Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] my computer is scanning for open ports on other computers o


  • This topic is locked This topic is locked
9 replies to this topic

#1 scat-2006

scat-2006

    New Member

  • Authentic Member
  • Pip
  • 5 posts

Posted 23 March 2010 - 09:15 AM

As the title says: my computer is scanning for open ports on other computers on my home network My desktop computer: Windows Vista x64 What happens is on my other computers all running Bitdefender Internet Security 2009 I see a popup message that it has blocked a scan for open ports from the ip address of my desktop computer. Now on my desktop computer prior to coming here I have ran the following Bitdefender Antivirus - nothing showing port scans all OK Webroot Spy Sweeper 2010 - nothing showing port scans all OK and no Malware or anything just cookies and now I come here for some help and or advise, I have followed the Preparing for the Malware Removal Process and the results are as follows: had a error while trying to run DDS Error was This Tool does not support your operating system which is Vista x64 I have attached the results of GMER as file: Gmer.txt Thank you for any assistance or advise Scat Attached File  Gmer.txt   2.28KB   341 downloads

    Advertisements

Register to Remove


#2 patndoris

patndoris

    SuperMember

  • Malware Team
  • 2,593 posts

Posted 24 March 2010 - 04:14 PM

Hello scat-2006 and Posted Image

My name is patndoris. I will be glad to take a look at your log and help you with solving any malware problems. It will be very helpful if you follow these guidelines:
  • Malware logs are often lengthy and can take a lot of time to research and interpret. Please be patient while I review your logs.
  • Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
  • Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • Please follow my instructions carefully and in the order they are posted. You may also find it helpful to print out the instructions you receive.
  • Please do not run any scans or install/uninstall any applications or delete anything without being directed to do so.
  • Remember, absence of symptoms does not mean the infection is all gone. Please stick with me till you're given the "all clear".
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • Please reply within 3 days. If I do not hear back from you in that time frame, I will post a reminder for you. Topics with no reply in 4 days are closed!
Please be advised I am still in training, and all of my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advice.
This may cause a delay in response time, but I will do my best to keep it as short as possible.

I will post back shortly with instructions.
~Doris~

Proud Graduate of the WTT Classroom
Member of UNITE

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.whatthetech.com/donate

#3 patndoris

patndoris

    SuperMember

  • Malware Team
  • 2,593 posts

Posted 24 March 2010 - 06:33 PM

Download and Run OTL
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

~Doris~

Proud Graduate of the WTT Classroom
Member of UNITE

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.whatthetech.com/donate

#4 scat-2006

scat-2006

    New Member

  • Authentic Member
  • Pip
  • 5 posts

Posted 25 March 2010 - 03:15 AM

patndoris

here are the reults for: OTL.Txt

OTL logfile created on: 3/25/2010 4:56:32 AM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = F:\from 98 machine\F_drive\All Data Saved here\My Desktop
64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): c:\pagefile.sys 4603 4603 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 117.19 Gb Total Space | 14.86 Gb Free Space | 12.68% Space Free | Partition Type: NTFS
Drive D: | 97.65 Gb Total Space | 15.04 Gb Free Space | 15.40% Space Free | Partition Type: NTFS
Drive E: | 83.25 Gb Total Space | 13.72 Gb Free Space | 16.48% Space Free | Partition Type: NTFS
Drive F: | 465.75 Gb Total Space | 121.86 Gb Free Space | 26.16% Space Free | Partition Type: NTFS
Drive G: | 232.88 Gb Total Space | 5.36 Gb Free Space | 2.30% Space Free | Partition Type: NTFS
Drive H: | 465.76 Gb Total Space | 22.06 Gb Free Space | 4.74% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: DADS_DESKTOP
Current User Name: BILL
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/25 04:54:23 | 000,555,520 | ---- | M] (OldTimer Tools) -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\OTL.exe
PRC - [2009/08/14 20:19:44 | 000,326,192 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2009/08/14 20:19:30 | 000,399,920 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2009/08/14 20:19:24 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2009/01/29 18:11:32 | 000,052,392 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PRC - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/11/13 15:43:49 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
PRC - [2008/10/30 00:34:36 | 000,027,136 | ---- | M] () -- C:\Program Files (x86)\EventGhost\EventGhost.exe
PRC - [2008/06/10 02:21:01 | 000,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWOW64\java.exe
PRC - [2007/09/14 04:01:56 | 000,492,600 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
PRC - [2007/09/14 03:02:34 | 000,905,056 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2007/09/14 02:55:30 | 000,140,568 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2007/09/14 02:52:46 | 002,595,480 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2007/07/19 18:54:48 | 000,689,408 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2007/07/19 18:54:40 | 000,656,640 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2006/12/19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe


========== Modules (SafeList) ==========

MOD - [2010/03/25 04:54:23 | 000,555,520 | ---- | M] (OldTimer Tools) -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\OTL.exe
MOD - [2008/01/18 23:34:00 | 000,450,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2008/01/18 23:26:36 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/21 23:50:10 | 000,677,888 | ---- | M] (BitDefender SRL) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV:64bit: - [2010/01/26 15:09:16 | 001,486,088 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine)
SRV:64bit: - [2010/01/26 15:09:14 | 001,503,496 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent)
SRV:64bit: - [2009/11/12 11:43:08 | 002,609,632 | ---- | M] (BitDefender S. R. L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe -- (VSSERV)
SRV:64bit: - [2009/11/09 09:45:00 | 000,424,960 | ---- | M] () [On_Demand | Running] -- C:\Windows\SysNative\inetsrv\iisw3adm.dll -- (WAS)
SRV:64bit: - [2009/11/09 09:45:00 | 000,424,960 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\inetsrv\iisw3adm.dll -- (W3SVC)
SRV:64bit: - [2009/08/13 22:15:40 | 000,202,752 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/08/10 07:47:36 | 000,412,672 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV:64bit: - [2009/05/26 22:29:54 | 039,659,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER)
SRV:64bit: - [2009/05/26 22:29:32 | 000,198,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe -- (MsDtsServer)
SRV:64bit: - [2008/11/25 12:45:30 | 000,426,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE -- (SQLSERVERAGENT)
SRV:64bit: - [2008/11/25 12:45:30 | 000,064,352 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV:64bit: - [2008/07/29 14:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV:64bit: - [2008/07/17 13:07:04 | 000,143,360 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe -- (Arrakis3)
SRV:64bit: - [2008/05/12 12:51:32 | 002,601,848 | ---- | M] (RealVNC Ltd.) [On_Demand | Stopped] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV:64bit: - [2008/04/23 18:55:56 | 000,098,488 | ---- | M] (SiSoftware) [Disabled | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII.SP2c\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV:64bit: - [2008/01/19 00:06:52 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/01/19 00:04:22 | 000,252,928 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2008/01/19 00:01:12 | 000,598,016 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2008/01/19 00:00:54 | 000,195,584 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/01/19 00:00:54 | 000,058,368 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV:64bit: - [2008/01/19 00:00:48 | 000,012,288 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\wmsvc.exe -- (WMSvc)
SRV:64bit: - [2008/01/19 00:00:44 | 001,147,904 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2008/01/19 00:00:20 | 000,015,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN)
SRV:64bit: - [2008/01/19 00:00:18 | 000,689,152 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\fxssvc.exe -- (Fax)
SRV:64bit: - [2007/11/23 14:02:00 | 000,131,072 | ---- | M] (Visioneer Inc.) [Disabled | Stopped] -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe -- (OneTouch 4.0 Monitor)
SRV:64bit: - [2007/06/22 11:51:32 | 000,158,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe -- (msftesql)
SRV:64bit: - [2006/10/21 12:38:20 | 000,476,568 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\DKabcoms.exe -- (dkab_device)
SRV - [2009/11/09 09:20:24 | 000,371,712 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/11/09 09:20:24 | 000,371,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/10/20 14:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/08/14 20:19:44 | 000,326,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009/08/14 20:19:30 | 000,399,920 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2009/08/14 20:19:24 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2009/03/22 10:45:29 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/21 14:08:06 | 001,095,560 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/01/07 13:40:56 | 000,348,752 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/12/01 11:49:02 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2008/11/13 15:43:49 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2008/10/25 12:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/07/27 14:01:49 | 000,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/01/18 23:33:44 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2007/09/14 04:01:56 | 000,492,600 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2007/09/14 02:55:52 | 000,599,320 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/07/19 18:54:48 | 000,689,408 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2006/12/19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2006/11/02 09:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 02:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 02:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2006/10/21 12:38:24 | 000,508,824 | ---- | M] ( ) [On_Demand | Stopped] -- C:\Windows\SysWow64\DKabcoms.exe -- (dkab_device)
SRV - [2006/07/26 11:29:56 | 003,857,408 | ---- | M] (Network Automation, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\AutoMate 6\AMTS.exe -- (AutoMate6)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\tbextension\ [2009/03/19 05:49:38 | 000,000,000 | ---D | M]


