assistance or advise Scat Gmer.txt ( 2.28K ) Number of downloads: 189

patndoris View Member Profile	Mar 24 2010, 04:14 PM Post #2
SuperMember Group: Malware Team Posts: 2,552 Joined: 26-August 08 From: Maryland Member No.: 81,233 Operating System: Windows 7 Home Premium 64-bit Windows 7 Home Premium 32-bit Vista Home Premiium 32-bit / SP2 XP Professional SP3	Hello scat-2006 and My name is patndoris. I will be glad to take a look at your log and help you with solving any malware problems. It will be very helpful if you follow these guidelines: Malware logs are often lengthy and can take a lot of time to research and interpret. Please be patient while I review your logs. Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean. Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask! Please follow my instructions carefully and in the order they are posted. You may also find it helpful to print out the instructions you receive. Please do not run any scans or install/uninstall any applications or delete anything without being directed to do so. Remember, absence of symptoms does not mean the infection is all gone. Please stick with me till you're given the "all clear". Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post. Please reply within 3 days. If I do not hear back from you in that time frame, I will post a reminder for you. Topics with no reply in 4 days are closed! Please be advised I am still in training, and all of my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advice. This may cause a delay in response time, but I will do my best to keep it as short as possible. I will post back shortly with instructions.

patndoris View Member Profile	Mar 24 2010, 06:33 PM Post #3
SuperMember Group: Malware Team Posts: 2,552 Joined: 26-August 08 From: Maryland Member No.: 81,233 Operating System: Windows 7 Home Premium 64-bit Windows 7 Home Premium 32-bit Vista Home Premiium 32-bit / SP2 XP Professional SP3	Download and Run OTL Download OTL to your desktop. Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. Under the Custom Scan box paste this in: netsvcs %SYSTEMDRIVE%\.exe /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys nvrd32.sys symmpi.sys adp3132.sys mv61xx.sys /md5stop %systemroot%\. /mp /s CREATERESTOREPOINT %systemroot%\system32\.dll /lockedfiles %systemroot%\Tasks\.job /lockedfiles %systemroot%\system32\drivers\.sys /lockedfiles %systemroot%\System32\config\.sav Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

scat-2006 View Member Profile	Mar 25 2010, 03:15 AM Post #4
New Member Group: Authentic Member Posts: 5 Joined: 9-March 06 Member No.: 51,539 Operating System: Windows Xp	patndoris here are the reults for: OTL.Txt OTL logfile created on: 3/25/2010 4:56:32 AM - Run 1 OTL by OldTimer - Version 3.1.37.3 Folder = F:\from 98 machine\F_drive\All Data Saved here\My Desktop 64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 4.00 Gb Total Physical Memory \| 2.00 Gb Available Physical Memory \| 59.00% Memory free 8.00 Gb Paging File \| 6.00 Gb Available in Paging File \| 76.00% Paging File free Paging file location(s): c:\pagefile.sys 4603 4603 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 117.19 Gb Total Space \| 14.86 Gb Free Space \| 12.68% Space Free \| Partition Type: NTFS Drive D: \| 97.65 Gb Total Space \| 15.04 Gb Free Space \| 15.40% Space Free \| Partition Type: NTFS Drive E: \| 83.25 Gb Total Space \| 13.72 Gb Free Space \| 16.48% Space Free \| Partition Type: NTFS Drive F: \| 465.75 Gb Total Space \| 121.86 Gb Free Space \| 26.16% Space Free \| Partition Type: NTFS Drive G: \| 232.88 Gb Total Space \| 5.36 Gb Free Space \| 2.30% Space Free \| Partition Type: NTFS Drive H: \| 465.76 Gb Total Space \| 22.06 Gb Free Space \| 4.74% Space Free \| Partition Type: NTFS I: Drive not present or media not loaded Computer Name: DADS_DESKTOP Current User Name: BILL Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010/03/25 04:54:23 \| 000,555,520 \| ---- \| M] (OldTimer Tools) -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\OTL.exe PRC - [2009/08/14 20:19:44 \| 000,326,192 \| ---- \| M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe PRC - [2009/08/14 20:19:30 \| 000,399,920 \| ---- \| M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe PRC - [2009/08/14 20:19:24 \| 000,113,200 \| ---- \| M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe PRC - [2009/01/29 18:11:32 \| 000,052,392 \| ---- \| M] (Elaborate Bytes AG) -- C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe PRC - [2008/12/12 19:06:40 \| 000,642,856 \| ---- \| M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe PRC - [2008/12/12 19:06:40 \| 000,642,856 \| ---- \| M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe PRC - [2008/11/13 15:43:49 \| 000,204,800 \| ---- \| M] () -- C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe PRC - [2008/10/30 00:34:36 \| 000,027,136 \| ---- \| M] () -- C:\Program Files (x86)\EventGhost\EventGhost.exe PRC - [2008/06/10 02:21:01 \| 000,135,168 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Windows\SysWOW64\java.exe PRC - [2007/09/14 04:01:56 \| 000,492,600 \| ---- \| M] () -- C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe PRC - [2007/09/14 03:02:34 \| 000,905,056 \| ---- \| M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe PRC - [2007/09/14 02:55:30 \| 000,140,568 \| ---- \| M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2007/09/14 02:52:46 \| 002,595,480 \| ---- \| M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2007/07/19 18:54:48 \| 000,689,408 \| ---- \| M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe PRC - [2007/07/19 18:54:40 \| 000,656,640 \| ---- \| M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe PRC - [2006/12/19 10:30:26 \| 000,081,920 \| ---- \| M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe ========== Modules (SafeList) ========== MOD - [2010/03/25 04:54:23 \| 000,555,520 \| ---- \| M] (OldTimer Tools) -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\OTL.exe MOD - [2008/01/18 23:34:00 \| 000,450,048 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll MOD - [2008/01/18 23:26:36 \| 001,684,480 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010/03/21 23:50:10 \| 000,677,888 \| ---- \| M] (BitDefender SRL) [Auto \| Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV) SRV:64bit: - [2010/01/26 15:09:16 \| 001,486,088 \| ---- \| M] (Raxco Software, Inc.) [Auto \| Running] -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine) SRV:64bit: - [2010/01/26 15:09:14 \| 001,503,496 \| ---- \| M] (Raxco Software, Inc.) [Auto \| Running] -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent) SRV:64bit: - [2009/11/12 11:43:08 \| 002,609,632 \| ---- \| M] (BitDefender S. R. L.) [Auto \| Running] -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe -- (VSSERV) SRV:64bit: - [2009/11/09 09:45:00 \| 000,424,960 \| ---- \| M] () [On_Demand \| Running] -- C:\Windows\SysNative\inetsrv\iisw3adm.dll -- (WAS) SRV:64bit: - [2009/11/09 09:45:00 \| 000,424,960 \| ---- \| M] () [Auto \| Running] -- C:\Windows\SysNative\inetsrv\iisw3adm.dll -- (W3SVC) SRV:64bit: - [2009/08/13 22:15:40 \| 000,202,752 \| ---- \| M] () [Auto \| Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009/08/10 07:47:36 \| 000,412,672 \| ---- \| M] (S.C. BitDefender S.R.L) [On_Demand \| Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan) SRV:64bit: - [2009/05/26 22:29:54 \| 039,659,864 \| ---- \| M] (Microsoft Corporation) [Auto \| Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER) SRV:64bit: - [2009/05/26 22:29:32 \| 000,198,488 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe -- (MsDtsServer) SRV:64bit: - [2008/11/25 12:45:30 \| 000,426,336 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE -- (SQLSERVERAGENT) SRV:64bit: - [2008/11/25 12:45:30 \| 000,064,352 \| ---- \| M] (Microsoft Corporation) [Disabled \| Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) SRV:64bit: - [2008/07/29 14:20:28 \| 004,737,024 \| ---- \| M] (Microsoft Corporation) [Disabled \| Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90) SRV:64bit: - [2008/07/17 13:07:04 \| 000,143,360 \| ---- \| M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand \| Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe -- (Arrakis3) SRV:64bit: - [2008/05/12 12:51:32 \| 002,601,848 \| ---- \| M] (RealVNC Ltd.) [On_Demand \| Stopped] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4) SRV:64bit: - [2008/04/23 18:55:56 \| 000,098,488 \| ---- \| M] (SiSoftware) [Disabled \| Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII.SP2c\RpcAgentSrv.exe -- (SandraAgentSrv) SRV:64bit: - [2008/01/19 00:06:52 \| 000,383,544 \| ---- \| M] (Microsoft Corporation) [Auto \| Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2008/01/19 00:04:22 \| 000,252,928 \| ---- \| M] () [On_Demand \| Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService) SRV:64bit: - [2008/01/19 00:01:12 \| 000,598,016 \| ---- \| M] () [Auto \| Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService) SRV:64bit: - [2008/01/19 00:00:54 \| 000,195,584 \| ---- \| M] () [On_Demand \| Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2008/01/19 00:00:54 \| 000,058,368 \| ---- \| M] () [Auto \| Running] -- C:\Windows\SysNative\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV:64bit: - [2008/01/19 00:00:48 \| 000,012,288 \| ---- \| M] () [On_Demand \| Stopped] -- C:\Windows\SysNative\inetsrv\wmsvc.exe -- (WMSvc) SRV:64bit: - [2008/01/19 00:00:44 \| 001,147,904 \| ---- \| M] () [On_Demand \| Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine) SRV:64bit: - [2008/01/19 00:00:20 \| 000,015,872 \| ---- \| M] () [Auto \| Running] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN) SRV:64bit: - [2008/01/19 00:00:18 \| 000,689,152 \| ---- \| M] () [On_Demand \| Stopped] -- C:\Windows\SysNative\fxssvc.exe -- (Fax) SRV:64bit: - [2007/11/23 14:02:00 \| 000,131,072 \| ---- \| M] (Visioneer Inc.) [Disabled \| Stopped] -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe -- (OneTouch 4.0 Monitor) SRV:64bit: - [2007/06/22 11:51:32 \| 000,158,568 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe -- (msftesql) SRV:64bit: - [2006/10/21 12:38:20 \| 000,476,568 \| ---- \| M] () [On_Demand \| Stopped] -- C:\Windows\SysNative\DKabcoms.exe -- (dkab_device) SRV - [2009/11/09 09:20:24 \| 000,371,712 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2009/11/09 09:20:24 \| 000,371,712 \| ---- \| M] (Microsoft Corporation) [Auto \| Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2009/10/20 14:19:48 \| 000,117,264 \| ---- \| M] (CACE Technologies, Inc.) [On_Demand \| Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) SRV - [2009/08/14 20:19:44 \| 000,326,192 \| ---- \| M] (VMware, Inc.) [Auto \| Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2009/08/14 20:19:30 \| 000,399,920 \| ---- \| M] (VMware, Inc.) [Auto \| Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service) SRV - [2009/08/14 20:19:24 \| 000,113,200 \| ---- \| M] (VMware, Inc.) [Auto \| Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService) SRV - [2009/03/22 10:45:29 \| 000,651,720 \| ---- \| M] (Macrovision Europe Ltd.) [On_Demand \| Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009/01/21 14:08:06 \| 001,095,560 \| ---- \| M] (PC Tools) [On_Demand \| Stopped] -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe -- (sdCoreService) SRV - [2009/01/07 13:40:56 \| 000,348,752 \| ---- \| M] (PC Tools) [On_Demand \| Stopped] -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe -- (sdAuxService) SRV - [2008/12/12 19:06:40 \| 000,642,856 \| ---- \| M] (Cisco Systems, Inc.) [Auto \| Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice) SRV - [2008/12/01 11:49:02 \| 000,191,024 \| ---- \| M] (VMware, Inc.) [On_Demand \| Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60) SRV - [2008/11/13 15:43:49 \| 000,204,800 \| ---- \| M] () [Auto \| Running] -- C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater) SRV - [2008/10/25 12:44:08 \| 000,065,888 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2008/07/27 14:01:49 \| 000,093,184 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64) SRV - [2008/01/18 23:33:44 \| 000,052,224 \| ---- \| M] (Microsoft Corporation) [Auto \| Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2007/09/14 04:01:56 \| 000,492,600 \| ---- \| M] () [Auto \| Running] -- C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService) SRV - [2007/09/14 02:55:52 \| 000,599,320 \| ---- \| M] (Acronis) [Auto \| Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2007/07/19 18:54:48 \| 000,689,408 \| ---- \| M] (American Power Conversion Corporation) [Auto \| Running] -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service) SRV - [2006/12/19 10:30:26 \| 000,081,920 \| ---- \| M] (Prolific Technology Inc.) [Auto \| Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service) SRV - [2006/11/02 09:34:14 \| 000,000,000 \| ---D \| M] [Unknown \| Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC) SRV - [2006/11/02 02:35:15 \| 000,060,994 \| ---- \| M] () [On_Demand \| Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds) SRV - [2006/11/02 02:35:15 \| 000,055,846 \| ---- \| M] () [On_Demand \| Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS) SRV - [2006/10/21 12:38:24 \| 000,508,824 \| ---- \| M] ( ) [On_Demand \| Stopped] -- C:\Windows\SysWow64\DKabcoms.exe -- (dkab_device) SRV - [2006/07/26 11:29:56 \| 003,857,408 \| ---- \| M] (Network Automation, Inc.) [On_Demand \| Stopped] -- C:\Program Files (x86)\AutoMate 6\AMTS.exe -- (AutoMate6) SRV - [2005/11/14 01:06:04 \| 000,069,632 \| ---- \| M] (Macrovision Corporation) [On_Demand \| Stopped] -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = .local FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\tbextension\ [2009/03/19 05:49:38 \| 000,000,000 \| ---D \| M] Hosts file not found O2:64bit:* - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItBHO64.dll (TechSmith Corporation) O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation) O2 - BHO: (FlpLauncher Class) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files (x86)\E-Book Systems\FlipAlbum 5 Pro\FpLaunch.dll () O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Catcher Class) - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files (x86)\Moyea\FLV Downloader\MoyeaCth.dll (Moyea Software Co., Ltd.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Create 5\bin\ZeonIEFavClient.dll (Zeon Corporation) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll (Bitdefender) O3:64bit: - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItIEAddin64.dll (TechSmith Corporation) O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\Antispam32\IEToolbar.dll (Bitdefender) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation) O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Create 5\bin\ZeonIEFavClient.dll (Zeon Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.) O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe (BitDefender) O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper 32] C:\Program Files\BitDefender\BitDefender 2009\Antispam32\IEShow.exe (BitDefender) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) O4 - HKCU..\Run: [mount.exe] C:\Program Files (x86)\GiPo@Utilities\FileUtilities.3\mount.exe (Gibin Software House (http://www.gibinsoft.net)) O4 - Startup: C:\Users\BILL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE () O4 - Startup: C:\Users\BILL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EventGhost.lnk = C:\Program Files (x86)\EventGhost\EventGhost.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\AdvancedOptions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8:64bit: - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Append to existing PDF file - C:\Program Files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Create PDF file - C:\Program Files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8:64bit: - Extra context menu item: Create PDF file from the content of the link - C:\Program Files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8:64bit: - Extra context menu item: Create PDF files from the selected links - C:\Program Files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append to existing PDF file - C:\Program Files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Create PDF file - C:\Program Files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: Create PDF file from the content of the link - C:\Program Files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: Create PDF files from the selected links - C:\Program Files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\wpclsp.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\wpclsp.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\wpclsp.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\wpclsp.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\wpclsp.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\wpclsp.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\wpclsp.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\wpclsp.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\SysNative\wpclsp.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} http://newhorizons.measureup.com/testauth/icaweb.cab (Citrix ICA Client) O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/sit...b?1268657164146 (MUCatalogWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/B/3...44/igdtoolx.cab (IGDTester Class) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ipp - No CLSID value found O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.) O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll () O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems Incorporated) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\M-M Susan-2b.jpg O24 - Desktop BackupWallPaper: C:\Windows\M-M Susan-2b.