[Resolved] my computer is scanning for open ports on other computers o
#1
Posted 23 March 2010 - 09:15 AM
Register to Remove
#2
Posted 24 March 2010 - 04:14 PM
My name is patndoris. I will be glad to take a look at your log and help you with solving any malware problems. It will be very helpful if you follow these guidelines:
- Malware logs are often lengthy and can take a lot of time to research and interpret. Please be patient while I review your logs.
- Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
- Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
- Please follow my instructions carefully and in the order they are posted. You may also find it helpful to print out the instructions you receive.
- Please do not run any scans or install/uninstall any applications or delete anything without being directed to do so.
- Remember, absence of symptoms does not mean the infection is all gone. Please stick with me till you're given the "all clear".
- Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
- Please reply within 3 days. If I do not hear back from you in that time frame, I will post a reminder for you. Topics with no reply in 4 days are closed!
This may cause a delay in response time, but I will do my best to keep it as short as possible.
I will post back shortly with instructions.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.whatthetech.com/donate
#3
Posted 24 March 2010 - 06:33 PM
- Download OTL to your desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Under the Custom Scan box paste this in:
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically. - Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.whatthetech.com/donate
#4
Posted 25 March 2010 - 03:15 AM
here are the reults for: OTL.Txt
OTL logfile created on: 3/25/2010 4:56:32 AM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = F:\from 98 machine\F_drive\All Data Saved here\My Desktop
64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): c:\pagefile.sys 4603 4603 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 117.19 Gb Total Space | 14.86 Gb Free Space | 12.68% Space Free | Partition Type: NTFS
Drive D: | 97.65 Gb Total Space | 15.04 Gb Free Space | 15.40% Space Free | Partition Type: NTFS
Drive E: | 83.25 Gb Total Space | 13.72 Gb Free Space | 16.48% Space Free | Partition Type: NTFS
Drive F: | 465.75 Gb Total Space | 121.86 Gb Free Space | 26.16% Space Free | Partition Type: NTFS
Drive G: | 232.88 Gb Total Space | 5.36 Gb Free Space | 2.30% Space Free | Partition Type: NTFS
Drive H: | 465.76 Gb Total Space | 22.06 Gb Free Space | 4.74% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Computer Name: DADS_DESKTOP
Current User Name: BILL
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/03/25 04:54:23 | 000,555,520 | ---- | M] (OldTimer Tools) -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\OTL.exe
PRC - [2009/08/14 20:19:44 | 000,326,192 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2009/08/14 20:19:30 | 000,399,920 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2009/08/14 20:19:24 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2009/01/29 18:11:32 | 000,052,392 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PRC - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/11/13 15:43:49 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
PRC - [2008/10/30 00:34:36 | 000,027,136 | ---- | M] () -- C:\Program Files (x86)\EventGhost\EventGhost.exe
PRC - [2008/06/10 02:21:01 | 000,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWOW64\java.exe
PRC - [2007/09/14 04:01:56 | 000,492,600 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
PRC - [2007/09/14 03:02:34 | 000,905,056 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2007/09/14 02:55:30 | 000,140,568 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2007/09/14 02:52:46 | 002,595,480 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2007/07/19 18:54:48 | 000,689,408 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2007/07/19 18:54:40 | 000,656,640 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2006/12/19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe
========== Modules (SafeList) ==========
MOD - [2010/03/25 04:54:23 | 000,555,520 | ---- | M] (OldTimer Tools) -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\OTL.exe
MOD - [2008/01/18 23:34:00 | 000,450,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2008/01/18 23:26:36 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010/03/21 23:50:10 | 000,677,888 | ---- | M] (BitDefender SRL) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV:64bit: - [2010/01/26 15:09:16 | 001,486,088 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine)
SRV:64bit: - [2010/01/26 15:09:14 | 001,503,496 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent)
SRV:64bit: - [2009/11/12 11:43:08 | 002,609,632 | ---- | M] (BitDefender S. R. L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe -- (VSSERV)
SRV:64bit: - [2009/11/09 09:45:00 | 000,424,960 | ---- | M] () [On_Demand | Running] -- C:\Windows\SysNative\inetsrv\iisw3adm.dll -- (WAS)
SRV:64bit: - [2009/11/09 09:45:00 | 000,424,960 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\inetsrv\iisw3adm.dll -- (W3SVC)
SRV:64bit: - [2009/08/13 22:15:40 | 000,202,752 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/08/10 07:47:36 | 000,412,672 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV:64bit: - [2009/05/26 22:29:54 | 039,659,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER)
SRV:64bit: - [2009/05/26 22:29:32 | 000,198,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe -- (MsDtsServer)
SRV:64bit: - [2008/11/25 12:45:30 | 000,426,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE -- (SQLSERVERAGENT)
SRV:64bit: - [2008/11/25 12:45:30 | 000,064,352 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV:64bit: - [2008/07/29 14:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV:64bit: - [2008/07/17 13:07:04 | 000,143,360 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe -- (Arrakis3)
SRV:64bit: - [2008/05/12 12:51:32 | 002,601,848 | ---- | M] (RealVNC Ltd.) [On_Demand | Stopped] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV:64bit: - [2008/04/23 18:55:56 | 000,098,488 | ---- | M] (SiSoftware) [Disabled | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII.SP2c\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV:64bit: - [2008/01/19 00:06:52 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/01/19 00:04:22 | 000,252,928 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2008/01/19 00:01:12 | 000,598,016 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2008/01/19 00:00:54 | 000,195,584 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/01/19 00:00:54 | 000,058,368 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV:64bit: - [2008/01/19 00:00:48 | 000,012,288 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\wmsvc.exe -- (WMSvc)