Hosts file not found
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItBHO64.dll (TechSmith Corporation)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (FlpLauncher Class) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files (x86)\E-Book Systems\FlipAlbum 5 Pro\FpLaunch.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Catcher Class) - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files (x86)\Moyea\FLV Downloader\MoyeaCth.dll (Moyea Software Co., Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Create 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll (Bitdefender)
O3:64bit: - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\Antispam32\IEToolbar.dll (Bitdefender)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Create 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe (BitDefender)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper 32] C:\Program Files\BitDefender\BitDefender 2009\Antispam32\IEShow.exe (BitDefender)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: [mount.exe] C:\Program Files (x86)\GiPo@Utilities\FileUtilities.3\mount.exe (Gibin Software House (http://www.gibinsoft.net))
O4 - Startup: C:\Users\BILL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\BILL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EventGhost.lnk = C:\Program Files (x86)\EventGhost\EventGhost.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\AdvancedOptions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to existing PDF file - C:\Program Files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Create PDF file - C:\Program Files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Create PDF file from the content of the link - C:\Program Files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Create PDF files from the selected links - C:\Program Files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to existing PDF file - C:\Program Files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Create PDF file - C:\Program Files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file from the content of the link - C:\Program Files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF files from the selected links - C:\Program Files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\SysNative\wpclsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} http://newhorizons.m...auth/icaweb.cab (Citrix ICA Client)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1268657164146 (MUCatalogWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.micr...44/igdtoolx.cab (IGDTester Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll ()
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems Incorporated)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\M-M Susan-2b.jpg
O24 - Desktop BackupWallPaper: C:\Windows\M-M Susan-2b.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll ()
O30:64bit: - LSA: Authentication Packages - (tive\Contr.com) - File not found
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis)
O30 - LSA: Authentication Packages - (m32\wltrysvc.e) - File not found
O30:64bit: - LSA: Security Packages - (RVER\90\TOOLS\BINN\VSSHELL\COMMON7\ID) - File not found
O30 - LSA: Security Packages - (ges - (RVER\90\TOOLS\BINN\VSSHELL\COM) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{42a6d868-1587-11de-bfce-001d7de6e5f3}\Shell - "" = AutoRun
O33 - MountPoints2\{42a6d868-1587-11de-bfce-001d7de6e5f3}\Shell\AutoRun\command - "" = I:\hbcd\wintools\autorun.exe -- File not found
O33 - MountPoints2\{42a6d868-1587-11de-bfce-001d7de6e5f3}\Shell\Option1\Command - "" = I:\hbcd\wintools\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *OODBSOODBS) - File not found
O34 - HKLM BootExecute: (PDBoot.exe) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2008/06/01 04:04:47 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll ()
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll ()
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll ()
NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008/06/01 04:05:01 | 000,000,000 | ---D | M]
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/03/25 04:54:23 | 000,555,520 | ---- | C] (OldTimer Tools) -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\OTL.exe
[2010/03/23 10:16:05 | 000,000,000 | ---D | C] -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\Are you Infected
[2010/03/23 08:55:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/03/23 08:13:00 | 000,000,000 | ---D | C] -- F:\from 98 machine\F_drive\All Data Saved here\My Documents\WireShark results
[2010/03/23 07:33:44 | 000,000,000 | ---D | C] -- C:\Users\BILL\AppData\Roaming\Wireshark
[2010/03/23 07:31:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2010/03/23 07:31:03 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2010/03/22 14:30:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/03/20 05:10:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElcomSoft
[2010/03/18 13:25:44 | 000,000,000 | ---D | C] -- F:\from 98 machine\F_drive\All Data Saved here\My Documents\OneNote Notebooks
[2010/03/17 06:53:57 | 000,000,000 | ---D | C] -- C:\Users\BILL\AppData\Roaming\EventGhost
[2010/03/13 06:36:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSSOAP
[2010/03/13 06:36:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
[2010/03/13 06:36:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Webroot
[2010/03/13 06:12:17 | 000,000,000 | ---D | C] -- C:\Users\BILL\AppData\Local\VS Revo Group
[2008/11/05 18:50:21 | 000,018,944 | ---- | C] ( ) -- C:\Windows\SysWow64\IMPLODE.DLL
[2008/08/21 04:42:40 | 000,614,400 | ---- | C] ( ) -- C:\Windows\SysWow64\DKabcomc.dll
[2008/08/21 04:42:40 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\DKabcomm.dll
[2008/08/21 04:42:40 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\DKabprox.dll
[2008/07/06 11:29:42 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\BILL\AppData\Roaming\pcouffin.sys
[18 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[18 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\BILL\AppData\Local\*.tmp files -> C:\Users\BILL\AppData\Local\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/25 04:56:40 | 005,767,168 | ---- | M] () -- C:\Users\BILL\ntuser.dat
[2010/03/25 04:56:01 | 000,000,289 | ---- | M] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\my computer is scanning for open ports on other computers on my home n.url
[2010/03/25 04:54:23 | 000,555,520 | ---- | M] (OldTimer Tools) -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\OTL.exe
[2010/03/25 04:46:32 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D9282B69-8712-430E-B6C4-6FCA8BCB5DF0}.job
[2010/03/25 04:41:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/24 18:09:14 | 000,952,458 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/03/24 18:09:14 | 000,785,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/03/24 18:09:14 | 000,167,664 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/03/24 18:04:09 | 000,005,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/24 18:04:09 | 000,005,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/24 18:04:08 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/24 18:03:53 | 4293,382,144 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/24 06:11:56 | 000,000,215 | ---- | M] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\Problem Accessing File System for Playback - SageTV Community.url
[2010/03/23 10:54:16 | 000,081,984 | ---- | M] () -- C:\Windows\SysNative\bdod.bin
[2010/03/23 10:54:14 | 000,524,288 | -HS- | M] () -- C:\Users\BILL\ntuser.dat{54717b19-665d-11de-be51-005056c00008}.TMContainer00000000000000000001.regtrans-ms
[2010/03/23 10:54:14 | 000,065,536 | -HS- | M] () -- C:\Users\BILL\ntuser.dat{54717b19-665d-11de-be51-005056c00008}.TM.blf
[2010/03/23 10:54:12 | 004,818,981 | -H-- | M] () -- C:\Users\BILL\AppData\Local\IconCache.db
[2010/03/22 09:34:53 | 000,002,517 | ---- | M] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\Microsoft Office Word 2007.lnk
[2010/03/22 04:56:27 | 000,000,156 | ---- | M] () -- C:\Windows\Twunk001.MTX
[2010/03/22 04:56:27 | 000,000,003 | ---- | M] () -- C:\Windows\Twain001.Mtx
[2010/03/22 04:41:35 | 000,000,510 | ---- | M] () -- C:\Windows\SysNative\BDUpdateV1.xml
[2010/03/21 05:34:46 | 000,000,145 | ---- | M] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\EventGhost • View topic - Change 'Playback Devices' in Control Panel (Sound).url
[2010/03/20 14:22:53 | 000,000,242 | ---- | M] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\Newegg.com - GIGABYTE GA-P55-UD5 LGA 1156 Intel P55 ATX Intel Motherboard - Intel Motherboards.url
[2010/03/20 14:22:36 | 000,000,280 | ---- | M] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\Newegg.com - Intel Core i7-860 Lynnfield 2.8GHz 8MB L3 Cache LGA 1156 95W Quad-Core Processor - Processors - Desktops.url
[2010/03/20 06:30:46 | 000,003,959 | ---- | M] () -- F:\from 98 machine\F_drive\All Data Saved here\My Documents\WINDOWS SERVER 2008 PSWD RECOVERY.vmd5
[2010/03/20 06:30:07 | 000,000,518 | ---- | M] () -- C:\Windows\pwc61.INI
[2010/03/20 05:19:34 | 000,000,291 | ---- | M] () -- C:\Users\BILL\AppData\Roaming\default.pwcfg
[2010/03/20 05:19:33 | 000,000,291 | ---- | M] () -- F:\from 98 machine\F_drive\All Data Saved here\My Documents\ba.pwcfg
[2010/03/20 05:12:49 | 000,000,068 | ---- | M] () -- C:\Windows\Awpr.ini
[2010/03/19 04:33:22 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/03/19 04:33:17 | 000,045,056 | ---- | M] () -- C:\Users\BILL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/18 14:23:41 | 000,000,182 | ---- | M] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\System & security software ElcomSoft System Recovery Forgot administrator password Replace or recover it.url
[2010/03/17 12:25:59 | 000,000,850 | ---- | M] () -- C:\Users\BILL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EventGhost.lnk
[2010/03/16 07:48:20 | 000,000,214 | ---- | M] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\Learn Scripting.url
[2010/03/13 07:50:24 | 000,000,237 | ---- | M] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\LOT 2 Logitech Harmony 880 LCD Universal Remote Control - eBay (item 220503065892 end time Mar-29-10 111702 PDT).url
[2010/03/13 06:36:11 | 000,000,164 | ---- | M] () -- C:\Windows\install.dat
[2010/03/13 04:56:49 | 027,635,135 | ---- | M] () -- C:\Program Files (x86)\EventGhost.zip
[18 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[18 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\BILL\AppData\Local\*.tmp files -> C:\Users\BILL\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/25 04:56:01 | 000,000,289 | ---- | C] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\my computer is scanning for open ports on other computers on my home n.url
[2010/03/24 06:11:56 | 000,000,215 | ---- | C] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\Problem Accessing File System for Playback - SageTV Community.url
[2010/03/23 07:31:10 | 000,357,758 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_vcredistMSI5CE0.txt
[2010/03/23 07:31:10 | 000,018,046 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_vcredistUI5CE0.txt
[2010/03/21 05:34:46 | 000,000,145 | ---- | C] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\EventGhost • View topic - Change 'Playback Devices' in Control Panel (Sound).url
[2010/03/20 14:22:52 | 000,000,242 | ---- | C] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\Newegg.com - GIGABYTE GA-P55-UD5 LGA 1156 Intel P55 ATX Intel Motherboard - Intel Motherboards.url
[2010/03/20 14:22:36 | 000,000,280 | ---- | C] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\Newegg.com - Intel Core i7-860 Lynnfield 2.8GHz 8MB L3 Cache LGA 1156 95W Quad-Core Processor - Processors - Desktops.url
[2010/03/20 06:30:46 | 000,003,959 | ---- | C] () -- F:\from 98 machine\F_drive\All Data Saved here\My Documents\WINDOWS SERVER 2008 PSWD RECOVERY.vmd5
[2010/03/20 05:19:34 | 000,000,291 | ---- | C] () -- C:\Users\BILL\AppData\Roaming\default.pwcfg
[2010/03/20 05:19:33 | 000,000,291 | ---- | C] () -- F:\from 98 machine\F_drive\All Data Saved here\My Documents\ba.pwcfg
[2010/03/20 05:18:08 | 000,000,518 | ---- | C] () -- C:\Windows\pwc61.INI
[2010/03/20 05:06:27 | 000,000,068 | ---- | C] () -- C:\Windows\Awpr.ini
[2010/03/18 14:23:41 | 000,000,182 | ---- | C] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\System & security software ElcomSoft System Recovery Forgot administrator password Replace or recover it.url
[2010/03/17 13:13:24 | 000,142,848 | ---- | C] () -- C:\Windows\SysNative\drivers\ArcHlp.sys
[2010/03/17 12:25:59 | 000,000,850 | ---- | C] () -- C:\Users\BILL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EventGhost.lnk
[2010/03/16 08:28:48 | 000,330,056 | ---- | C] () -- C:\Windows\SysNative\ftd2xx.dll
[2010/03/16 08:28:48 | 000,069,192 | ---- | C] () -- C:\Windows\SysNative\drivers\ftdibus.sys