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll () O30:64bit: - LSA: Authentication Packages - (tive\Contr.com) - File not found O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis) O30 - LSA: Authentication Packages - (m32\wltrysvc.e) - File not found O30:64bit: - LSA: Security Packages - (RVER\90\TOOLS\BINN\VSSHELL\COMMON7\ID) - File not found O30 - LSA: Security Packages - (ges - (RVER\90\TOOLS\BINN\VSSHELL\COM) - File not found O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{42a6d868-1587-11de-bfce-001d7de6e5f3}\Shell - "" = AutoRun O33 - MountPoints2\{42a6d868-1587-11de-bfce-001d7de6e5f3}\Shell\AutoRun\command - "" = I:\hbcd\wintools\autorun.exe -- File not found O33 - MountPoints2\{42a6d868-1587-11de-bfce-001d7de6e5f3}\Shell\Option1\Command - "" = I:\hbcd\wintools\autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk OODBSOODBS) - File not found O34 - HKLM BootExecute: (PDBoot.exe) - File not found O35:64bit:* - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2008/06/01 04:04:47 \| 000,000,000 \| ---D \| M] NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll () NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll () NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll () NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008/06/01 04:05:01 \| 000,000,000 \| ---D \| M] NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation) OTL cannot create restorepoints on Vista OSs! ========== Files/Folders - Created Within 14 Days ========== [2010/03/25 04:54:23 \| 000,555,520 \| ---- \| C] (OldTimer Tools) -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\OTL.exe [2010/03/23 10:16:05 \| 000,000,000 \| ---D \| C] -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\Are you Infected [2010/03/23 08:55:45 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Trend Micro [2010/03/23 08:13:00 \| 000,000,000 \| ---D \| C] -- F:\from 98 machine\F_drive\All Data Saved here\My Documents\WireShark results [2010/03/23 07:33:44 \| 000,000,000 \| ---D \| C] -- C:\Users\BILL\AppData\Roaming\Wireshark [2010/03/23 07:31:43 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\WinPcap [2010/03/23 07:31:03 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Wireshark [2010/03/22 14:30:15 \| 000,000,000 \| -HSD \| C] -- C:\Config.Msi [2010/03/20 05:10:50 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\ElcomSoft [2010/03/18 13:25:44 \| 000,000,000 \| ---D \| C] -- F:\from 98 machine\F_drive\All Data Saved here\My Documents\OneNote Notebooks [2010/03/17 06:53:57 \| 000,000,000 \| ---D \| C] -- C:\Users\BILL\AppData\Roaming\EventGhost [2010/03/13 06:36:42 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\MSSOAP [2010/03/13 06:36:42 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Common Files\MSSoap [2010/03/13 06:36:16 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Webroot [2010/03/13 06:12:17 \| 000,000,000 \| ---D \| C] -- C:\Users\BILL\AppData\Local\VS Revo Group [2008/11/05 18:50:21 \| 000,018,944 \| ---- \| C] ( ) -- C:\Windows\SysWow64\IMPLODE.DLL [2008/08/21 04:42:40 \| 000,614,400 \| ---- \| C] ( ) -- C:\Windows\SysWow64\DKabcomc.dll [2008/08/21 04:42:40 \| 000,421,888 \| ---- \| C] ( ) -- C:\Windows\SysWow64\DKabcomm.dll [2008/08/21 04:42:40 \| 000,163,840 \| ---- \| C] ( ) -- C:\Windows\SysWow64\DKabprox.dll [2008/07/06 11:29:42 \| 000,082,816 \| ---- \| C] (VSO Software) -- C:\Users\BILL\AppData\Roaming\pcouffin.sys [18 C:\ProgramData\.tmp files -> C:\ProgramData\.tmp -> ] [18 C:\ProgramData\.tmp files -> C:\ProgramData\.tmp -> ] [1 C:\Windows\SysNative\.tmp files -> C:\Windows\SysNative\.tmp -> ] [1 C:\Windows\.tmp files -> C:\Windows\.tmp -> ] [1 C:\Users\BILL\AppData\Local\.tmp files -> C:\Users\BILL\AppData\Local\.tmp -> ] ========== Files - Modified Within 14 Days ========== [2010/03/25 04:56:40 \| 005,767,168 \| ---- \| M] () -- C:\Users\BILL\ntuser.dat [2010/03/25 04:56:01 \| 000,000,289 \| ---- \| M] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\my computer is scanning for open ports on other computers on my home n.url [2010/03/25 04:54:23 \| 000,555,520 \| ---- \| M] (OldTimer Tools) -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\OTL.exe [2010/03/25 04:46:32 \| 000,000,432 \| -H-- \| M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D9282B69-8712-430E-B6C4-6FCA8BCB5DF0}.job [2010/03/25 04:41:11 \| 000,067,584 \| --S- \| M] () -- C:\Windows\bootstat.dat [2010/03/24 18:09:14 \| 000,952,458 \| ---- \| M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010/03/24 18:09:14 \| 000,785,150 \| ---- \| M] () -- C:\Windows\SysNative\perfh009.dat [2010/03/24 18:09:14 \| 000,167,664 \| ---- \| M] () -- C:\Windows\SysNative\perfc009.dat [2010/03/24 18:04:09 \| 000,005,344 \| -H-- \| M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/03/24 18:04:09 \| 000,005,344 \| -H-- \| M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/03/24 18:04:08 \| 000,000,006 \| -H-- \| M] () -- C:\Windows\tasks\SA.DAT [2010/03/24 18:03:53 \| 4293,382,144 \| -HS- \| M] () -- C:\hiberfil.sys [2010/03/24 06:11:56 \| 000,000,215 \| ---- \| M] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\Problem Accessing File System for Playback - SageTV Community.url [2010/03/23 10:54:16 \| 000,081,984 \| ---- \| M] () -- C:\Windows\SysNative\bdod.bin [2010/03/23 10:54:14 \| 000,524,288 \| -HS- \| M] () -- C:\Users\BILL\ntuser.dat{54717b19-665d-11de-be51-005056c00008}.TMContainer00000000000000000001.regtrans-ms [2010/03/23 10:54:14 \| 000,065,536 \| -HS- \| M] () -- C:\Users\BILL\ntuser.dat{54717b19-665d-11de-be51-005056c00008}.TM.blf [2010/03/23 10:54:12 \| 004,818,981 \| -H-- \| M] () -- C:\Users\BILL\AppData\Local\IconCache.db [2010/03/22 09:34:53 \| 000,002,517 \| ---- \| M] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\Microsoft Office Word 2007.lnk [2010/03/22 04:56:27 \| 000,000,156 \| ---- \| M] () -- C:\Windows\Twunk001.MTX [2010/03/22 04:56:27 \| 000,000,003 \| ---- \| M] () -- C:\Windows\Twain001.Mtx [2010/03/22 04:41:35 \| 000,000,510 \| ---- \| M] () -- C:\Windows\SysNative\BDUpdateV1.xml [2010/03/21 05:34:46 \| 000,000,145 \| ---- \| M] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\EventGhost • View topic - Change 'Playback Devices' in Control Panel (Sound).url [2010/03/20 14:22:53 \| 000,000,242 \| ---- \| M] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\Newegg.com - GIGABYTE GA-P55-UD5 LGA 1156 Intel P55 ATX Intel Motherboard - Intel Motherboards.url [2010/03/20 14:22:36 \| 000,000,280 \| ---- \| M] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\Newegg.com - Intel Core i7-860 Lynnfield 2.8GHz 8MB L3 Cache LGA 1156 95W Quad-Core Processor - Processors - Desktops.url [2010/03/20 06:30:46 \| 000,003,959 \| ---- \| M] () -- F:\from 98 machine\F_drive\All Data Saved here\My Documents\WINDOWS SERVER 2008 PSWD RECOVERY.vmd5 [2010/03/20 06:30:07 \| 000,000,518 \| ---- \| M] () -- C:\Windows\pwc61.INI [2010/03/20 05:19:34 \| 000,000,291 \| ---- \| M] () -- C:\Users\BILL\AppData\Roaming\default.pwcfg [2010/03/20 05:19:33 \| 000,000,291 \| ---- \| M] () -- F:\from 98 machine\F_drive\All Data Saved here\My Documents\ba.pwcfg [2010/03/20 05:12:49 \| 000,000,068 \| ---- \| M] () -- C:\Windows\Awpr.ini [2010/03/19 04:33:22 \| 000,000,069 \| ---- \| M] () -- C:\Windows\NeroDigital.ini [2010/03/19 04:33:17 \| 000,045,056 \| ---- \| M] () -- C:\Users\BILL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/03/18 14:23:41 \| 000,000,182 \| ---- \| M] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\System & security software ElcomSoft System Recovery Forgot administrator password Replace or recover it.url [2010/03/17 12:25:59 \| 000,000,850 \| ---- \| M] () -- C:\Users\BILL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EventGhost.lnk [2010/03/16 07:48:20 \| 000,000,214 \| ---- \| M] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\Learn Scripting.url [2010/03/13 07:50:24 \| 000,000,237 \| ---- \| M] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\LOT 2 Logitech Harmony 880 LCD Universal Remote Control - eBay (item 220503065892 end time Mar-29-10 111702 PDT).url [2010/03/13 06:36:11 \| 000,000,164 \| ---- \| M] () -- C:\Windows\install.dat [2010/03/13 04:56:49 \| 027,635,135 \| ---- \| M] () -- C:\Program Files (x86)\EventGhost.zip [18 C:\ProgramData\.tmp files -> C:\ProgramData\.tmp -> ] [18 C:\ProgramData\.tmp files -> C:\ProgramData\.tmp -> ] [1 C:\Windows\SysNative\.tmp files -> C:\Windows\SysNative\.tmp -> ] [1 C:\Windows\.tmp files -> C:\Windows\.tmp -> ] [1 C:\Users\BILL\AppData\Local\.tmp files -> C:\Users\BILL\AppData\Local\.tmp -> ] ========== Files Created - No Company Name ========== [2010/03/25 04:56:01 \| 000,000,289 \| ---- \| C] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\my computer is scanning for open ports on other computers on my home n.url [2010/03/24 06:11:56 \| 000,000,215 \| ---- \| C] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\Problem