SRV:64bit: - [2008/01/19 00:00:44 | 001,147,904 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2008/01/19 00:00:20 | 000,015,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN)
SRV:64bit: - [2008/01/19 00:00:18 | 000,689,152 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\fxssvc.exe -- (Fax)
SRV:64bit: - [2007/11/23 14:02:00 | 000,131,072 | ---- | M] (Visioneer Inc.) [Disabled | Stopped] -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe -- (OneTouch 4.0 Monitor)
SRV:64bit: - [2007/06/22 11:51:32 | 000,158,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe -- (msftesql)
SRV:64bit: - [2006/10/21 12:38:20 | 000,476,568 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\DKabcoms.exe -- (dkab_device)
SRV - [2009/11/09 09:20:24 | 000,371,712 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/11/09 09:20:24 | 000,371,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/10/20 14:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/08/14 20:19:44 | 000,326,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009/08/14 20:19:30 | 000,399,920 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2009/08/14 20:19:24 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2009/03/22 10:45:29 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/21 14:08:06 | 001,095,560 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/01/07 13:40:56 | 000,348,752 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/12/01 11:49:02 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2008/11/13 15:43:49 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2008/10/25 12:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/07/27 14:01:49 | 000,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/01/18 23:33:44 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2007/09/14 04:01:56 | 000,492,600 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2007/09/14 02:55:52 | 000,599,320 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/07/19 18:54:48 | 000,689,408 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2006/12/19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2006/11/02 09:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 02:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 02:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2006/10/21 12:38:24 | 000,508,824 | ---- | M] ( ) [On_Demand | Stopped] -- C:\Windows\SysWow64\DKabcoms.exe -- (dkab_device)
SRV - [2006/07/26 11:29:56 | 003,857,408 | ---- | M] (Network Automation, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\AutoMate 6\AMTS.exe -- (AutoMate6)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\tbextension\ [2009/03/19 05:49:38 | 000,000,000 | ---D | M]
Hosts file not found
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItBHO64.dll (TechSmith Corporation)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (FlpLauncher Class) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files (x86)\E-Book Systems\FlipAlbum 5 Pro\FpLaunch.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Catcher Class) - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files (x86)\Moyea\FLV Downloader\MoyeaCth.dll (Moyea Software Co., Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Create 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll (Bitdefender)
O3:64bit: - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\Antispam32\IEToolbar.dll (Bitdefender)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Create 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe (BitDefender)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper 32] C:\Program Files\BitDefender\BitDefender 2009\Antispam32\IEShow.exe (BitDefender)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: [mount.exe] C:\Program Files (x86)\GiPo@Utilities\FileUtilities.3\mount.exe (Gibin Software House (http://www.gibinsoft.net))
O4 - Startup: C:\Users\BILL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\BILL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EventGhost.lnk = C:\Program Files (x86)\EventGhost\EventGhost.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\AdvancedOptions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to existing PDF file - C:\Program Files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Create PDF file - C:\Program Files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Create PDF file from the content of the link - C:\Program Files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Create PDF files from the selected links - C:\Program Files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to existing PDF file - C:\Program Files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Create PDF file - C:\Program Files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file from the content of the link - C:\Program Files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF files from the selected links - C:\Program Files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\SysNative\wpclsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} http://newhorizons.m...auth/icaweb.cab (Citrix ICA Client)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1268657164146 (MUCatalogWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.micr...44/igdtoolx.cab (IGDTester Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll ()
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems Incorporated)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\M-M Susan-2b.jpg
O24 - Desktop BackupWallPaper: C:\Windows\M-M Susan-2b.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll ()
O30:64bit: - LSA: Authentication Packages - (tive\Contr.com) - File not found
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis)
O30 - LSA: Authentication Packages - (m32\wltrysvc.e) - File not found
O30:64bit: - LSA: Security Packages - (RVER\90\TOOLS\BINN\VSSHELL\COMMON7\ID) - File not found
O30 - LSA: Security Packages - (ges - (RVER\90\TOOLS\BINN\VSSHELL\COM) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{42a6d868-1587-11de-bfce-001d7de6e5f3}\Shell - "" = AutoRun
O33 - MountPoints2\{42a6d868-1587-11de-bfce-001d7de6e5f3}\Shell\AutoRun\command - "" = I:\hbcd\wintools\autorun.exe -- File not found
O33 - MountPoints2\{42a6d868-1587-11de-bfce-001d7de6e5f3}\Shell\Option1\Command - "" = I:\hbcd\wintools\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *OODBSOODBS) - File not found
O34 - HKLM BootExecute: (PDBoot.exe) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2008/06/01 04:04:47 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll ()
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll ()
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll ()
NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008/06/01 04:05:01 | 000,000,000 | ---D | M]
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)
OTL cannot create restorepoints on Vista OSs!