[2010/03/16 07:48:20 | 000,000,214 | ---- | C] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\Learn Scripting.url
[2010/03/13 07:46:26 | 000,000,237 | ---- | C] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\LOT 2 Logitech Harmony 880 LCD Universal Remote Control - eBay (item 220503065892 end time Mar-29-10 111702 PDT).url
[2010/03/13 06:27:28 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2010/03/13 04:56:49 | 027,635,135 | ---- | C] () -- C:\Program Files (x86)\EventGhost.zip
[2010/02/25 08:09:16 | 000,032,139 | ---- | C] () -- C:\Windows\maxlink.ini
[2009/10/20 14:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/10/17 07:21:50 | 000,084,480 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/10/17 07:20:40 | 000,093,696 | ---- | C] () -- C:\Users\BILL\AppData\Roaming\ezpinst.exe
[2009/10/17 05:35:47 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\rmc_rtspdl.dll
[2009/08/24 09:09:11 | 000,000,281 | ---- | C] () -- C:\Windows\{48C879AA-DF3C-4638-907D-9412730F7A6F}_WiseFW.ini
[2009/08/19 12:23:53 | 000,233,202 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_ATL90SP1_KB973924MSI502F.txt
[2009/08/19 12:23:53 | 000,011,706 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_ATL90SP1_KB973924UI502F.txt
[2009/08/19 12:20:11 | 000,563,842 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_ATL80SP1_KB973923MSI4D57.txt
[2009/08/19 12:20:10 | 000,011,684 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_ATL80SP1_KB973923UI4D57.txt
[2009/08/19 12:19:49 | 000,576,528 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_ATL80SP1_KB973923MSI4D0F.txt
[2009/08/19 12:19:48 | 000,011,780 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_ATL80SP1_KB973923UI4D0F.txt
[2009/03/30 09:59:15 | 000,000,680 | ---- | C] () -- C:\Users\BILL\AppData\Local\d3d9caps.dat
[2009/03/28 07:29:22 | 000,000,734 | ---- | C] () -- C:\Windows\graphedt.INI
[2009/03/04 09:30:43 | 048,198,582 | ---- | C] () -- C:\Program Files (x86)\SageTV.zip
[2009/01/28 09:40:01 | 000,194,178 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_SqlPubWiz.msi5DC5.txt
[2009/01/28 09:39:56 | 000,746,050 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_SSCEDeviceRuntime_MSI5DB5.txt
[2009/01/28 09:39:53 | 000,342,216 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_SQLCEToolsForVS2007_MSI5DAB.txt
[2009/01/28 09:34:20 | 028,326,790 | ---- | C] () -- C:\Users\BILL\AppData\Local\VSMsiLog596B.txt
[2009/01/28 09:13:42 | 018,490,298 | ---- | C] () -- C:\Users\BILL\AppData\Local\VSMsiLog49A1.txt
[2009/01/06 08:45:19 | 000,341,814 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_VC_i64RuntimeMSI7CFA.txt
[2009/01/06 08:45:19 | 000,011,402 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_VC_i64RuntimeUI7CFA.txt
[2009/01/06 08:45:08 | 000,526,982 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_VC_x64RuntimeMSI7CD6.txt
[2009/01/06 08:45:08 | 000,011,480 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_VC_x64RuntimeUI7CD6.txt
[2009/01/06 08:44:59 | 000,451,776 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_VC_x86RuntimeMSI7CB9.txt
[2009/01/06 08:44:59 | 000,011,448 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_VC_x86RuntimeUI7CB9.txt
[2009/01/06 08:26:58 | 000,193,784 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_SqlPubWiz.msi6EEF.txt
[2009/01/06 08:26:57 | 000,286,730 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_WinSDK_RefInt_x64_MSI6EEC.txt
[2009/01/06 08:26:53 | 000,559,514 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_WinSDK_NetFxTools_x64_MSI6EDF.txt
[2009/01/06 08:26:50 | 000,655,650 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_WinSDK_Tools_x64_MSI6ED5.txt
[2009/01/06 08:26:46 | 000,549,266 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_RDBG_AMD64_MSI6EC8.txt
[2009/01/06 08:26:44 | 000,302,186 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_64bitEmulator_MSI6EC1.txt
[2009/01/06 08:26:26 | 005,183,670 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_WMSP_5_0_MSI6E86.txt
[2009/01/06 08:25:54 | 007,098,042 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_WMPPC_5_0_MSI6E1E.txt
[2009/01/06 08:25:49 | 000,745,656 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_SSCEDeviceRuntime_MSI6E0E.txt
[2009/01/06 08:25:46 | 000,340,544 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_SQLCEToolsForVS2007_MSI6E04.txt
[2009/01/06 08:25:40 | 000,362,630 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_SSCERuntime_MSI6DF0.txt
[2009/01/06 08:24:38 | 000,876,868 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_VSTOR_MSI6D26.txt
[2009/01/06 08:24:22 | 001,058,142 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_NETCFSetupv35_MSI6CF2.txt
[2009/01/06 08:24:15 | 001,024,972 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_NETCFSetupv2_MSI6CDB.txt
[2009/01/06 08:18:59 | 028,422,402 | ---- | C] () -- C:\Users\BILL\AppData\Local\VSMsiLog68D3.txt
[2009/01/06 08:17:24 | 002,894,176 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_Dexplorer90_retMSI679D.txt
[2009/01/06 08:17:22 | 000,363,888 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_PreReq_AMD64_MSI6796.txt
[2009/01/06 08:17:18 | 000,882,738 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_VC_MinRed_MSI6789.txt
[2009/01/06 08:13:30 | 000,561,264 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_depcheck_VS_PRO_90.txt
[2009/01/06 08:13:27 | 001,410,784 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_install_vs_procore_90.txt
[2009/01/06 08:13:27 | 000,000,040 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_error_vs_procore_90.txt
[2009/01/06 07:30:31 | 000,456,154 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_rdbgexp64_80MSI43B4.txt
[2009/01/06 07:30:29 | 000,017,232 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_rdbgexp64_80UI43B4.txt
[2009/01/06 07:28:22 | 006,478,448 | ---- | C] () -- C:\Users\BILL\AppData\Local\VSMsiLog4215.txt
[2008/11/28 11:25:03 | 000,338,058 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_SharedManagementObjects_MSI100C.txt
[2008/11/28 11:25:00 | 000,172,810 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_SQLSysClrTypes_msi1002.txt
[2008/11/28 11:21:50 | 012,150,430 | ---- | C] () -- C:\Users\BILL\AppData\Local\VSMsiLog0D96.txt
[2008/11/28 11:20:36 | 000,149,946 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_WinSDK_VWDTools_x64_MSI0CA4.txt
[2008/11/28 11:20:31 | 001,228,318 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_ExpRemoteDbg_x64_MSI0C94.txt
[2008/11/28 11:19:24 | 002,483,440 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_NET_Framework35_x64_MSI0BB9.txt
[2008/11/28 11:08:36 | 000,200,298 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2008/11/28 11:08:35 | 000,205,528 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_dotnetfx35install.txt
[2008/11/28 11:08:35 | 000,000,002 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_dotnetfx35error.txt
[2008/11/28 11:08:22 | 000,421,630 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_VC_Red_MSI0347.txt
[2008/11/28 11:01:41 | 000,213,641 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_depcheck_VNS_EXP_90.txt
[2008/11/28 11:01:37 | 000,813,736 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_install_vns_xcor_90.txt
[2008/11/28 11:01:37 | 000,318,300 | ---- | C] () -- C:\Users\BILL\AppData\Local\uxeventlog.txt
[2008/11/28 11:01:37 | 000,000,002 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_error_vns_xcor_90.txt
[2008/11/06 05:34:51 | 000,097,802 | ---- | C] () -- C:\Windows\SysWow64\Crp32dll.dll
[2008/11/05 18:58:45 | 000,000,092 | ---- | C] () -- C:\Users\BILL\AppData\Local\fusioncache.dat
[2008/11/05 18:54:50 | 000,000,063 | ---- | C] () -- C:\Windows\SysWow64\behami.DLL
[2008/11/05 18:51:24 | 000,968,686 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/11/05 18:50:51 | 000,000,252 | ---- | C] () -- C:\Windows\miisec.ini
[2008/11/05 18:50:21 | 000,748,160 | ---- | C] () -- C:\Windows\SysWow64\CO2C40EN.DLL
[2008/11/05 18:50:21 | 000,027,136 | ---- | C] () -- C:\Windows\SysWow64\u2lsamp1.dll
[2008/11/05 18:49:59 | 000,245,760 | ---- | C] () -- C:\Windows\SysWow64\OptiSEC.dll
[2008/11/05 18:49:59 | 000,000,195 | ---- | C] () -- C:\Windows\optisec.ini
[2008/11/05 18:49:08 | 000,000,122 | ---- | C] () -- C:\Windows\MiiLink.ini
[2008/08/18 04:18:02 | 007,118,848 | ---- | C] () -- C:\ProgramData\sandra.mda
[2008/08/09 05:03:27 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\sfppm.dll
[2008/07/27 03:02:52 | 000,000,668 | ---- | C] () -- C:\Users\BILL\AppData\Roaming\vso_ts_preview.xml
[2008/07/22 06:32:25 | 000,000,289 | ---- | C] () -- C:\Windows\IfoEdit.INI
[2008/07/22 03:47:45 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008/07/19 16:09:07 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/07/18 03:30:26 | 000,007,867 | ---- | C] () -- C:\Windows\Irremote.ini
[2008/07/13 06:41:54 | 000,000,000 | ---- | C] () -- C:\Windows\oodcnt.INI
[2008/07/12 06:28:37 | 000,000,420 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/07/12 03:09:45 | 000,000,895 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/07/11 19:04:48 | 000,241,664 | ---- | C] () -- C:\Windows\SysWow64\uuirtdrv.dll
[2008/07/07 05:36:39 | 000,000,047 | ---- | C] () -- C:\Windows\SysWow64\veolx32n.dll
[2008/07/07 04:27:55 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2008/07/06 11:29:57 | 000,000,034 | ---- | C] () -- C:\Users\BILL\AppData\Roaming\pcouffin.log
[2008/07/06 11:29:42 | 000,099,384 | ---- | C] () -- C:\Users\BILL\AppData\Roaming\inst.exe
[2008/07/06 11:29:42 | 000,007,859 | ---- | C] () -- C:\Users\BILL\AppData\Roaming\pcouffin.cat
[2008/07/06 11:29:42 | 000,001,167 | ---- | C] () -- C:\Users\BILL\AppData\Roaming\pcouffin.inf
[2008/07/06 11:00:53 | 000,490,865 | ---- | C] () -- C:\Windows\SysWow64\amnau32.dll
[2008/07/06 06:08:42 | 000,000,121 | ---- | C] () -- C:\Windows\bdagent.INI
[2008/06/01 07:21:36 | 000,045,056 | ---- | C] () -- C:\Users\BILL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/01 03:31:57 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/06/01 03:31:14 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/05/31 07:25:35 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2008/05/31 07:12:00 | 000,000,732 | ---- | C] () -- C:\Users\BILL\AppData\Local\d3d9caps64.dat
[2008/05/04 13:08:55 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\CPUINFO2.DLL
[2004/01/30 09:37:50 | 000,000,092 | R--- | C] () -- C:\Windows\SysWow64\FTDIUN2K.INI
[2002/10/11 16:21:46 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\FixP4.dll
[2002/08/26 21:05:44 | 000,045,056 | R--- | C] () -- C:\Windows\SysWow64\ksProptyUtl.dll
[2002/03/01 14:43:34 | 000,028,008 | ---- | C] () -- C:\Windows\SysWow64\SUSUSB.SYS
[2001/12/03 16:50:58 | 000,147,456 | R--- | C] () -- C:\Windows\SysWow64\LTTLS13N.DLL
[2001/12/03 16:50:20 | 000,708,608 | R--- | C] () -- C:\Windows\SysWow64\LTCRY13N.DLL
[2001/09/21 06:00:38 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\InTouchViewer.dll
[2001/09/21 05:59:38 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\InTouchCOMClient.dll
[2001/09/17 09:49:22 | 000,421,888 | R--- | C] () -- C:\Windows\SysWow64\XMLParser.dll
[2001/09/17 09:49:20 | 000,573,440 | R--- | C] () -- C:\Windows\SysWow64\dbsock.dll
[2001/09/17 09:49:20 | 000,118,784 | R--- | C] () -- C:\Windows\SysWow64\Transport.dll
[2001/09/17 09:48:54 | 000,503,808 | R--- | C] () -- C:\Windows\SysWow64\lt_xtrans.dll
[2001/09/17 09:48:54 | 000,286,720 | R--- | C] () -- C:\Windows\SysWow64\MrSIDD.dll
[2001/09/17 09:48:54 | 000,163,840 | R--- | C] () -- C:\Windows\SysWow64\lt_common.dll
[2001/09/17 09:48:54 | 000,126,976 | R--- | C] () -- C:\Windows\SysWow64\lt_trans.dll
[2001/09/17 09:48:54 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\lt_meta.dll
[2001/09/17 09:48:54 | 000,053,248 | R--- | C] () -- C:\Windows\SysWow64\lt_encrypt.dll
[2001/09/17 09:48:54 | 000,020,480 | R--- | C] () -- C:\Windows\SysWow64\lt_messagetext.dll
[2001/09/17 09:48:52 | 000,006,688 | R--- | C] () -- C:\Windows\SysWow64\Digita.sys
[2001/09/17 09:48:48 | 000,049,152 | R--- | C] () -- C:\Windows\SysWow64\TransportUSB.dll
[2001/09/17 09:48:48 | 000,049,152 | R--- | C] () -- C:\Windows\SysWow64\TransportSerial.dll
[2001/09/17 09:48:48 | 000,049,152 | R--- | C] () -- C:\Windows\SysWow64\TransportIrDA.dll
[2001/09/17 09:48:48 | 000,049,152 | R--- | C] () -- C:\Windows\SysWow64\TransportIrCOMM.dll
[2000/07/07 06:49:30 | 000,069,120 | R--- | C] () -- C:\Windows\SysWow64\LTDLL.DLL
[2000/04/12 16:28:12 | 000,118,784 | R--- | C] () -- C:\Windows\SysWow64\LFKODAK.DLL
[2000/04/12 16:24:10 | 000,338,944 | R--- | C] () -- C:\Windows\SysWow64\LFFPX7.DLL
[1999/05/26 19:13:14 | 000,160,256 | ---- | C] () -- C:\Windows\SysWow64\Mase32.dll
[1999/05/26 19:12:28 | 000,060,928 | ---- | C] () -- C:\Windows\SysWow64\Ma32.dll
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL

========== LOP Check ==========

[2010/03/10 11:52:38 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\.oit
[2008/07/07 03:46:08 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\ACD Systems
[2008/11/09 04:52:06 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\Acronis
[2008/12/30 11:21:55 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\BitDefender
[2010/02/27 07:47:09 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\Canon
[2009/05/12 16:49:16 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\Certblaster
[2009/03/20 15:48:59 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\DAEMON Tools
[2009/03/20 16:03:00 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\DAEMON Tools Lite
[2009/03/20 16:53:35 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\DAEMON Tools Pro
[2009/10/22 11:00:33 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\DVD Profiler
[2008/11/28 06:53:10 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\DVDFab
[2008/07/06 06:37:07 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\EA7Backup
[2008/07/07 05:36:03 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\EBookSys
[2010/03/17 06:54:17 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\EventGhost
[2010/03/13 10:50:08 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\foobar2000
[2008/12/22 08:28:47 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\Foxit
[2008/08/17 03:41:15 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\Graphisoft
[2009/09/09 05:49:35 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\ICAClient
[2008/10/06 18:06:05 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\ImgBurn
[2010/01/13 06:30:40 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\IObit
[2009/08/30 08:05:51 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\iPodder
[2009/05/16 13:45:58 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\Moyea
[2010/02/25 08:04:12 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\Nuance
[2010/02/27 05:53:53 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\ScanSoft
[2009/03/07 07:28:07 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\Scooter Software
[2008/08/10 17:30:28 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\Snappy Fax
[2008/08/09 05:41:05 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\Snappy Fax Archives
[2008/11/11 08:07:18 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\Static Windows Live Mail Backup
[2010/01/20 06:36:48 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\TechSmith
[2009/09/28 09:15:39 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\Thinstall
[2009/04/19 15:03:16 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\VideoReDo-TVSuite
[2010/01/12 10:19:27 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\Vso
[2009/02/19 13:30:49 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\Watchtower
[2009/02/21 07:08:45 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\WinPatrol
[2010/03/23 07:33:44 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\Wireshark
[2008/07/12 06:40:44 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\Zeon
[2010/03/23 10:54:15 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/03/25 04:46:32 | 000,000,432 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{D9282B69-8712-430E-B6C4-6FCA8BCB5DF0}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/07/12 22:52:41 | 016,191,101 | ---- | M] () .cab file -- C:\$Recycle.Bin\S-1-5-21-3618552482-2967264882-3431833374-1000\$R821Y3Y\SVR_2003\i386\sp2.cab:AGP440.sys
[2008/07/12 22:52:41 | 016,191,101 | ---- | M] () .cab file -- C:\$Recycle.Bin\S-1-5-21-3618552482-2967264882-3431833374-1000\$RK3YT40\i386\sp2.cab:AGP440.sys
[2008/01/19 00:09:10 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/07/12 22:52:41 | 016,191,101 | ---- | M] () .cab file -- C:\$Recycle.Bin\S-1-5-21-3618552482-2967264882-3431833374-1000\$R821Y3Y\SVR_2003\i386\sp2.cab:atapi.sys
[2008/07/12 22:52:41 | 016,191,101 | ---- | M] () .cab file -- C:\$Recycle.Bin\S-1-5-21-3618552482-2967264882-3431833374-1000\$RK3YT40\i386\sp2.cab:atapi.sys
[2008/01/19 00:07:48 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 07:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2008/07/17 13:07:02 | 000,001,024 | ---- | M] () MD5=7446DC920E2798C03446858B9226C503 -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\lib\eventlog.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 00:11:32 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/19 00:03:02 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_61f43b1d27cd0ab4\netlogon.dll
[2008/01/18 23:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/18 23:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/18 23:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
[2006/11/02 07:18:47 | 000,684,032 | ---- | M] (Microsoft Corporation) MD5=BFAB28B54DF41208CF3490FF26E53FD9 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_579f90caf36c48b9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2008/01/19 00:08:52 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/18 23:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/18 23:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/18 23:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2006/11/02 07:19:09 | 000,239,616 | ---- | M] (Microsoft Corporation) MD5=32EF13F20B28966D29DE5EABE036431D -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_91f5bbe3948dcf74\scecli.dll
[2008/01/19 00:03:56 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_9c4a6635c8ee916f\scecli.dll

< MD5 for: SYMMPI.SYS >
[2008/07/12 22:52:41 | 016,191,101 | ---- | M] () .cab file -- C:\$Recycle.Bin\S-1-5-21-3618552482-2967264882-3431833374-1000\$R821Y3Y\SVR_2003\i386\sp2.cab:symmpi.sys
[2008/07/12 22:52:41 | 016,191,101 | ---- | M] () .cab file -- C:\$Recycle.Bin\S-1-5-21-3618552482-2967264882-3431833374-1000\$RK3YT40\i386\sp2.cab:symmpi.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

========== Alternate Data Streams ==========

@Alternate Data Stream - 890 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\When Its OK To Ask For Your Money Back______.eml:OECustomProperty
@Alternate Data Stream - 869 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\Fwd_ Why Trampolines are so dangerous.eml:OECustomProperty
@Alternate Data Stream - 845 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\FW_ No more headaches!.eml:OECustomProperty
@Alternate Data Stream - 800 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\Why Trampolines are so dangerous.eml:OECustomProperty
@Alternate Data Stream - 76 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\wtc_side_by_side1280.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\Windows XP -Turn off services not required.avi:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\Windchil.gif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\Wilmington I-40 sign.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\What the don't want you to know about the coming oil crisis - all pages.tif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\Ulead_mediastudio_pro_6.0-front.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\leoandpatcolor.tiff:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\leoandpatcolor.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\Hudson to Aberdeen NC.trp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\1000roses3.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\010913wtc_attack_20.jpg:Roxio EMC Stream
@Alternate Data Stream - 752 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\vonage_com #1099764.eml:OECustomProperty
@Alternate Data Stream - 72 bytes -> C:\Windows:ADC4763CBFB21565
@Alternate Data Stream - 542 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\Service - What it means.eml:OECustomProperty
@Alternate Data Stream - 510 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\katrina.eml:OECustomProperty
@Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:6108D5DF
@Alternate Data Stream - 189 bytes -> C:\ProgramData\TEMP:66633281
@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 166 bytes -> C:\ProgramData\TEMP:8EF7595F
@Alternate Data Stream - 164 bytes -> C:\ProgramData\TEMP:C895616B
@Alternate Data Stream - 1629 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\Fwd_ FW_ BAD rear, BAD ASS_EML (261 KB).eml:OECustomProperty
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0A8E2C33
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:B0B959E5
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:9B013599
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:FED912DB
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:0888F409
< End of report >