Accessing File System for Playback - SageTV Community.url [2010/03/23 07:31:10 \| 000,357,758 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_vcredistMSI5CE0.txt [2010/03/23 07:31:10 \| 000,018,046 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_vcredistUI5CE0.txt [2010/03/21 05:34:46 \| 000,000,145 \| ---- \| C] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\EventGhost • View topic - Change 'Playback Devices' in Control Panel (Sound).url [2010/03/20 14:22:52 \| 000,000,242 \| ---- \| C] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\Newegg.com - GIGABYTE GA-P55-UD5 LGA 1156 Intel P55 ATX Intel Motherboard - Intel Motherboards.url [2010/03/20 14:22:36 \| 000,000,280 \| ---- \| C] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\Newegg.com - Intel Core i7-860 Lynnfield 2.8GHz 8MB L3 Cache LGA 1156 95W Quad-Core Processor - Processors - Desktops.url [2010/03/20 06:30:46 \| 000,003,959 \| ---- \| C] () -- F:\from 98 machine\F_drive\All Data Saved here\My Documents\WINDOWS SERVER 2008 PSWD RECOVERY.vmd5 [2010/03/20 05:19:34 \| 000,000,291 \| ---- \| C] () -- C:\Users\BILL\AppData\Roaming\default.pwcfg [2010/03/20 05:19:33 \| 000,000,291 \| ---- \| C] () -- F:\from 98 machine\F_drive\All Data Saved here\My Documents\ba.pwcfg [2010/03/20 05:18:08 \| 000,000,518 \| ---- \| C] () -- C:\Windows\pwc61.INI [2010/03/20 05:06:27 \| 000,000,068 \| ---- \| C] () -- C:\Windows\Awpr.ini [2010/03/18 14:23:41 \| 000,000,182 \| ---- \| C] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\System & security software ElcomSoft System Recovery Forgot administrator password Replace or recover it.url [2010/03/17 13:13:24 \| 000,142,848 \| ---- \| C] () -- C:\Windows\SysNative\drivers\ArcHlp.sys [2010/03/17 12:25:59 \| 000,000,850 \| ---- \| C] () -- C:\Users\BILL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EventGhost.lnk [2010/03/16 08:28:48 \| 000,330,056 \| ---- \| C] () -- C:\Windows\SysNative\ftd2xx.dll [2010/03/16 08:28:48 \| 000,069,192 \| ---- \| C] () -- C:\Windows\SysNative\drivers\ftdibus.sys [2010/03/16 07:48:20 \| 000,000,214 \| ---- \| C] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\Learn Scripting.url [2010/03/13 07:46:26 \| 000,000,237 \| ---- \| C] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\LOT 2 Logitech Harmony 880 LCD Universal Remote Control - eBay (item 220503065892 end time Mar-29-10 111702 PDT).url [2010/03/13 06:27:28 \| 000,000,164 \| ---- \| C] () -- C:\Windows\install.dat [2010/03/13 04:56:49 \| 027,635,135 \| ---- \| C] () -- C:\Program Files (x86)\EventGhost.zip [2010/02/25 08:09:16 \| 000,032,139 \| ---- \| C] () -- C:\Windows\maxlink.ini [2009/10/20 14:19:30 \| 000,053,299 \| ---- \| C] () -- C:\Windows\SysWow64\pthreadVC.dll [2009/10/17 07:21:50 \| 000,084,480 \| ---- \| C] () -- C:\Windows\SysWow64\ff_vfw.dll [2009/10/17 07:20:40 \| 000,093,696 \| ---- \| C] () -- C:\Users\BILL\AppData\Roaming\ezpinst.exe [2009/10/17 05:35:47 \| 000,237,568 \| ---- \| C] () -- C:\Windows\SysWow64\rmc_rtspdl.dll [2009/08/24 09:09:11 \| 000,000,281 \| ---- \| C] () -- C:\Windows\{48C879AA-DF3C-4638-907D-9412730F7A6F}_WiseFW.ini [2009/08/19 12:23:53 \| 000,233,202 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_ATL90SP1_KB973924MSI502F.txt [2009/08/19 12:23:53 \| 000,011,706 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_ATL90SP1_KB973924UI502F.txt [2009/08/19 12:20:11 \| 000,563,842 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_ATL80SP1_KB973923MSI4D57.txt [2009/08/19 12:20:10 \| 000,011,684 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_ATL80SP1_KB973923UI4D57.txt [2009/08/19 12:19:49 \| 000,576,528 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_ATL80SP1_KB973923MSI4D0F.txt [2009/08/19 12:19:48 \| 000,011,780 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_ATL80SP1_KB973923UI4D0F.txt [2009/03/30 09:59:15 \| 000,000,680 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\d3d9caps.dat [2009/03/28 07:29:22 \| 000,000,734 \| ---- \| C] () -- C:\Windows\graphedt.INI [2009/03/04 09:30:43 \| 048,198,582 \| ---- \| C] () -- C:\Program Files (x86)\SageTV.zip [2009/01/28 09:40:01 \| 000,194,178 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_SqlPubWiz.msi5DC5.txt [2009/01/28 09:39:56 \| 000,746,050 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_SSCEDeviceRuntime_MSI5DB5.txt [2009/01/28 09:39:53 \| 000,342,216 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_SQLCEToolsForVS2007_MSI5DAB.txt [2009/01/28 09:34:20 \| 028,326,790 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\VSMsiLog596B.txt [2009/01/28 09:13:42 \| 018,490,298 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\VSMsiLog49A1.txt [2009/01/06 08:45:19 \| 000,341,814 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_VC_i64RuntimeMSI7CFA.txt [2009/01/06 08:45:19 \| 000,011,402 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_VC_i64RuntimeUI7CFA.txt [2009/01/06 08:45:08 \| 000,526,982 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_VC_x64RuntimeMSI7CD6.txt [2009/01/06 08:45:08 \| 000,011,480 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_VC_x64RuntimeUI7CD6.txt [2009/01/06 08:44:59 \| 000,451,776 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_VC_x86RuntimeMSI7CB9.txt [2009/01/06 08:44:59 \| 000,011,448 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_VC_x86RuntimeUI7CB9.txt [2009/01/06 08:26:58 \| 000,193,784 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_SqlPubWiz.msi6EEF.txt [2009/01/06 08:26:57 \| 000,286,730 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_WinSDK_RefInt_x64_MSI6EEC.txt [2009/01/06 08:26:53 \| 000,559,514 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_WinSDK_NetFxTools_x64_MSI6EDF.txt [2009/01/06 08:26:50 \| 000,655,650 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_WinSDK_Tools_x64_MSI6ED5.txt [2009/01/06 08:26:46 \| 000,549,266 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_RDBG_AMD64_MSI6EC8.txt [2009/01/06 08:26:44 \| 000,302,186 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_64bitEmulator_MSI6EC1.txt [2009/01/06 08:26:26 \| 005,183,670 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_WMSP_5_0_MSI6E86.txt [2009/01/06 08:25:54 \| 007,098,042 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_WMPPC_5_0_MSI6E1E.txt [2009/01/06 08:25:49 \| 000,745,656 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_SSCEDeviceRuntime_MSI6E0E.txt [2009/01/06 08:25:46 \| 000,340,544 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_SQLCEToolsForVS2007_MSI6E04.txt [2009/01/06 08:25:40 \| 000,362,630 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_SSCERuntime_MSI6DF0.txt [2009/01/06 08:24:38 \| 000,876,868 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_VSTOR_MSI6D26.txt [2009/01/06 08:24:22 \| 001,058,142 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_NETCFSetupv35_MSI6CF2.txt [2009/01/06 08:24:15 \| 001,024,972 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_NETCFSetupv2_MSI6CDB.txt [2009/01/06 08:18:59 \| 028,422,402 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\VSMsiLog68D3.txt [2009/01/06 08:17:24 \| 002,894,176 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_Dexplorer90_retMSI679D.txt [2009/01/06 08:17:22 \| 000,363,888 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_PreReq_AMD64_MSI6796.txt [2009/01/06 08:17:18 \| 000,882,738 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_VC_MinRed_MSI6789.txt [2009/01/06 08:13:30 \| 000,561,264 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_depcheck_VS_PRO_90.txt [2009/01/06 08:13:27 \| 001,410,784 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_install_vs_procore_90.txt [2009/01/06 08:13:27 \| 000,000,040 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_error_vs_procore_90.txt [2009/01/06 07:30:31 \| 000,456,154 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_rdbgexp64_80MSI43B4.txt [2009/01/06 07:30:29 \| 000,017,232 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_rdbgexp64_80UI43B4.txt [2009/01/06 07:28:22 \| 006,478,448 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\VSMsiLog4215.txt [2008/11/28 11:25:03 \| 000,338,058 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_SharedManagementObjects_MSI100C.txt [2008/11/28 11:25:00 \| 000,172,810 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_SQLSysClrTypes_msi1002.txt [2008/11/28 11:21:50 \| 012,150,430 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\VSMsiLog0D96.txt [2008/11/28 11:20:36 \| 000,149,946 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_WinSDK_VWDTools_x64_MSI0CA4.txt [2008/11/28 11:20:31 \| 001,228,318 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_ExpRemoteDbg_x64_MSI0C94.txt [2008/11/28 11:19:24 \| 002,483,440 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_NET_Framework35_x64_MSI0BB9.txt [2008/11/28 11:08:36 \| 000,200,298 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_depcheck_NETFX_EXP_35.txt [2008/11/28 11:08:35 \| 000,205,528 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_dotnetfx35install.txt [2008/11/28 11:08:35 \| 000,000,002 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_dotnetfx35error.txt [2008/11/28 11:08:22 \| 000,421,630 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_VC_Red_MSI0347.txt [2008/11/28 11:01:41 \| 000,213,641 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_depcheck_VNS_EXP_90.txt [2008/11/28 11:01:37 \| 000,813,736 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_install_vns_xcor_90.txt [2008/11/28 11:01:37 \| 000,318,300 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\uxeventlog.txt [2008/11/28 11:01:37 \| 000,000,002 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\dd_error_vns_xcor_90.txt [2008/11/06 05:34:51 \| 000,097,802 \| ---- \| C] () -- C:\Windows\SysWow64\Crp32dll.dll [2008/11/05 18:58:45 \| 000,000,092 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\fusioncache.dat [2008/11/05 18:54:50 \| 000,000,063 \| ---- \| C] () -- C:\Windows\SysWow64\behami.DLL [2008/11/05 18:51:24 \| 000,968,686 \| ---- \| C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2008/11/05 18:50:51 \| 000,000,252 \| ---- \| C] () -- C:\Windows\miisec.ini [2008/11/05 18:50:21 \| 000,748,160 \| ---- \| C] () -- C:\Windows\SysWow64\CO2C40EN.DLL [2008/11/05 18:50:21 \| 000,027,136 \| ---- \| C] () -- C:\Windows\SysWow64\u2lsamp1.dll [2008/11/05 18:49:59 \| 000,245,760 \| ---- \| C] () -- C:\Windows\SysWow64\OptiSEC.dll [2008/11/05 18:49:59 \| 000,000,195 \| ---- \| C] () -- C:\Windows\optisec.ini [2008/11/05 18:49:08 \| 000,000,122 \| ---- \| C] () -- C:\Windows\MiiLink.ini [2008/08/18 04:18:02 \| 007,118,848 \| ---- \| C] () -- C:\ProgramData\sandra.mda [2008/08/09 05:03:27 \| 000,027,648 \| ---- \| C] () -- C:\Windows\SysWow64\sfppm.dll [2008/07/27 03:02:52 \| 000,000,668 \| ---- \| C] () -- C:\Users\BILL\AppData\Roaming\vso_ts_preview.xml [2008/07/22 06:32:25 \| 000,000,289 \| ---- \| C] () -- C:\Windows\IfoEdit.INI [2008/07/22 03:47:45 \| 000,000,125 \| -HS- \| C] () -- C:\ProgramData\.zreglib [2008/07/19 16:09:07 \| 000,000,069 \| ---- \| C] () -- C:\Windows\NeroDigital.ini [2008/07/18 03:30:26 \| 000,007,867 \| ---- \| C] () -- C:\Windows\Irremote.ini [2008/07/13 06:41:54 \| 000,000,000 \| ---- \| C] () -- C:\Windows\oodcnt.INI [2008/07/12 06:28:37 \| 000,000,420 \| RHS- \| C] () -- C:\ProgramData\ntuser.pol [2008/07/12 03:09:45 \| 000,000,895 \| ---- \| C] () -- C:\Windows\ODBC.INI [2008/07/11 19:04:48 \| 000,241,664 \| ---- \| C] () -- C:\Windows\SysWow64\uuirtdrv.dll [2008/07/07 05:36:39 \| 000,000,047 \| ---- \| C] () -- C:\Windows\SysWow64\veolx32n.dll [2008/07/07 04:27:55 \| 000,009,728 \| ---- \| C] () -- C:\Windows\SysWow64\BASSMOD.dll [2008/07/06 11:29:57 \| 000,000,034 \| ---- \| C] () -- C:\Users\BILL\AppData\Roaming\pcouffin.log [2008/07/06 11:29:42 \| 000,099,384 \| ---- \| C] () -- C:\Users\BILL\AppData\Roaming\inst.exe [2008/07/06 11:29:42 \| 000,007,859 \| ---- \| C] () -- C:\Users\BILL\AppData\Roaming\pcouffin.cat [2008/07/06 11:29:42 \| 000,001,167 \| ---- \| C] () -- C:\Users\BILL\AppData\Roaming\pcouffin.inf [2008/07/06 11:00:53 \| 000,490,865 \| ---- \| C] () -- C:\Windows\SysWow64\amnau32.dll [2008/07/06 06:08:42 \| 000,000,121 \| ---- \| C] () -- C:\Windows\bdagent.INI [2008/06/01 07:21:36 \| 000,045,056 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/06/01 03:31:57 \| 000,368,640 \| ---- \| C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2008/06/01 03:31:14 \| 000,060,124 \| ---- \| C] () -- C:\Windows\SysWow64\tcpmon.ini [2008/05/31 07:25:35 \| 000,000,010 \| ---- \| C] () -- C:\Windows\GSetup.ini [2008/05/31 07:12:00 \| 000,000,732 \| ---- \| C] () -- C:\Users\BILL\AppData\Local\d3d9caps64.dat [2008/05/04 13:08:55 \| 000,020,480 \| ---- \| C] () -- C:\Windows\SysWow64\CPUINFO2.DLL [2004/01/30 09:37:50 \| 000,000,092 \| R--- \| C] () -- C:\Windows\SysWow64\FTDIUN2K.INI [2002/10/11 16:21:46 \| 000,024,576 \| R--- \| C] () -- C:\Windows\SysWow64\FixP4.dll [2002/08/26 21:05:44 \| 000,045,056 \| R--- \| C] () -- C:\Windows\SysWow64\ksProptyUtl.dll [2002/03/01 14:43:34 \| 000,028,008 \| ---- \| C] () -- C:\Windows\SysWow64\SUSUSB.SYS [2001/12/03 16:50:58 \| 000,147,456 \| R--- \| C] () -- C:\Windows\SysWow64\LTTLS13N.DLL [2001/12/03 16:50:20 \| 000,708,608 \| R--- \| C] () -- C:\Windows\SysWow64\LTCRY13N.DLL [2001/09/21 06:00:38 \| 000,040,960 \| ---- \| C] () -- C:\Windows\SysWow64\InTouchViewer.dll [2001/09/21 05:59:38 \| 000,094,208 \| ---- \| C] () -- C:\Windows\SysWow64\InTouchCOMClient.dll [2001/09/17 09:49:22 \| 000,421,888 \| R--- \| C] () -- C:\Windows\SysWow64\XMLParser.dll [2001/09/17 09:49:20 \| 000,573,440 \| R--- \| C] () -- C:\Windows\SysWow64\dbsock.dll [2001/09/17 09:49:20 \| 000,118,784 \| R--- \| C] () -- C:\Windows\SysWow64\Transport.dll [2001/09/17 09:48:54 \| 000,503,808 \| R--- \| C] () -- C:\Windows\SysWow64\lt_xtrans.dll [2001/09/17 09:48:54 \| 000,286,720 \| R--- \| C] () -- C:\Windows\SysWow64\MrSIDD.dll [2001/09/17 09:48:54 \| 000,163,840 \| R--- \| C] () -- C:\Windows\SysWow64\lt_common.dll [2001/09/17 09:48:54 \| 000,126,976 \| R--- \| C] () -- C:\Windows\SysWow64\lt_trans.dll [2001/09/17 09:48:54 \| 000,069,632 \| R--- \| C] () -- C:\Windows\SysWow64\lt_meta.dll [2001/09/17 09:48:54 \| 000,053,248 \| R--- \| C] () -- C:\Windows\SysWow64\lt_encrypt.dll [2001/09/17 09:48:54 \| 000,020,480 \| R--- \| C] () -- C:\Windows\SysWow64\lt_messagetext.dll [2001/09/17 09:48:52 \| 000,006,688 \| R--- \| C] () -- C:\Windows\SysWow64\Digita.sys [2001/09/17 09:48:48 \| 000,049,152 \| R--- \| C] () -- C:\Windows\SysWow64\TransportUSB.dll [2001/09/17 09:48:48 \| 000,049,152 \| R--- \| C] () -- C:\Windows\SysWow64\TransportSerial.dll [2001/09/17 09:48:48 \| 000,049,152 \| R--- \| C] () -- C:\Windows\SysWow64\TransportIrDA.dll [2001/09/17 09:48:48 \| 000,049,152 \| R--- \| C] () -- C:\Windows\SysWow64\TransportIrCOMM.dll [2000/07/07 06:49:30 \| 000,069,120 \| R--- \| C] () -- C:\Windows\SysWow64\LTDLL.DLL [2000/04/12 16:28:12 \| 000,118,784 \| R--- \| C] () -- C:\Windows\SysWow64\LFKODAK.DLL [2000/04/12 16:24:10 \| 000,338,944 \| R--- \| C] () -- C:\Windows\SysWow64\LFFPX7.DLL [1999/05/26 19:13:14 \| 000,160,256 \| ---- \| C] () -- C:\Windows\SysWow64\Mase32.dll [1999/05/26 19:12:28 \| 000,060,928 \| ---- \| C] () -- C:\Windows\SysWow64\Ma32.dll [1999/01/22 14:46:58 \| 000,065,536 \| ---- \| C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL ========== LOP Check ========== [2010/03/10 11:52:38 \| 000,000,000 \| ---D \| M] -- C:\Users\BILL\AppData\Roaming\.oit [2008/07/07 03:46:08 \| 000,000,000 \| ---D \| M] -- C:\Users\BILL\AppData\Roaming\ACD Systems [2008/11/09 04:52:06 \| 000,000,000 \| ---D \| M] -- C:\Users\BILL\AppData\Roaming\Acronis [2008/12/30 11:21:55 \| 000,000,000 \| ---D \| M] -- C:\Users\BILL\AppData\Roaming\BitDefender [2010/02/27 07:47:09 \| 000,000,000 \| ---D \| M] -- C:\Users\BILL\AppData\Roaming\Canon [2009/05/12 16:49:16 \| 000,000,000 \| ---D \| M] -- C:\Users\BILL\AppData\Roaming\Certblaster [2009/03/20 15:48:59 \| 000,000,000 \| ---D \| M] -- C:\Users\BILL\AppData\Roaming\DAEMON Tools [2009/03/20 16:03:00 \| 000,000,000 \| ---D \| M] -- C:\Users\BILL\AppData\Roaming\DAEMON Tools Lite [2009/03/20 16:53:35 \| 000,000,000 \| ---D \| M] -- C:\Users\BILL\AppData\Roaming\DAEMON Tools Pro [2009/10/22 11:00:33 \| 000,000,000 \| ---D \| M] -- C:\Users\BILL\AppData\Roaming\DVD Profiler [2008/11/28 06:53:10 \| 000,000,000 \| ---D \| M] -- C:\Users\BILL\AppData\Roaming\DVDFab [2008/07/06 06:37:07 \| 000,000,000 \| ---D \| M] -- C:\Users\BILL\AppData\Roaming\EA7Backup [2008/07/07 05:36:03 \| 000,000,000 \| ---D \| M] -- C:\Users\BILL\AppData\Roaming\EBookSys [2010/03/17 06:54:17 \| 000,000,000 \| ---D \| M] -- C:\Users\BILL\AppData\Roaming\EventGhost [2010/03/13 10:50:08 \| 000,000,000 \| ---D \| M] -- C:\Users\BILL\AppData\Roaming\foobar2000 [2008/12/22 08:28:47 \| 000,000,000 \| ---D \| M] -- C:\Users\BILL\AppData\Roaming\Foxit [2008/08/17 03:41:15 \| 000,000,000 \| ---D \| M] -- C:\Users\BILL\AppData\Roaming\Graphisoft [2009/09/09 05:49:35 \| 000,000,000 \| ---D \| M] -- C:\Users\BILL\AppData\Roaming\ICAClient [2008/10/06 18:06:05 \| 000,000,000 \| ---D \| M] -- C:\Users\BILL\AppData\Roaming\ImgBurn [2010/01/13 06:30:40 \| 000,000,000 \| ---D \| M] -- C:\Users\BILL\AppData\Roaming\IObit [2009/08/30 08:05:51 \| 000,000,000 \| ---D \| M] -- C:\Users\BILL\AppData\Roaming\iPodder [2009/05/16 13:45:58 \| 000,000,000 \| ---D \| M] -- C:\Users\BILL\AppData\Roaming\Moyea [2010/02/25 08:04:12 \| 000,000,000 \| ---D \| M] -- C:\Users\BILL\AppData\Roaming\Nuance [2010/02/27 05:53:53 \| 000,000,000 \| ---D \| M] -- C:\Users\BILL\AppData\Roaming\ScanSoft [2009/03/07 07:28:07 \| 000,000,000 \| ---D \| M] -- C:\Users\BILL\AppData\Roaming\Scooter Software [2008/08/10 17:30:28 \| 000,000,000 \| ---D \| M] -- C:\Users\BILL\AppData\Roaming\Snappy Fax [2008/08/09 05:41:05 \| 000,000,000 \| ---D \| M] -- C:\Users\BILL\AppData\Roaming\Snappy Fax Archives [2008/11/11 08:07:18 \| 000,000,000 \| ---D \| M] -- C:\Users\BILL\AppData\Roaming\Static Windows Live Mail Backup [2010/01/20 06:36:48 \| 000,000,000 \| ---D \| M] -- C:\Users\BILL\AppData\Roaming\TechSmith [2009/09/28 09:15:39 \| 000,000,000 \| ---D \| M] -- C:\Users\BILL\AppData\Roaming\Thinstall [2009/04/19 15:03:16 \| 000,000,000 \| ---D \| M] -- C:\Users\BILL\AppData\Roaming\VideoReDo-TVSuite [2010/01/12 10:19:27 \| 000,000,000 \| ---D \| M] -- C:\Users\BILL\AppData\Roaming\Vso [2009/02/19 13:30:49 \| 000,000,000 \| ---D \| M] -- C:\Users\BILL\AppData\Roaming\Watchtower [2009/02/21 07:08:45 \| 000,000,000 \| ---D \| M] -- C:\Users\BILL\AppData\Roaming\WinPatrol [2010/03/23 07:33:44 \| 000,000,000 \| ---D \| M] -- C:\Users\BILL\AppData\Roaming\Wireshark [2008/07/12 06:40:44 \| 000,000,000 \| ---D \| M] -- C:\Users\BILL\AppData\Roaming\Zeon [2010/03/23 10:54:15 \| 000,032,602 \| ---- \| M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010/03/25 04:46:32 \| 000,000,432 \| -H-- \| M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{D9282B69-8712-430E-B6C4-6FCA8BCB5DF0}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\.exe > < MD5 for: AGP440.SYS > [2008/07/12 22:52:41 \| 016,191,101 \| ---- \| M] () .cab file -- C:\$Recycle.Bin\S-1-5-21-3618552482-2967264882-3431833374-1000\$R821Y3Y\SVR_2003\i386\sp2.cab:AGP440.sys [2008/07/12 22:52:41 \| 016,191,101 \| ---- \| M] () .cab file -- C:\$Recycle.Bin\S-1-5-21-3618552482-2967264882-3431833374-1000\$RK3YT40\i386\sp2.cab:AGP440.sys [2008/01/19 00:09:10 \| 000,064,568 \| ---- \| M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys < MD5 for: ATAPI.SYS > [2008/07/12 22:52:41 \| 016,191,101 \| ---- \| M] () .cab file -- C:\$Recycle.Bin\S-1-5-21-3618552482-2967264882-3431833374-1000\$R821Y3Y\SVR_2003\i386\sp2.cab:atapi.sys [2008/07/12 22:52:41 \| 016,191,101 \| ---- \| M] () .cab file -- C:\$Recycle.Bin\S-1-5-21-3618552482-2967264882-3431833374-1000\$RK3YT40\i386\sp2.cab:atapi.sys [2008/01/19 00:07:48 \| 000,022,584 \| ---- \| M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006/11/02 07:16:48 \| 000,014,848 \| ---- \| M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll [2006/11/02 05:46:03 \| 000,011,776 \| ---- \| M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006/11/02 05:46:03 \| 000,011,776 \| ---- \| M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006/11/02 05:46:03 \| 000,011,776 \| ---- \| M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2008/07/17 13:07:02 \| 000,001,024 \| ---- \| M] () MD5=7446DC920E2798C03446858B9226C503 -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\lib\eventlog.dll < MD5 for: IASTORV.SYS > [2008/01/19 00:11:32 \| 000,290,872 \| ---- \| M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys < MD5 for: NETLOGON.DLL > [2008/01/19 00:03:02 \| 000,716,800 \| ---- \| M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll [2006/11/02 05:46:11 \| 000,559,616 \| ---- \| M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_61f43b1d27cd0ab4\netlogon.dll [2008/01/18 23:35:38 \| 000,592,384 \| ---- \| M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll [2008/01/18 23:35:38 \| 000,592,384 \| ---- \| M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll [2008/01/18 23:35:38 \| 000,592,384 \| ---- \| M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll [2006/11/02 07:18:47 \| 000,684,032 \| ---- \| M] (Microsoft Corporation) MD5=BFAB28B54DF41208CF3490FF26E53FD9 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_579f90caf36c48b9\netlogon.dll < MD5 for: NVSTOR.SYS > [2008/01/19 00:08:52 \| 000,054,328 \| ---- \| M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys < MD5 for: SCECLI.DLL > [2008/01/18 23:36:20 \| 000,177,152 \| ---- \| M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll [2008/01/18 23:36:20 \| 000,177,152 \| ---- \| M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll [2008/01/18 23:36:20 \| 000,177,152 \| ---- \| M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll [2006/11/02 07:19:09 \| 000,239,616 \| ---- \| M] (Microsoft Corporation) MD5=32EF13F20B28966D29DE5EABE036431D -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_91f5bbe3948dcf74\scecli.dll [2008/01/19 00:03:56 \| 000,235,520 \| ---- \| M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll [2006/11/02 05:46:12 \| 000,176,640 \| ---- \| M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_9c4a6635c8ee916f\scecli.dll < MD5 for: SYMMPI.SYS > [2008/07/12 22:52:41 \| 016,191,101 \| ---- \| M] () .cab file -- C:\$Recycle.Bin\S-1-5-21-3618552482-2967264882-3431833374-1000\$R821Y3Y\SVR_2003\i386\sp2.cab:symmpi.sys [2008/07/12 22:52:41 \| 016,191,101 \| ---- \| M] () .cab file -- C:\$Recycle.Bin\S-1-5-21-3618552482-2967264882-3431833374-1000\$RK3YT40\i386\sp2.cab:symmpi.sys < %systemroot%\. /mp /s > < %systemroot%\system32\.dll /lockedfiles > < %systemroot%\Tasks\.job /lockedfiles > < %systemroot%\system32\drivers\.sys /lockedfiles > < %systemroot%\System32\config\.sav > ========== Alternate Data Streams ========== @Alternate Data Stream - 890 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\When Its OK To Ask For Your Money Back______.eml:OECustomProperty @Alternate Data Stream - 869 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\Fwd_ Why Trampolines are so dangerous.eml:OECustomProperty @Alternate Data Stream - 845 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\FW_ No more headaches!.eml:OECustomProperty @Alternate Data Stream - 800 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\Why Trampolines are so dangerous.eml:OECustomProperty @Alternate Data Stream - 76 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\wtc_side_by_side1280.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\Windows XP -Turn off services not required.avi:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\Windchil.gif:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\Wilmington I-40 sign.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\What the don't want you to know about the coming oil crisis - all pages.tif:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\Ulead_mediastudio_pro_6.0-front.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\leoandpatcolor.tiff:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\leoandpatcolor.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\Hudson to Aberdeen NC.trp:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\1000roses3.bmp:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\010913wtc_attack_20.jpg:Roxio EMC Stream @Alternate Data Stream - 752 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\vonage_com #1099764.eml:OECustomProperty @Alternate Data Stream - 72 bytes -> C:\Windows:ADC4763CBFB21565 @Alternate Data Stream - 542 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\Service - What it means.eml:OECustomProperty @Alternate Data Stream - 510 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\katrina.eml:OECustomProperty @Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:6108D5DF @Alternate Data Stream - 189 bytes -> C:\ProgramData\TEMP:66633281 @Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 166 bytes -> C:\ProgramData\TEMP:8EF7595F @Alternate Data Stream - 164 bytes -> C:\ProgramData\TEMP:C895616B @Alternate Data Stream - 1629 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\Fwd_ FW_ BAD rear, BAD ASS_EML (261 KB).eml:OECustomProperty @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0A8E2C33 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:B0B959E5 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:9B013599 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:FED912DB @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:0888F409 < End of report >

patndoris View Member Profile	Mar 25 2010, 06:10 PM Post #6
SuperMember Group: Malware Team Posts: 2,552 Joined: 26-August 08 From: Maryland Member No.: 81,233 Operating System: Windows 7 Home Premium 64-bit Windows 7 Home Premium 32-bit Vista Home Premiium 32-bit / SP2 XP Professional SP3	I can see that you have what appears to be several programs for password detection and recovery on your system, as well as files that would allow recording of keystrokes. I'd like to be sure you knowing installed these programs and are aware they are on your machine. If not, they would be considered a seriuos security risk. Please go to: VirusTotal Click the Browse button and search for the following files: C:\Windows\GSetup.ini C:\Windows\SysWow64\behami.DLL C:\Windows\{48C879AA-DF3C-4638-907D-9412730F7A6F}_WiseFW.ini C:\Windows\SysNative\bdod.bin C:\Users\BILL\AppData\Roaming\inst.exe Click Open Then click Send File Please be patient while the file is scanned. Once the scan results appear, please provide them in your next reply. If it says already scanned -- click "reanalyze now" Please post the results in your next reply.