#5 scat-2006

scat-2006

    New Member

  • Authentic Member
  • Pip
  • 5 posts

Posted 25 March 2010 - 03:17 AM

patndoris

here are the reults for: Extras.Txt

OTL Extras logfile created on: 3/25/2010 4:56:32 AM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = F:\from 98 machine\F_drive\All Data Saved here\My Desktop
64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): c:\pagefile.sys 4603 4603 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 117.19 Gb Total Space | 14.86 Gb Free Space | 12.68% Space Free | Partition Type: NTFS
Drive D: | 97.65 Gb Total Space | 15.04 Gb Free Space | 15.40% Space Free | Partition Type: NTFS
Drive E: | 83.25 Gb Total Space | 13.72 Gb Free Space | 16.48% Space Free | Partition Type: NTFS
Drive F: | 465.75 Gb Total Space | 121.86 Gb Free Space | 26.16% Space Free | Partition Type: NTFS
Drive G: | 232.88 Gb Total Space | 5.36 Gb Free Space | 2.30% Space Free | Partition Type: NTFS
Drive H: | 465.76 Gb Total Space | 22.06 Gb Free Space | 4.74% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: DADS_DESKTOP
Current User Name: BILL
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- Reg Error: Key error.
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- Reg Error: Key error.
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 81 6D AE 26 BF C3 C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3618552482-2967264882-3431833374-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Promixis\Girder\girder.exe" = C:\Program Files (x86)\Promixis\Girder\girder.exe:*:Enabled:Trust Girder -- (Promixis)
"C:\Program Files (x86)\Promixis\Girder\grunt.exe" = C:\Program Files (x86)\Promixis\Girder\grunt.exe:*:Enabled:Trust Girder Runtime -- (Promixis, LLC)
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Promixis\Girder\girder.exe" = C:\Program Files (x86)\Promixis\Girder\girder.exe:*:Enabled:Trust Girder -- (Promixis)
"C:\Program Files (x86)\Promixis\Girder\grunt.exe" = C:\Program Files (x86)\Promixis\Girder\grunt.exe:*:Enabled:Trust Girder Runtime -- (Promixis, LLC)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Promixis\Girder\girder.exe" = C:\Program Files (x86)\Promixis\Girder\girder.exe:*:Enabled:Trust Girder -- (Promixis)
"C:\Program Files (x86)\Promixis\Girder\grunt.exe" = C:\Program Files (x86)\Promixis\Girder\grunt.exe:*:Enabled:Trust Girder Runtime -- (Promixis, LLC)
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Promixis\Girder\girder.exe" = C:\Program Files (x86)\Promixis\Girder\girder.exe:*:Enabled:Trust Girder -- (Promixis)
"C:\Program Files (x86)\Promixis\Girder\grunt.exe" = C:\Program Files (x86)\Promixis\Girder\grunt.exe:*:Enabled:Trust Girder Runtime -- (Promixis, LLC)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07A93A23-7F01-4890-AB6C-6FAAA76D21D2}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra professional home xii.sp2c\wnt500x64\rpcsandrasrv.exe |
"{29181C18-0603-437A-BE00-747DF5BA0481}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra professional home xii.sp2c\wnt500x64\rpcsandrasrv.exe |
"{3429C3CF-1666-482D-9367-CA642E8264EC}" = lport=56338 | protocol=17 | dir=in | name=color network scangear |
"{35D42812-D3F5-4FAC-BD80-FB024998D1F7}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra professional home xii.sp2c\rpcagentsrv.exe |
"{3E607B2B-2880-4CB1-91FF-4996C9B831CD}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra professional home xii.sp2c\wnt500x64\rpcsandrasrv.exe |
"{4EACC1C2-7DD7-4121-AC8D-7782F8D96B09}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{539334A4-C3EF-418B-8034-C50500D01836}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra professional home xii.sp2c\wnt500x64\rpcsandrasrv.exe |
"{59DBF74F-F4DD-4E42-9209-EAB68B8D4C9F}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra professional home xii.sp2c\wnt500x64\rpcsandrasrv.exe |
"{6BA000AA-984C-4C57-887F-D31E0EAD5FD7}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra professional home xii.sp2c\wnt500x64\rpcsandrasrv.exe |
"{74E0FAB3-783D-459F-BD20-E49037BF567F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7B2A757F-2E34-40FB-BADA-C64D9332BB21}" = lport=56338 | protocol=17 | dir=in | name=color network scangear |
"{82833DFC-5DEC-486E-BB63-90F8183B40D9}" = rport=139 | protocol=6 | dir=out | app=system |
"{955048AE-BE1A-40F2-A0E0-FAE934E722F4}" = lport=137 | protocol=17 | dir=in | app=system |
"{A1179AAE-6CB4-487B-85AD-25D4E7E9924C}" = lport=138 | protocol=17 | dir=in | app=system |
"{A41F1A68-4CA0-4288-8AEE-3DBD05924017}" = rport=137 | protocol=17 | dir=out | app=system |
"{A9DAC733-1AFA-4189-9B9E-088E9D2D2458}" = rport=445 | protocol=6 | dir=out | app=system |
"{ABDFAAD6-C702-4DD5-9DA9-8A512F807F98}" = lport=139 | protocol=6 | dir=in | app=system |
"{AF29613F-2D3E-4E18-8DC0-0AC042F6B8E8}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra professional home xii.sp2c\wnt500x64\rpcsandrasrv.exe |
"{B9E5BB91-F350-43B2-815B-437644333E00}" = lport=445 | protocol=6 | dir=in | app=system |
"{D42D8ED6-2251-48A5-8A39-2DDF813E0205}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra professional home xii.sp2c\wnt500x64\rpcsandrasrv.exe |
"{D70B5AD1-DE65-47A3-9FC0-C0A4E8F832E7}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{DA7C1687-16ED-416F-B187-8543762C3415}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra professional home xii.sp2c\wnt500x64\rpcsandrasrv.exe |
"{F61A8302-A440-4028-9B89-EDABF8EA4625}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F6A4C4FF-C826-4C34-AC01-E98BC18CC4DA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{F84C16BF-1AAF-4423-886B-F6B971CA494C}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A56D49-E830-42EF-A199-A5337C9C2FB6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{00E82E31-90DF-4324-A781-D674E4836C65}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0B8A2D6A-2187-4751-B14B-51CC1E4477A0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0E797664-A7D0-4DA3-B7A4-D1A24F550DC6}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{0F7CD9D6-0DBC-4EAF-A869-E5882A12CB64}" = protocol=17 | dir=in | app=c:\windows\system32\dkabcoms.exe |
"{10F2DD4E-C2FE-41B2-97F0-26118348A7BE}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{1872BEF6-D020-4880-9399-28F63BEF0325}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{27D44C58-4A52-4866-933A-200ECF421386}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{2C8C3BBB-445B-43B1-90FD-0AE5E848CB83}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{32AE0ED3-EF70-4706-B581-72331A7E6D9A}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) |
"{467F820A-0F99-4372-B1DF-135BD0B68750}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{4F98F9B1-0721-48F1-8F21-42E6C209BC2A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5322B56C-1D6B-4D95-B60D-98CEA563FE28}" = protocol=17 | dir=in | app=c:\program files (x86)\sagetv\sagetv\sagetv.exe |
"{5B908C23-0C84-4FD9-949F-F25298EB3D4C}" = protocol=6 | dir=in | app=c:\program files (x86)\canon\color network scangear\sgtool.exe |
"{5C69F7A9-6A37-4C91-B851-385A40E817DF}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{6D5AF4E4-F911-4096-BA94-E581C8D3D105}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{77E68CA2-555C-415D-B541-36A43650A446}" = protocol=6 | dir=in | app=c:\program files (x86)\sagetv\sagetv\sagetvclient.exe |
"{7C745147-508D-4D9D-A92A-B643875899CF}" = protocol=17 | dir=in | app=c:\windows\system32\dkabcoms.exe |
"{872E2A0B-33D0-442F-9CC3-5C81FC170706}" = protocol=17 | dir=in | app=c:\program files (x86)\sagetv\sagetv\sagetvclient.exe |
"{8C37787F-6210-4132-97F7-8736ECBA19F6}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{8D2CE1C6-5B69-479D-A8AB-2AE55724D63C}" = protocol=6 | dir=in | app=c:\windows\system32\dkabcoms.exe |
"{A457752C-B7D0-4317-AAAB-1E23C4A6DAC8}" = protocol=6 | dir=in | app=c:\program files (x86)\sagetv\sagetv\sagetv.exe |
"{A5C857A9-ACB9-44AA-8A02-0C62CCB3A0E5}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{ADE352D0-1DD4-4A63-AB6E-F5FB991A7733}" = protocol=17 | dir=in | app=c:\program files (x86)\canon\color network scangear\sgtool.exe |
"{C3FB3CAD-DA61-4FA7-8D87-F560B845ECDB}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{C56C948F-AA7C-4461-802D-3C0C6E584336}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{CE444E8D-C420-42AE-9539-2095F4675847}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{D3573C06-2E29-47A2-B533-B88053F85B93}" = protocol=6 | dir=in | app=c:\windows\system32\dkabcoms.exe |
"{D6088543-9BD8-4437-A859-82EE703CD238}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{E3D85348-6019-4C8B-BE1B-EB64D6B2CE77}" = protocol=6 | dir=in | app=c:\program files (x86)\sagetv\sagetv\sagetvservice.exe |
"{E58E9639-7428-4B1C-ACD1-744EBCCCC2EA}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{EE9582E0-0E01-4B7A-9B21-37FB0122FF73}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{F1BBA8B4-743C-4C9D-A005-568235A180CB}" = protocol=6 | dir=in | app=c:\program files (x86)\canon\color network scangear\sgtool.exe |
"{F26FD530-72A4-4854-9A8E-43E82A1F734A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F27D4A6E-463C-47C8-9C8D-185E3FE04B64}" = protocol=17 | dir=in | app=c:\program files (x86)\canon\color network scangear\sgtool.exe |
"{F2913DE3-51F0-48E4-9D60-8AFBFCC8D382}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{F62C7D28-5FB5-4535-AE4F-41FD72D7D93D}" = protocol=17 | dir=in | app=c:\program files (x86)\sagetv\sagetv\sagetvservice.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{18C5A65B-0A39-40B5-B958-63055AFAB65C}" = Microsoft SQL Server Setup Support Files (English)
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{29C93182-34F6-3275-A18D-59326851CD57}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu
"{5AC267EB-6FBC-D3DC-1C09-EF62556092FD}" = ccc-utility64
"{62D2F823-0EAA-496D-B0F9-A869BFC51550}" = Microsoft SQL Server 2005 Backward compatibility
"{62EED300-E841-4083-A1D6-60B906271804}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Tools
"{64D5BBC6-5270-3711-AA39-31C1087AF4E6}" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
"{7B738CD9-D107-48C7-8E65-2E6639A39C8D}" = PerfectDisk 10 Professional
"{7D95B533-4BA1-4EED-8096-EFCB6DD6B95F}" = AdventureWorksDBAMD64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer
"{8A52D844-0DA7-40B0-8602-0567C068C081}" = Microsoft SQL Server 2005 Integration Services (64-bit)
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9aa5f39c-a8de-46b0-919a-0248f8bc8490}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{9DAB307E-531F-4992-AB30-6F1AD39E6CF9}" = Desktop Restore
"{AB8F4C84-3DB5-4CD2-B5AE-E93D46452251}" = BitDefender Internet Security 2009
"{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On
"{B358C627-4492-469A-8D0A-FCA1EC769DA9}" = SQLXML4
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B88F5E68-B0FB-950F-EC6F-82FB18DF3E5D}" = ATI Catalyst Install Manager
"{BCDA28CF-BDE3-49BE-AB50-87FD47CA4559}" = OneTouch 4.0
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Professional Home XII.SP2c
"{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}" = Microsoft SQL Server 2008 Native Client
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFF1444A-30A3-4CEC-89F3-18D2F65590F4}" = Nuance PDF Create! 5
"{D1EF69B7-7A97-40FC-9AF1-6D6656FF874F}" = ATI AVIVO64 Codecs
"{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}" = Visual Studio .NET Prerequisites - English
"{D9473D19-26F1-4B91-BBAC-4089CB41BC48}" = Microsoft SQL Server 2008 Management Objects
"{E6459059-B943-4770-9EE4-180F70B765F4}" = Canon D460-490
"{EF8B1A2E-9CCB-3AB2-91E3-4EEDAB1294E1}" = Microsoft Device Emulator (64 bit) version 3.0 - ENU
"{F14F2E25-99AF-42A9-977C-F6D0352DC59F}" = Microsoft SQL Server 2005 (64-bit)
"{F4264106-F90E-4076-98CF-1B878DB14513}" = SQL Server System CLR Types
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"{FE7C8861-3195-4CA5-98EB-094652478192}" = Microsoft SQL Server 2005 Tools (64-bit)
"Dell_HostCD" = Dell Software Uninstall
"HashTab" = HashTab 3.0.0
"Levels Wizard_is1" = Levels Wizard Version 0.1.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005 (64-bit)
"Microsoft Visual Studio 2008 Remote Debugger - ENU" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"RealVNC_is1" = VNC Enterprise Edition E4.4.1
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Snappy Fax Version 4_is1" = Snappy Fax Version 4
"VNCMirror_is1" = VNC Mirror Driver 1.8.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Create
"{07E1A8A8-EEE0-198D-9AB7-8CBE42A830F4}" = Catalyst Control Center Core Implementation
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}" = Visual C++ 2008 x64 Runtime - (v9.0.30729)
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01" = Visual C++ 2008 x64 Runtime - v9.0.30729.01
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{17D1D0AC-CB9C-4273-A827-2D242460C6B5}" = FlipAlbum 5.0 Pro
"{184EF454-D0BF-44A0-AA5A-533C86B16DF7}" = Certblaster CompTIA A+ Enterprise Technician (220-602)
"{186326B4-AF94-B714-7A5C-678524061EFD}" = CCC Help English
"{1F5B0A0A-ACBA-1C8D-DD8C-AB20597DABE9}" = ccc-core-static
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20DA320C-65C1-4F8E-9ECC-93FA326BA227}" = MiTek 2020 Version 7.0 (c:\MiTek)
"{22101996-62AE-4369-8CEF-581A12221033}" = Nero 8 Ultra Edition HD
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22E23C71-C27A-3F30-8849-BB6129E50679}" = Visual C++ 2008 IA64 Runtime - (v9.0.30729)
"{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01" = Visual C++ 2008 IA64 Runtime - v9.0.30729.01
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{34AFE453-F544-4269-89C9-CAB7F0744963}" = Nuance OmniPage 17
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D4F1315-9DC5-45BA-A410-3506C543D133}" = ObjectDBX2005
"{3F7572FF-53D7-47D4-BC16-7B96E8AA2A47}" = eFrame Layout 2.21
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45C8C3C0-789C-4923-8E41-87D4761B99F1}" = AntiPack
"{46B8AE59-A7CB-4C70-BE55-A5B61E5B72D3}" = HD264 Pack
"{48C879AA-DF3C-4638-907D-9412730F7A6F}" = SageTV Client
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59991D18-A988-45AB-B1BF-5ADE6E64CD3F}" = SnagIt 9
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5D7D6980-226F-43A2-A595-5E3A72F2F663}" = MiTek 2020
"{62BDDBDA-82E5-4081-AFA4-3F3FF2192F11}" = MiTek 2020
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf07
"{687E4D73-CC18-430F-9854-AD012C5936A5}" = CertBlaster Security+ 2008
"{6882B3A9-AB98-4ABA-A623-2979FBEA5F9F}_is1" = Moyea FLV Player version 1.5.2.7
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6D1ACE56-38B1-1055-5926-EADFB056F2F2}" = Catalyst Control Center InstallProxy
"{6FDD4688-E063-401D-B6BE-7234E20B9173}" = Microsoft SQL Server 2005 Books Online (English) (September 2007)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.1.3.38d
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79FAE709-37BC-FBAD-53DB-6B8609231007}" = Catalyst Control Center Graphics Full Existing
"{7c3aeaa8-8e35-45f3-b6d9-31da59e6db5e}" = Watchtower Library 2007 - English
"{7E42E47F-DA35-47DC-9EBF-9D3AC1225504}" = ScanSoft PaperPort 11
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{92605735-AAFB-47F7-A67D-17ED129EFF9C}" = ACDSee 4.0
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9F185C48-595B-401A-A1D6-AAB324890DC4}" = GiPo@MoveOnBoot 1.9.5
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A777CB31-A5EC-4E32-A462-2E24F45D4D4F}_is1" = Moyea FLV to Video Converter Pro version 1.29.2.11
"{A8BB9906-E618-406A-B161-7383AFF46C39}" = EasyRecovery Professional
"{AB6E9CF7-7A9B-4973-9A1D-96FB27F4B6AC}" = DataPilot
"{ABA7DDDE-ECA7-4DD3-94D6-0FD6A50D66E0}" = Autodesk Architectural 2005 Object Enabler
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_931" = Adobe Acrobat 9.3.1 - CPSID_50570
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AFE68D65-01D4-4B1A-902D-2660BC0C503F}" = Certblaster CompTIA Network+ (2009 Edition)
"{B5F47039-9B19-4AC3-9A4A-E1CA3068E59F}" = ArcSoft TotalMedia Theatre 3
"{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.1.14.223
"{BDD7EB42-5609-49B1-A4B1-70C9CBD62D5C}" = Certblaster CompTIA A+ Essentials (220-601)
"{BF2A74BF-8D12-47F1-8B19-22B30AF6B0D1}" = Linksys EasyLink Advisor
"{C25EF637-BE7A-4761-9B45-9069989C319F}" = Microsoft Visual Studio 2005 Premier Partner Edition - ENU
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBD55377-3FEA-4A93-A877-DB87B6C6C990}" = Logitech Harmony Remote Software 7
"{CC67C580-EFEA-1B4C-F86C-C360C0593FE3}" = Catalyst Control Center Graphics Previews Vista
"{CD125857-F6CF-4452-8235-AEEE845CDAC4}" = ACDSee 4.0 Service Release 1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CF929EEB-CE39-4F06-B1BF-F51FC617A2B2}" = Catalyst Control Center - Branding
"{D27DBCEF-7D01-C5DF-659E-F27A24AC2181}" = Catalyst Control Center Graphics Previews Common
"{D4A2EF65-9888-4EFF-8EA0-A2D2C3152A29}" = Samsung USB Driver (MCCI 4.34) WHQL v3.4
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{D9E2AA0C-078F-491E-A728-1A621ADF9900}" = OmniForm Premium 5.0
"{E0DFA6F8-C275-823C-9A73-A1608D84E333}" = Catalyst Control Center Graphics Full New
"{E2B64929-B616-4235-B10E-D26D686296F9}" = GiPo@FileUtilities 3.2
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E5343B27-55DF-40BD-9FCF-A643C1331E8A}" = Acronis True Image Home
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{EA426461-31AA-4AB3-B15D-EDD748F08394}_is1" = Moyea FLV Downloader version 1.15.0.15
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED7852A1-F608-423A-B672-6570EFDA499E}" = OptiFrame V2
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1658760-1173-4D65-B709-A0591C104AE1}" = Color Network ScanGear Ver.2.61
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4A06E47-FD0D-CCB2-CEDA-659131E90F3C}" = Catalyst Control Center Graphics Light
"{F665C0D9-D110-4E21-A073-952057C7ADB1}" = PTDD Super Fdisk 1.0
"{FABB748F-B1AA-ECD0-11CC-28DCAEA2EAA5}" = Catalyst Control Center HydraVision Full
"{FBDBC490-089D-4476-BF72-1F7A6368200A}" = Pure Networks Platform
"{FD7A7CD4-4D52-48B1-ABB9-0B40E67B6F27}" = AutoMate 6
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"ACD FotoSlate" = ACD FotoSlate
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Advanced File Organizer_is1" = Advanced File Organizer 3.0
"Advanced RAR Repair v1.0" = Advanced RAR Repair v1.0
"Advanced RAR Repair v1.2" = Advanced RAR Repair v1.2
"Agent Ransack_is1" = Agent Ransack Version 1.7.3
"AnyDVD" = AnyDVD
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"BC2_is1" = Beyond Compare Version 2.2.7
"BeyondCompare3_is1" = Beyond Compare Version 3.0.15
"CCleaner" = CCleaner (remove only)
"Citrix ICA Web Client" = Citrix Presentation Server Web Client for Win32
"cyberlnH" = CyberLink H.264/AVC Video Decoder
"DebugMode Wink" = DebugMode Wink
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"Driver Magician_is1" = Driver Magician 3.28
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.2.5
"DVDFab 6_is1" = DVDFab 6.2.0.5 (11/11/2009)
"EA7_is1" = Express Assist 7.0
"Effective File Search" = Effective File Search 5.4
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"EventGhost_is1" = EventGhost 0.3.6.1486
"ffdshow_is1" = ffdshow [rev 2975] [2009-05-28]
"Floppy Image_is1" = Floppy Image 2.3
"FolderView" = FolderView
"foobar2000" = foobar2000 v0.9.5
"Foxit Reader" = Foxit Reader
"HaaliMkx" = Haali Media Splitter
"HD Tune_is1" = HD Tune 2.55
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{A8BB9906-E618-406A-B161-7383AFF46C39}" = EasyRecovery Professional
"InstallShield_{AB6E9CF7-7A9B-4973-9A1D-96FB27F4B6AC}" = DataPilot
"InstallShield_{B5F47039-9B19-4AC3-9A4A-E1CA3068E59F}" = ArcSoft TotalMedia Theatre 3
"InstallShield_{D4A2EF65-9888-4EFF-8EA0-A2D2C3152A29}" = Samsung USB Driver (MCCI 4.34) WHQL v3.4
"InvelosDVDProfiler_is1" = DVD Profiler Version 3.1.1
"IsoBuster_is1" = IsoBuster 2.5.5
"Linksys EasyLink Advisor" = Linksys EasyLink Advisor
"Local Port Scanner_is1" = Local Port Scanner v1.2.2
"MakeMKV" = MakeMKV v1.4.6_beta
"MediaInfo" = MediaInfo 0.7.19 (32-bit)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"MKVtoolnix" = MKVtoolnix 2.5.3
"MVApplication1" = SureThing CD Labeler Deluxe 4
"N10-004" = TestInside N10-004
"nLite_is1" = nLite 1.4.9.1
"OneTouch Version 3.0" = OneTouch Version 3.0
"PicturesToExe" = PicturesToExe
"Promixis Girder_is1" = Promixis Girder 4.0.5.2
"QuickTime" = QuickTime
"RealAlt_is1" = Real Alternative 1.9.0
"Replay Media Catcher 3.01" = Replay Media Catcher 3.01
"Revo Uninstaller" = Revo Uninstaller 1.83
"R-Studio 4.6NSIS" = R-Studio 4.6
"R-Studio Agent Emergency Startup Media Creator 4.6NSIS" = R-Studio Agent Emergency Startup Media Creator 4.6
"Snappy Fax Version 4_is1" = Snappy Fax Version 4
"SpeedFan" = SpeedFan (remove only)
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.2
"Spyware Doctor" = Spyware Doctor 6.0
"ST6UNST #1" = MiTek Link
"Static Windows Live Mail Backup_is1" = Static Windows Live Mail Backup 2.6
"TweakVI" = TweakVI
"UltraISO_is1" = UltraISO 8.0 Premium Edition
"VideoReDoTVSuite_is1" = VideoReDo TVSuite Version 3.1.3.544
"VirtualCloneDrive" = VirtualCloneDrive
"Visual CertExam Suite_is1" = Visual CertExam Suite 1.9
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR archiver
"Wireshark" = Wireshark 1.2.6
"YouTubeGet_is1" = YouTubeGet 4.9.10