scat-2006 View Member Profile	Mar 26 2010, 04:48 AM Post #7
New Member Group: Authentic Member Posts: 5 Joined: 9-March 06 Member No.: 51,539 Operating System: Windows Xp	patndoris One of the last programs I installed was MD5 password, and the reason for this is that I have setup two VMware machines in a Server 2008 domain controller and I am in the process of studying Configuring Active Directory for Windows Server 2008 and I was off the machione for a little while after I had changed the Administator password and of course I forgot the password. I first tried the program Elcomsoft Proactive System Password Recovery v5.50 and it said it let me change the password but on reboot I could not get in, so I ran it again and saved the ADHashes for the user password and tried the program MD5 password on the Hash and it ran two days and no results. I don't know of a program of recording of keystrokes except a macro recording program. here are the results you asked for, I just selected what was on the screen and pasted each file listed as file1,2,.... file 1: C:\Windows\GSetup.ini File GSetup.ini received on 2010.03.26 10:27:57 (UTC) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/42 (0%) Loading server information... Your file is queued in position: 3. Estimated start time is between 56 and 80 seconds. Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result a-squared 4.5.0.50 2010.03.26 - AhnLab-V3 5.0.0.2 2010.03.25 - AntiVir 7.10.5.226 2010.03.26 - Antiy-AVL 2.0.3.7 2010.03.26 - Authentium 5.2.0.5 2010.03.26 - Avast 4.8.1351.0 2010.03.25 - Avast5 5.0.332.0 2010.03.25 - AVG 9.0.0.787 2010.03.26 - BitDefender 7.2 2010.03.26 - CAT-QuickHeal 10.00 2010.03.26 - ClamAV 0.96.0.0-git 2010.03.26 - Comodo 4391 2010.03.26 - DrWeb 5.0.1.12222 2010.03.26 - eSafe 7.0.17.0 2010.03.25 - eTrust-Vet 35.2.7390 2010.03.26 - F-Prot 4.5.1.85 2010.03.25 - F-Secure 9.0.15370.0 2010.03.26 - Fortinet 4.0.14.0 2010.03.24 - GData 19 2010.03.26 - Ikarus T3.1.1.80.0 2010.03.26 - Jiangmin 13.0.900 2010.03.26 - K7AntiVirus 7.10.1004 2010.03.22 - Kaspersky 7.0.0.125 2010.03.26 - McAfee 5931 2010.03.25 - McAfee+Artemis 5931 2010.03.25 - McAfee-GW-Edition 6.8.5 2010.03.26 - Microsoft 1.5605 2010.03.26 - NOD32 4976 2010.03.26 - Norman 6.04.10 2010.03.25 - nProtect 2009.1.8.0 2010.03.26 - Panda 10.0.2.2 2010.03.25 - PCTools 7.0.3.5 2010.03.26 - Prevx 3.0 2010.03.26 - Rising 22.40.04.04 2010.03.26 - Sophos 4.52.0 2010.03.26 - Sunbelt 6094 2010.03.26 - Symantec 20091.2.0.41 2010.03.26 - TheHacker 6.5.2.0.245 2010.03.26 - TrendMicro 9.120.0.1004 2010.03.26 - VBA32 3.12.12.2 2010.03.25 - ViRobot 2010.3.26.2246 2010.03.26 - VirusBuster 5.0.27.0 2010.03.25 - Additional information File size: 10 bytes MD5...: d90bd390f621b6d5bc7f2b2c5cdaf99a SHA1..: 3277004deb49d2e5b15db78c3a85870d00ee4cd7 SHA256: 5c15f99e0609f073de8cf5c96ab9e3f03baf8192c017f2c69c4357de3f98f093 ssdeep: 3:FkNn:C PEiD..: - PEInfo: - RDS...: NSRL Reference Data Set - pdfid.: - trid..: Unknown! sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned ============================================= file 2: C:\Windows\SysWow64\behami.DLL File behami.DLL received on 2010.03.26 10:12:41 (UTC) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/42 (0%) Loading server information... Your file is queued in position: 1. Estimated start time is between 42 and 60 seconds. Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result a-squared 4.5.0.50 2010.03.26 - AhnLab-V3 5.0.0.2 2010.03.25 - AntiVir 7.10.5.225 2010.03.25 - Antiy-AVL 2.0.3.7 2010.03.26 - Authentium 5.2.0.5 2010.03.26 - Avast 4.8.1351.0 2010.03.25 - Avast5 5.0.332.0 2010.03.25 - AVG 9.0.0.787 2010.03.26 - BitDefender 7.2 2010.03.26 - CAT-QuickHeal 10.00 2010.03.26 - ClamAV 0.96.0.0-git 2010.03.26 - Comodo 4390 2010.03.26 - DrWeb 5.0.1.12222 2010.03.26 - eSafe 7.0.17.0 2010.03.25 - eTrust-Vet 35.2.7390 2010.03.26 - F-Prot 4.5.1.85 2010.03.25 - F-Secure 9.0.15370.0 2010.03.26 - Fortinet 4.0.14.0 2010.03.24 - GData 19 2010.03.26 - Ikarus T3.1.1.80.0 2010.03.26 - Jiangmin 13.0.900 2010.03.26 - K7AntiVirus 7.10.1004 2010.03.22 - Kaspersky 7.0.0.125 2010.03.26 - McAfee 5931 2010.03.25 - McAfee+Artemis 5931 2010.03.25 - McAfee-GW-Edition 6.8.5 2010.03.26 - Microsoft 1.5605 2010.03.26 - NOD32 4975 2010.03.25 - Norman 6.04.10 2010.03.25 - nProtect 2009.1.8.0 2010.03.26 - Panda 10.0.2.2 2010.03.25 - PCTools 7.0.3.5 2010.03.26 - Prevx 3.0 2010.03.26 - Rising 22.40.04.04 2010.03.26 - Sophos 4.52.0 2010.03.26 - Sunbelt 6094 2010.03.26 - Symantec 20091.2.0.41 2010.03.26 - TheHacker 6.5.2.0.245 2010.03.26 - TrendMicro 9.120.0.1004 2010.03.26 - VBA32 3.12.12.2 2010.03.25 - ViRobot 2010.3.26.2245 2010.03.26 - VirusBuster 5.0.27.0 2010.03.25 - Additional information File size: 63 bytes MD5...: 9438605033fb036144c6f9a498d947db SHA1..: c34395e46bee30c802322ede64cd77627f09c34b SHA256: 055a1d9e1f6d7995ccc6bdd72596733398776962515d0ca434ae1fa2c1db8c12 ssdeep: 3:gURSVUgtUQTQXJTsTCQH6UTgQc5V:gU0tNcX4fTgTV PEiD..: - PEInfo: - RDS...: NSRL Reference Data Set - pdfid.: - trid..: Unknown! sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned ==================================== file 3: C:\Windows\{48C879AA-DF3C-4638-907D-9412730F7A6F}_WiseFW.ini File _48C879AA-DF3C-4638-907D-9412730F received on 2010.03.26 10:19:16 (UTC) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/41 (0%) Loading server information... Your file is queued in position: 2. Estimated start time is between 49 and 70 seconds. Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result a-squared 4.5.0.50 2010.03.26 - AhnLab-V3 5.0.0.2 2010.03.25 - AntiVir 7.10.5.226 2010.03.26 - Antiy-AVL 2.0.3.7 2010.03.26 - Authentium 5.2.0.5 2010.03.26 - Avast 4.8.1351.0 2010.03.25 - Avast5 5.0.332.0 2010.03.25 - AVG 9.0.0.787 2010.03.26 - BitDefender 7.2 2010.03.26 - CAT-QuickHeal 10.00 2010.03.26 - ClamAV 0.96.0.0-git 2010.03.26 - Comodo 4391 2010.03.26 - DrWeb 5.0.1.12222 2010.03.26 - eSafe 7.0.17.0 2010.03.25 - eTrust-Vet 35.2.7390 2010.03.26 - F-Prot 4.5.1.85 2010.03.25 - F-Secure 9.0.15370.0 2010.03.26 - Fortinet 4.0.14.0 2010.03.24 - GData 19 2010.03.26 - Ikarus T3.1.1.80.0 2010.03.26 - Jiangmin 13.0.900 2010.03.26 - K7AntiVirus 7.10.1004 2010.03.22 - Kaspersky 7.0.0.125 2010.03.26 - McAfee 5931 2010.03.25 - McAfee+Artemis 5931 2010.03.25 - McAfee-GW-Edition 6.8.5 2010.03.26 - Microsoft 1.5605 2010.03.26 - NOD32 4976 2010.03.26 - Norman 6.04.10 2010.03.25 - nProtect 2009.1.8.0 2010.03.26 - Panda 10.0.2.2 2010.03.25 - PCTools 7.0.3.5 2010.03.26 - Rising 22.40.04.04 2010.03.26 - Sophos 4.52.0 2010.03.26 - Sunbelt 6094 2010.03.26 - Symantec 20091.2.0.41 2010.03.26 - TheHacker 6.5.2.0.245 2010.03.26 - TrendMicro 9.120.0.1004 2010.03.26 - VBA32 3.12.12.2 2010.03.25 - ViRobot 2010.3.26.2246 2010.03.26 - VirusBuster 5.0.27.0 2010.03.25 - Additional information File size: 281 bytes MD5...: 61a16d6cb5204a405b258208904d3462 SHA1..: cb274e5e26b97287cfebfed79cdc48bc264b62a7 SHA256: c0820e348b5cc2ba5ef78be5cb262810695bd43a83043cdc99d28627ca9c444a ssdeep: 6:1YxKamJ6V1SN5+RWaRbiBpolLBXsRNov83yNWsBQBkf52ErriRNovSCmKe+:1c 2Y1SN5+RH0jY1X2CEg52ECl2 PEiD..: - PEInfo: - RDS...: NSRL Reference Data Set - pdfid.: - trid..: Generic INI configuration (100.0%) sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned ========================================= file 4: C:\Windows\SysNative\bdod.bin File bdod.bin received on 2010.03.26 10:21:13 (UTC) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/42 (0%) Loading server information... Your file is queued in position: 1. Estimated start time is between 42 and 60 seconds. Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result a-squared 4.5.0.50 2010.03.26 - AhnLab-V3 5.0.0.2 2010.03.25 - AntiVir 7.10.5.226 2010.03.26 - Antiy-AVL 2.0.3.7 2010.03.26 - Authentium 5.2.0.5 2010.03.26 - Avast 4.8.1351.0 2010.03.25 - Avast5 5.0.332.0 2010.03.25 - AVG 9.0.0.787 2010.03.26 - BitDefender 7.2 2010.03.26 - CAT-QuickHeal 10.00 2010.03.26 - ClamAV 0.96.0.0-git 2010.03.26 - Comodo 4391 2010.03.26 - DrWeb 5.0.1.12222 2010.03.26 - eSafe 7.0.17.0 2010.03.25 - eTrust-Vet 35.2.7390 2010.03.26 - F-Prot 4.5.1.85 2010.03.25 - F-Secure 9.0.15370.0 2010.03.26 - Fortinet 4.0.14.0 2010.03.24 - GData 19 2010.03.26 - Ikarus T3.1.1.80.0 2010.03.26 - Jiangmin 13.0.900 2010.03.26 - K7AntiVirus 7.10.1004 2010.03.22 - Kaspersky 7.0.0.125 2010.03.26 - McAfee 5931 2010.03.25 - McAfee+Artemis 5931 2010.03.25 - McAfee-GW-Edition 6.8.5 2010.03.26 - Microsoft 1.5605 2010.03.26 - NOD32 4976 2010.03.26 - Norman 6.04.10 2010.03.25 - nProtect 2009.1.8.0 2010.03.26 - Panda 10.0.2.2 2010.03.25 - PCTools 7.0.3.5 2010.03.26 - Prevx 3.0 2010.03.26 - Rising 22.40.04.04 2010.03.26 - Sophos 4.52.0 2010.03.26 - Sunbelt 6094 2010.03.26 - Symantec 20091.2.0.41 2010.03.26 - TheHacker 6.5.2.0.245 2010.03.26 - TrendMicro 9.120.0.1004 2010.03.26 - VBA32 3.12.12.2 2010.03.25 - ViRobot 2010.3.26.2246 2010.03.26 - VirusBuster 5.0.27.0 2010.03.25 - Additional information File size: 81984 bytes MD5...: 6250fc771f5c2438dd4ca7d458672954 SHA1..: fd12f5190474a128ab104d5d9bc4644a57f7d1fa SHA256: 3deabd5269be14d868a210a626729f158b036b98fe86a8617102ddcdf2ec8b5b ssdeep: 768:d5OJaX+vTn8jJZQlJHPYCQk3Kw6SPzwz03LZ/:OJaOvT8tWRgw6SPzxb9 PEiD..: - PEInfo: - RDS...: NSRL Reference Data Set - pdfid.: - sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned trid..: Unknown! =============================================== file 5: C:\Users\BILL\AppData\Roaming\inst.exe File inst.exe received on 2010.03.26 10:22:54 (UTC) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/42 (0%) Loading server information... Your file is queued in position: 1. Estimated start time is between 42 and 60 seconds. Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result a-squared 4.5.0.50 2010.03.26 - AhnLab-V3 5.0.0.2 2010.03.25 - AntiVir 7.10.5.226 2010.03.26 - Antiy-AVL 2.0.3.7 2010.03.26 - Authentium 5.2.0.5 2010.03.26 - Avast 4.8.1351.0 2010.03.25 - Avast5 5.0.332.0 2010.03.25 - AVG 9.0.0.787 2010.03.26 - BitDefender 7.2 2010.03.26 - CAT-QuickHeal 10.00 2010.03.26 - ClamAV 0.96.0.0-git 2010.03.26 - Comodo 4391 2010.03.26 - DrWeb 5.0.1.12222 2010.03.26 - eSafe 7.0.17.0 2010.03.25 - eTrust-Vet 35.2.7390 2010.03.26 - F-Prot 4.5.1.85 2010.03.25 - F-Secure 9.0.15370.0 2010.03.26 - Fortinet 4.0.14.0 2010.03.24 - GData 19 2010.03.26 - Ikarus T3.1.1.80.0 2010.03.26 - Jiangmin 13.0.900 2010.03.26 - K7AntiVirus 7.10.1004 2010.03.22 - Kaspersky 7.0.0.125 2010.03.26 - McAfee 5931 2010.03.25 - McAfee+Artemis 5931 2010.03.25 - McAfee-GW-Edition 6.8.5 2010.03.26 - Microsoft 1.5605 2010.03.26 - NOD32 4976 2010.03.26 - Norman 6.04.10 2010.03.25 - nProtect 2009.1.8.0 2010.03.26 - Panda 10.0.2.2 2010.03.25 - PCTools 7.0.3.5 2010.03.26 - Prevx 3.0 2010.03.26 - Rising 22.40.04.04 2010.03.26 - Sophos 4.52.0 2010.03.26 - Sunbelt 6094 2010.03.26 - Symantec 20091.2.0.41 2010.03.26 - TheHacker 6.5.2.0.245 2010.03.26 - TrendMicro 9.120.0.1004 2010.03.26 - VBA32 3.12.12.2 2010.03.25 - ViRobot 2010.3.26.2246 2010.03.26 - VirusBuster 5.0.27.0 2010.03.25 - Additional information File size: 99384 bytes MD5...: 16e53bfc96ce14021c0e07eb1c198478 SHA1..: b75f62fb98757b73c2df8ffede7a52b71085e0be SHA256: 124f3710c7c8979724b40f129d99b3d6caabc865c2948db52641c33a1fc4d072 ssdeep: 1536:6bRrisTKdSi8ArhBzCytumR6AJlpkt8DhBMbGa5LOeUzxs7xG:6VWWhrArP zCytumn/pkt8FcGa5LEFsw PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x2900 timedatestamp.....: 0x44a1149d (Tue Jun 27 11:21:01 2006) machinetype.......: 0x8664 (AMD64) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x1004e 0x10200 6.24 0f59b9311b2bd6817059d6f63734556a .rdata 0x12000 0x3f22 0x4000 5.23 ab9dc3fc3a103a11de7e03205349a6d1 .data 0x16000 0x3858 0x1600 1.75 50847fcfc95c11922243799b4ec64c98 .pdata 0x1a000 0xf9c 0x1000 4.95 c5aaa14fd9c0a166ca0b582cef910973 .rsrc 0x1b000 0xb0 0x200 4.10 415e32d4188ceb8632ebd291bbc1b934 ( 6 imports ) > newdev.dll: UpdateDriverForPlugAndPlayDevicesW > SETUPAPI.dll: SetupDiRemoveDevice, SetupDiCallClassInstaller, SetupDiSetDeviceRegistryPropertyW, SetupDiCreateDeviceInfoW, SetupDiCreateDeviceInfoList, SetupDiGetDeviceRegistryPropertyW, SetupDiOpenDeviceInfoW > KERNEL32.dll: HeapSize, ReadFile, SetEndOfFile, HeapReAlloc, CreateFileA, FormatMessageW, GetLastError, CloseHandle, GetCurrentProcess, GetPrivateProfileStringW, MultiByteToWideChar, LocalFree, ExitProcess, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, LoadLibraryA, GetCommandLineA, HeapFree, GetVersionExA, HeapAlloc, GetProcessHeap, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, RtlCaptureContext, RtlUnwindEx, EnterCriticalSection, LeaveCriticalSection, RtlVirtualUnwind, RtlLookupFunctionEntry, GetCPInfo, GetACP, GetOEMCP, GetProcAddress, GetModuleHandleA, FlsGetValue, FlsSetValue, TlsFree, FlsFree, SetLastError, GetCurrentThreadId, FlsAlloc, WriteFile, GetStdHandle, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, GetFileType, GetStartupInfoA, DeleteCriticalSection, HeapSetInformation, HeapCreate, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, SetStdHandle, GetConsoleCP, GetConsoleMode, FlushFileBuffers, Sleep, CreateFileW, InitializeCriticalSection, SetFilePointer, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA > ADVAPI32.dll: LookupPrivilegeValueA, AdjustTokenPrivileges, OpenProcessToken > SHELL32.dll: SHGetFolderPathW > ole32.dll: CLSIDFromString ( 0 exports ) RDS...: NSRL Reference Data Set - pdfid.: - trid..: Generic Win/DOS Executable (49.9%) DOS Executable Generic (49.8%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%) sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: VSO-SOFTWARE VeriSign Class 3 Code Signing 2004 CA Class 3 Public Primary Certification Authority signing date.: 11:53 AM 12/8/2006 verified.....: - Thank you for helping me Scat

patndoris View Member Profile	Mar 26 2010, 05:02 PM Post #8
SuperMember Group: Malware Team Posts: 2,552 Joined: 26-August 08 From: Maryland Member No.: 81,233 Operating System: Windows 7 Home Premium 64-bit Windows 7 Home Premium 32-bit Vista Home Premiium 32-bit / SP2 XP Professional SP3	As long as you have knowingly installed the macro recorder (which records keystrokes) and the password recovery software that is fine. I don't see any obvious signs of malware on your machine, but I'd like to do a couple of additional scans to be on the safe side. Please download Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select Perform quick scan, then click Scan. When the scan is complete, click OK, then Show Results to view the results. Be sure that everything is checked, and click Remove Selected . When completed, a log will open in Notepad. Please save it to a convenient location and post the results. Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot. Please post the log in your next reply. Please download JavaRa to your desktop and unzip it to its own folder Run JavaRa.exe as administrator (right click and choose Run as Administrator) pick the language of your choice and click Select. Then click Remove Older Versions. Accept any prompts. Open JavaRa.exe again and select Search For Updates. Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer. Please do a scan with Kaspersky Online Scanner Click on the Accept button and install any components it needs. The program will install and then begin downloading the latest definition files. After the files have been downloaded on the left side of the page in the Scan section select My Computer. This will start the program and scan your system. The scan will take a while, so be patient and let it run. (At times it may appear to stall) Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan. Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined. Once the scan is complete, click on View scan report To obtain the report: Click on: Save Report As Next, in the ]Save as prompt, Save in area, select: Desktop In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select: *Text file [.txt] Then, click: Save Please post the Kaspersky Online Scanner Report** in your reply.

scat-2006 View Member Profile	Mar 29 2010, 08:54 AM Post #9
New Member Group: Authentic Member Posts: 5 Joined: 9-March 06 Member No.: 51,539 Operating System: Windows Xp	patndoris I have tried two times to get this to complete the Kaspersky Online Scanner and it hangs after 14 hours see image I am jsut going to reformat my c: drive and do a fresh install of Vista x64 you can close this topic Thank you for all your help Scat This post has been edited by scat-2006: Mar 29 2010, 08:55 AM

CatByte View Member Profile	Mar 29 2010, 03:37 PM Post #10
Classroom Administrator Group: Classroom Admin Posts: 19,743 Joined: 18-November 04 From: Canada Member No.: 18,614 Operating System: XP, Vista, Win7	Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please follow the instructions here http://forums.whatthetech.com/you_Infected_t106388.html and start a New Topic.

« Next Oldest · Virus, Spyware & Malware Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies	Topic Starter	Views	Last Action
Virus, Spyware & Malware Removal Computer slow down and no net	0	ethycs	2,579	22nd August 2006 - 07:25 PM Last post by: ethycs
Virus, Spyware & Malware Removal Can't Control My Computer	6	-James Foster-	3,024	22nd December 2003 - 10:13 AM Last post by: cnm
Virus, Spyware & Malware Removal Computer Acting Up	3	EasTexan2	2,441	5th April 2004 - 01:28 PM Last post by: Daemon
Virus, Spyware & Malware Removal Hey there, I think my computer is about to explode!	0	Doug P.	1,724	3rd October 2006 - 09:33 PM Last post by: Doug P.
Virus, Spyware & Malware Removal My computer is only a month old and already hijacked. Pls help. HJT l	0	Vegas500	1,462	14th October 2006 - 08:16 PM Last post by: Vegas500