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"8e6da7758020d260" = Contacts
"HuluDesktop" = HuluDesktop
"WinImage" = WinImage

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/22/2010 4:57:49 AM | Computer Name = Dads_Desktop | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.

Error - 1/24/2010 1:42:43 AM | Computer Name = Dads_Desktop | Source = APC UPS Service | ID = 61456
Description = PowerChute not communicating with the battery backup.

Error - 1/24/2010 6:05:13 AM | Computer Name = Dads_Desktop | Source = APC UPS Service | ID = 61456
Description = PowerChute not communicating with the battery backup.

Error - 1/24/2010 1:01:42 PM | Computer Name = Dads_Desktop | Source = APC UPS Service | ID = 61456
Description = PowerChute not communicating with the battery backup.

Error - 1/24/2010 2:30:47 PM | Computer Name = Dads_Desktop | Source = APC UPS Service | ID = 61456
Description = PowerChute not communicating with the battery backup.

Error - 1/24/2010 3:59:47 PM | Computer Name = Dads_Desktop | Source = APC UPS Service | ID = 61456
Description = PowerChute not communicating with the battery backup.

Error - 1/25/2010 8:59:36 AM | Computer Name = Dads_Desktop | Source = System Restore | ID = 8193
Description =

Error - 1/25/2010 10:52:15 AM | Computer Name = Dads_Desktop | Source = APC UPS Service | ID = 61456
Description = PowerChute not communicating with the battery backup.

Error - 1/25/2010 2:16:40 PM | Computer Name = Dads_Desktop | Source = APC UPS Service | ID = 61456
Description = PowerChute not communicating with the battery backup.



Error - 1/26/2010 12:23:15 AM | Computer Name = Dads_Desktop | Source = APC UPS Service | ID = 61456
Description = PowerChute not communicating with the battery backup.

[ OSession Events ]
Error - 3/3/2010 5:47:29 AM | Computer Name = Dads_Desktop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#6 patndoris

patndoris

    SuperMember

  • Malware Team
  • 2,593 posts

Posted 25 March 2010 - 06:10 PM

I can see that you have what appears to be several programs for password detection and recovery on your system, as well as files that would allow recording of keystrokes. I'd like to be sure you knowing installed these programs and are aware they are on your machine. If not, they would be considered a seriuos security risk.

Please go to: VirusTotal
  • Posted Image
  • Click the Browse button and search for the following files:
    C:\Windows\GSetup.ini
    C:\Windows\SysWow64\behami.DLL
    C:\Windows\{48C879AA-DF3C-4638-907D-9412730F7A6F}_WiseFW.ini
    C:\Windows\SysNative\bdod.bin
    C:\Users\BILL\AppData\Roaming\inst.exe
  • Click Open
  • Then click Send File
  • Please be patient while the file is scanned.
  • Once the scan results appear, please provide them in your next reply.
If it says already scanned -- click "reanalyze now"

Please post the results in your next reply.
~Doris~

Proud Graduate of the WTT Classroom
Member of UNITE

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.whatthetech.com/donate

#7 scat-2006

scat-2006

    New Member

  • Authentic Member
  • Pip
  • 5 posts

Posted 26 March 2010 - 04:48 AM

patndoris One of the last programs I installed was MD5 password, and the reason for this is that I have setup two VMware machines in a Server 2008 domain controller and I am in the process of studying Configuring Active Directory for Windows Server 2008 and I was off the machione for a little while after I had changed the Administator password and of course I forgot the password. I first tried the program Elcomsoft Proactive System Password Recovery v5.50 and it said it let me change the password but on reboot I could not get in, so I ran it again and saved the ADHashes for the user password and tried the program MD5 password on the Hash and it ran two days and no results. I don't know of a program of recording of keystrokes except a macro recording program. here are the results you asked for, I just selected what was on the screen and pasted each file listed as file1,2,.... file 1: C:\Windows\GSetup.ini File GSetup.ini received on 2010.03.26 10:27:57 (UTC) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/42 (0%) Loading server information... Your file is queued in position: 3. Estimated start time is between 56 and 80 seconds. Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result a-squared 4.5.0.50 2010.03.26 - AhnLab-V3 5.0.0.2 2010.03.25 - AntiVir 7.10.5.226 2010.03.26 - Antiy-AVL 2.0.3.7 2010.03.26 - Authentium 5.2.0.5 2010.03.26 - Avast 4.8.1351.0 2010.03.25 - Avast5 5.0.332.0 2010.03.25 - AVG 9.0.0.787 2010.03.26 - BitDefender 7.2 2010.03.26 - CAT-QuickHeal 10.00 2010.03.26 - ClamAV 0.96.0.0-git 2010.03.26 - Comodo 4391 2010.03.26 - DrWeb 5.0.1.12222 2010.03.26 - eSafe 7.0.17.0 2010.03.25 - eTrust-Vet 35.2.7390 2010.03.26 - F-Prot 4.5.1.85 2010.03.25 - F-Secure 9.0.15370.0 2010.03.26 - Fortinet 4.0.14.0 2010.03.24 - GData 19 2010.03.26 - Ikarus T3.1.1.80.0 2010.03.26 - Jiangmin 13.0.900 2010.03.26 - K7AntiVirus 7.10.1004 2010.03.22 - Kaspersky 7.0.0.125 2010.03.26 - McAfee 5931 2010.03.25 - McAfee+Artemis 5931 2010.03.25 - McAfee-GW-Edition 6.8.5 2010.03.26 - Microsoft 1.5605 2010.03.26 - NOD32 4976 2010.03.26 - Norman 6.04.10 2010.03.25 - nProtect 2009.1.8.0 2010.03.26 - Panda 10.0.2.2 2010.03.25 - PCTools 7.0.3.5 2010.03.26 - Prevx 3.0 2010.03.26 - Rising 22.40.04.04 2010.03.26 - Sophos 4.52.0 2010.03.26 - Sunbelt 6094 2010.03.26 - Symantec 20091.2.0.41 2010.03.26 - TheHacker 6.5.2.0.245 2010.03.26 - TrendMicro 9.120.0.1004 2010.03.26 - VBA32 3.12.12.2 2010.03.25 - ViRobot 2010.3.26.2246 2010.03.26 - VirusBuster 5.0.27.0 2010.03.25 - Additional information File size: 10 bytes MD5...: d90bd390f621b6d5bc7f2b2c5cdaf99a SHA1..: 3277004deb49d2e5b15db78c3a85870d00ee4cd7 SHA256: 5c15f99e0609f073de8cf5c96ab9e3f03baf8192c017f2c69c4357de3f98f093 ssdeep: 3:FkNn:C PEiD..: - PEInfo: - RDS...: NSRL Reference Data Set - pdfid.: - trid..: Unknown! sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned ============================================= file 2: C:\Windows\SysWow64\behami.DLL File behami.DLL received on 2010.03.26 10:12:41 (UTC) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/42 (0%) Loading server information... Your file is queued in position: 1. Estimated start time is between 42 and 60 seconds. Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result a-squared 4.5.0.50 2010.03.26 - AhnLab-V3 5.0.0.2 2010.03.25 - AntiVir 7.10.5.225 2010.03.25 - Antiy-AVL 2.0.3.7 2010.03.26 - Authentium 5.2.0.5 2010.03.26 - Avast 4.8.1351.0 2010.03.25 - Avast5 5.0.332.0 2010.03.25 - AVG 9.0.0.787 2010.03.26 - BitDefender 7.2 2010.03.26 - CAT-QuickHeal 10.00 2010.03.26 - ClamAV 0.96.0.0-git 2010.03.26 - Comodo 4390 2010.03.26 - DrWeb 5.0.1.12222 2010.03.26 - eSafe 7.0.17.0 2010.03.25 - eTrust-Vet 35.2.7390 2010.03.26 - F-Prot 4.5.1.85 2010.03.25 - F-Secure 9.0.15370.0 2010.03.26 - Fortinet 4.0.14.0 2010.03.24 - GData 19 2010.03.26 - Ikarus T3.1.1.80.0 2010.03.26 - Jiangmin 13.0.900 2010.03.26 - K7AntiVirus 7.10.1004 2010.03.22 - Kaspersky 7.0.0.125 2010.03.26 - McAfee 5931 2010.03.25 - McAfee+Artemis 5931 2010.03.25 - McAfee-GW-Edition 6.8.5 2010.03.26 - Microsoft 1.5605 2010.03.26 - NOD32 4975 2010.03.25 - Norman 6.04.10 2010.03.25 - nProtect 2009.1.8.0 2010.03.26 - Panda 10.0.2.2 2010.03.25 - PCTools 7.0.3.5 2010.03.26 - Prevx 3.0 2010.03.26 - Rising 22.40.04.04 2010.03.26 - Sophos 4.52.0 2010.03.26 - Sunbelt 6094 2010.03.26 - Symantec 20091.2.0.41 2010.03.26 - TheHacker 6.5.2.0.245 2010.03.26 - TrendMicro 9.120.0.1004 2010.03.26 - VBA32 3.12.12.2 2010.03.25 - ViRobot 2010.3.26.2245 2010.03.26 - VirusBuster 5.0.27.0 2010.03.25 - Additional information File size: 63 bytes MD5...: 9438605033fb036144c6f9a498d947db SHA1..: c34395e46bee30c802322ede64cd77627f09c34b SHA256: 055a1d9e1f6d7995ccc6bdd72596733398776962515d0ca434ae1fa2c1db8c12 ssdeep: 3:gURSVUgtUQTQXJTsTCQH6UTgQc5V:gU0tNcX4fTgTV PEiD..: - PEInfo: - RDS...: NSRL Reference Data Set - pdfid.: - trid..: Unknown! sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned ==================================== file 3: C:\Windows\{48C879AA-DF3C-4638-907D-9412730F7A6F}_WiseFW.ini File _48C879AA-DF3C-4638-907D-9412730F received on 2010.03.26 10:19:16 (UTC) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/41 (0%) Loading server information... Your file is queued in position: 2. Estimated start time is between 49 and 70 seconds. Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result a-squared 4.5.0.50 2010.03.26 - AhnLab-V3 5.0.0.2 2010.03.25 - AntiVir 7.10.5.226 2010.03.26 - Antiy-AVL 2.0.3.7 2010.03.26 - Authentium 5.2.0.5 2010.03.26 - Avast 4.8.1351.0 2010.03.25 - Avast5 5.0.332.0 2010.03.25 - AVG 9.0.0.787 2010.03.26 - BitDefender 7.2 2010.03.26 - CAT-QuickHeal 10.00 2010.03.26 - ClamAV 0.96.0.0-git 2010.03.26 - Comodo 4391 2010.03.26 - DrWeb 5.0.1.12222 2010.03.26 - eSafe 7.0.17.0 2010.03.25 - eTrust-Vet 35.2.7390 2010.03.26 - F-Prot 4.5.1.85 2010.03.25 - F-Secure 9.0.15370.0 2010.03.26 - Fortinet 4.0.14.0 2010.03.24 - GData 19 2010.03.26 - Ikarus T3.1.1.80.0 2010.03.26 - Jiangmin 13.0.900 2010.03.26 - K7AntiVirus 7.10.1004 2010.03.22 - Kaspersky 7.0.0.125 2010.03.26 - McAfee 5931 2010.03.25 - McAfee+Artemis 5931 2010.03.25 - McAfee-GW-Edition 6.8.5 2010.03.26 - Microsoft 1.5605 2010.03.26 - NOD32 4976 2010.03.26 - Norman 6.04.10 2010.03.25 - nProtect 2009.1.8.0 2010.03.26 - Panda 10.0.2.2 2010.03.25 - PCTools 7.0.3.5 2010.03.26 - Rising 22.40.04.04 2010.03.26 - Sophos 4.52.0 2010.03.26 - Sunbelt 6094 2010.03.26 - Symantec 20091.2.0.41 2010.03.26 - TheHacker 6.5.2.0.245 2010.03.26 - TrendMicro 9.120.0.1004 2010.03.26 - VBA32 3.12.12.2 2010.03.25 - ViRobot 2010.3.26.2246 2010.03.26 - VirusBuster 5.0.27.0 2010.03.25 - Additional information File size: 281 bytes MD5...: 61a16d6cb5204a405b258208904d3462 SHA1..: cb274e5e26b97287cfebfed79cdc48bc264b62a7 SHA256: c0820e348b5cc2ba5ef78be5cb262810695bd43a83043cdc99d28627ca9c444a ssdeep: 6:1YxKamJ6V1SN5+RWaRbiBpolLBXsRNov83yNWsBQBkf52ErriRNovSCmKe+:1c 2Y1SN5+RH0jY1X2CEg52ECl2 PEiD..: - PEInfo: - RDS...: NSRL Reference Data Set - pdfid.: - trid..: Generic INI configuration (100.0%) sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned ========================================= file 4: C:\Windows\SysNative\bdod.bin File bdod.bin received on 2010.03.26 10:21:13 (UTC) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/42 (0%) Loading server information... Your file is queued in position: 1. Estimated start time is between 42 and 60 seconds. Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result a-squared 4.5.0.50 2010.03.26 - AhnLab-V3 5.0.0.2 2010.03.25 - AntiVir 7.10.5.226 2010.03.26 - Antiy-AVL 2.0.3.7 2010.03.26 - Authentium 5.2.0.5 2010.03.26 - Avast 4.8.1351.0 2010.03.25 - Avast5 5.0.332.0 2010.03.25 - AVG 9.0.0.787 2010.03.26 - BitDefender 7.2 2010.03.26 - CAT-QuickHeal 10.00 2010.03.26 - ClamAV 0.96.0.0-git 2010.03.26 - Comodo 4391 2010.03.26 - DrWeb 5.0.1.12222 2010.03.26 - eSafe 7.0.17.0 2010.03.25 - eTrust-Vet 35.2.7390 2010.03.26 - F-Prot 4.5.1.85 2010.03.25 - F-Secure 9.0.15370.0 2010.03.26 - Fortinet 4.0.14.0 2010.03.24 - GData 19 2010.03.26 - Ikarus T3.1.1.80.0 2010.03.26 - Jiangmin 13.0.900 2010.03.26 - K7AntiVirus 7.10.1004 2010.03.22 - Kaspersky 7.0.0.125 2010.03.26 - McAfee 5931 2010.03.25 - McAfee+Artemis 5931 2010.03.25 - McAfee-GW-Edition 6.8.5 2010.03.26 - Microsoft 1.5605 2010.03.26 - NOD32 4976 2010.03.26 - Norman 6.04.10 2010.03.25 - nProtect 2009.1.8.0 2010.03.26 - Panda 10.0.2.2 2010.03.25 - PCTools 7.0.3.5 2010.03.26 - Prevx 3.0 2010.03.26 - Rising 22.40.04.04 2010.03.26 - Sophos 4.52.0 2010.03.26 - Sunbelt 6094 2010.03.26 - Symantec 20091.2.0.41 2010.03.26 - TheHacker 6.5.2.0.245 2010.03.26 - TrendMicro 9.120.0.1004 2010.03.26 - VBA32 3.12.12.2 2010.03.25 - ViRobot 2010.3.26.2246 2010.03.26 - VirusBuster 5.0.27.0 2010.03.25 - Additional information File size: 81984 bytes MD5...: 6250fc771f5c2438dd4ca7d458672954 SHA1..: fd12f5190474a128ab104d5d9bc4644a57f7d1fa SHA256: 3deabd5269be14d868a210a626729f158b036b98fe86a8617102ddcdf2ec8b5b ssdeep: 768:d5OJaX+vTn8jJZQlJHPYCQk3Kw6SPzwz03LZ/:OJaOvT8tWRgw6SPzxb9 PEiD..: - PEInfo: - RDS...: NSRL Reference Data Set - pdfid.: - sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned trid..: Unknown! =============================================== file 5: C:\Users\BILL\AppData\Roaming\inst.exe File inst.exe received on 2010.03.26 10:22:54 (UTC) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/42 (0%) Loading server information... Your file is queued in position: 1. Estimated start time is between 42 and 60 seconds. Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result a-squared 4.5.0.50 2010.03.26 - AhnLab-V3 5.0.0.2 2010.03.25 - AntiVir 7.10.5.226 2010.03.26 - Antiy-AVL 2.0.3.7 2010.03.26 - Authentium 5.2.0.5 2010.03.26 - Avast 4.8.1351.0 2010.03.25 - Avast5 5.0.332.0 2010.03.25 - AVG 9.0.0.787 2010.03.26 - BitDefender 7.2 2010.03.26 - CAT-QuickHeal 10.00 2010.03.26 - ClamAV 0.96.0.0-git 2010.03.26 - Comodo 4391 2010.03.26 - DrWeb 5.0.1.12222 2010.03.26 - eSafe 7.0.17.0 2010.03.25 - eTrust-Vet 35.2.7390 2010.03.26 - F-Prot 4.5.1.85 2010.03.25 - F-Secure 9.0.15370.0 2010.03.26 - Fortinet 4.0.14.0 2010.03.24 - GData 19 2010.03.26 - Ikarus T3.1.1.80.0 2010.03.26 - Jiangmin 13.0.900 2010.03.26 - K7AntiVirus 7.10.1004 2010.03.22 - Kaspersky 7.0.0.125 2010.03.26 - McAfee 5931 2010.03.25 - McAfee+Artemis 5931 2010.03.25 - McAfee-GW-Edition 6.8.5 2010.03.26 - Microsoft 1.5605 2010.03.26 - NOD32 4976 2010.03.26 - Norman 6.04.10 2010.03.25 - nProtect 2009.1.8.0 2010.03.26 - Panda 10.0.2.2 2010.03.25 - PCTools 7.0.3.5 2010.03.26 - Prevx 3.0 2010.03.26 - Rising 22.40.04.04 2010.03.26 - Sophos 4.52.0 2010.03.26 - Sunbelt 6094 2010.03.26 - Symantec 20091.2.0.41 2010.03.26 - TheHacker 6.5.2.0.245 2010.03.26 - TrendMicro 9.120.0.1004 2010.03.26 - VBA32 3.12.12.2 2010.03.25 - ViRobot 2010.3.26.2246 2010.03.26 - VirusBuster 5.0.27.0 2010.03.25 - Additional information File size: 99384 bytes MD5...: 16e53bfc96ce14021c0e07eb1c198478 SHA1..: b75f62fb98757b73c2df8ffede7a52b71085e0be SHA256: 124f3710c7c8979724b40f129d99b3d6caabc865c2948db52641c33a1fc4d072 ssdeep: 1536:6bRrisTKdSi8ArhBzCytumR6AJlpkt8DhBMbGa5LOeUzxs7xG:6VWWhrArP zCytumn/pkt8FcGa5LEFsw PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x2900 timedatestamp.....: 0x44a1149d (Tue Jun 27 11:21:01 2006) machinetype.......: 0x8664 (AMD64) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x1004e 0x10200 6.24 0f59b9311b2bd6817059d6f63734556a .rdata 0x12000 0x3f22 0x4000 5.23 ab9dc3fc3a103a11de7e03205349a6d1 .data 0x16000 0x3858 0x1600 1.75 50847fcfc95c11922243799b4ec64c98 .pdata 0x1a000 0xf9c 0x1000 4.95 c5aaa14fd9c0a166ca0b582cef910973 .rsrc 0x1b000 0xb0 0x200 4.10 415e32d4188ceb8632ebd291bbc1b934 ( 6 imports ) > newdev.dll: UpdateDriverForPlugAndPlayDevicesW > SETUPAPI.dll: SetupDiRemoveDevice, SetupDiCallClassInstaller, SetupDiSetDeviceRegistryPropertyW, SetupDiCreateDeviceInfoW, SetupDiCreateDeviceInfoList, SetupDiGetDeviceRegistryPropertyW, SetupDiOpenDeviceInfoW > KERNEL32.dll: HeapSize, ReadFile, SetEndOfFile, HeapReAlloc, CreateFileA, FormatMessageW, GetLastError, CloseHandle, GetCurrentProcess, GetPrivateProfileStringW, MultiByteToWideChar, LocalFree, ExitProcess, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, LoadLibraryA, GetCommandLineA, HeapFree, GetVersionExA, HeapAlloc, GetProcessHeap, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, RtlCaptureContext, RtlUnwindEx, EnterCriticalSection, LeaveCriticalSection, RtlVirtualUnwind, RtlLookupFunctionEntry, GetCPInfo, GetACP, GetOEMCP, GetProcAddress, GetModuleHandleA, FlsGetValue, FlsSetValue, TlsFree, FlsFree, SetLastError, GetCurrentThreadId, FlsAlloc, WriteFile, GetStdHandle, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, GetFileType, GetStartupInfoA, DeleteCriticalSection, HeapSetInformation, HeapCreate, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, SetStdHandle, GetConsoleCP, GetConsoleMode, FlushFileBuffers, Sleep, CreateFileW, InitializeCriticalSection, SetFilePointer, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA > ADVAPI32.dll: LookupPrivilegeValueA, AdjustTokenPrivileges, OpenProcessToken > SHELL32.dll: SHGetFolderPathW > ole32.dll: CLSIDFromString ( 0 exports ) RDS...: NSRL Reference Data Set - pdfid.: - trid..: Generic Win/DOS Executable (49.9%) DOS Executable Generic (49.8%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%) sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: VSO-SOFTWARE VeriSign Class 3 Code Signing 2004 CA Class 3 Public Primary Certification Authority signing date.: 11:53 AM 12/8/2006 verified.....: - Thank you for helping me Scat

#8 patndoris

patndoris

    SuperMember

  • Malware Team
  • 2,593 posts

Posted 26 March 2010 - 05:02 PM

As long as you have knowingly installed the macro recorder (which records keystrokes) and the password recovery software that is fine.

I don't see any obvious signs of malware on your machine, but I'd like to do a couple of additional scans to be on the safe side.

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Please post the log in your next reply.

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe as administrator (right click and choose Run as Administrator) pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Please do a scan with Kaspersky Online Scanner
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run. (At times it may appear to stall)
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Once the scan is complete, click on View scan report To obtain the report:
  • Click on: Save Report As
  • Next, in the ]Save as prompt, Save in area, select: Desktop
  • In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select:
  • Text file [*.txt] Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.
~Doris~

Proud Graduate of the WTT Classroom
Member of UNITE

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.whatthetech.com/donate

#9 scat-2006

scat-2006

    New Member

  • Authentic Member
  • Pip
  • 5 posts

Posted 29 March 2010 - 08:54 AM

patndoris

I have tried two times to get this to complete
the Kaspersky Online Scanner and it hangs after 14 hours
see image
Posted Image
I am jsut going to reformat my c: drive and do a fresh install of Vista x64
you can close this topic
Thank you for all your help

Scat

Edited by scat-2006, 29 March 2010 - 08:55 AM.


#10 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 29 March 2010 - 03:37 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users