========== Files/Folders - Created Within 14 Days ==========
[2010/03/25 04:54:23 | 000,555,520 | ---- | C] (OldTimer Tools) -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\OTL.exe
[2010/03/23 10:16:05 | 000,000,000 | ---D | C] -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\Are you Infected
[2010/03/23 08:55:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/03/23 08:13:00 | 000,000,000 | ---D | C] -- F:\from 98 machine\F_drive\All Data Saved here\My Documents\WireShark results
[2010/03/23 07:33:44 | 000,000,000 | ---D | C] -- C:\Users\BILL\AppData\Roaming\Wireshark
[2010/03/23 07:31:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2010/03/23 07:31:03 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2010/03/22 14:30:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/03/20 05:10:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElcomSoft
[2010/03/18 13:25:44 | 000,000,000 | ---D | C] -- F:\from 98 machine\F_drive\All Data Saved here\My Documents\OneNote Notebooks
[2010/03/17 06:53:57 | 000,000,000 | ---D | C] -- C:\Users\BILL\AppData\Roaming\EventGhost
[2010/03/13 06:36:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSSOAP
[2010/03/13 06:36:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
[2010/03/13 06:36:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Webroot
[2010/03/13 06:12:17 | 000,000,000 | ---D | C] -- C:\Users\BILL\AppData\Local\VS Revo Group
[2008/11/05 18:50:21 | 000,018,944 | ---- | C] ( ) -- C:\Windows\SysWow64\IMPLODE.DLL
[2008/08/21 04:42:40 | 000,614,400 | ---- | C] ( ) -- C:\Windows\SysWow64\DKabcomc.dll
[2008/08/21 04:42:40 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\DKabcomm.dll
[2008/08/21 04:42:40 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\DKabprox.dll
[2008/07/06 11:29:42 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\BILL\AppData\Roaming\pcouffin.sys
[18 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[18 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\BILL\AppData\Local\*.tmp files -> C:\Users\BILL\AppData\Local\*.tmp -> ]
========== Files - Modified Within 14 Days ==========
[2010/03/25 04:56:40 | 005,767,168 | ---- | M] () -- C:\Users\BILL\ntuser.dat
[2010/03/25 04:56:01 | 000,000,289 | ---- | M] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\my computer is scanning for open ports on other computers on my home n.url
[2010/03/25 04:54:23 | 000,555,520 | ---- | M] (OldTimer Tools) -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\OTL.exe
[2010/03/25 04:46:32 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D9282B69-8712-430E-B6C4-6FCA8BCB5DF0}.job
[2010/03/25 04:41:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/24 18:09:14 | 000,952,458 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/03/24 18:09:14 | 000,785,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/03/24 18:09:14 | 000,167,664 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/03/24 18:04:09 | 000,005,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/24 18:04:09 | 000,005,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/24 18:04:08 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/24 18:03:53 | 4293,382,144 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/24 06:11:56 | 000,000,215 | ---- | M] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\Problem Accessing File System for Playback - SageTV Community.url
[2010/03/23 10:54:16 | 000,081,984 | ---- | M] () -- C:\Windows\SysNative\bdod.bin
[2010/03/23 10:54:14 | 000,524,288 | -HS- | M] () -- C:\Users\BILL\ntuser.dat{54717b19-665d-11de-be51-005056c00008}.TMContainer00000000000000000001.regtrans-ms
[2010/03/23 10:54:14 | 000,065,536 | -HS- | M] () -- C:\Users\BILL\ntuser.dat{54717b19-665d-11de-be51-005056c00008}.TM.blf
[2010/03/23 10:54:12 | 004,818,981 | -H-- | M] () -- C:\Users\BILL\AppData\Local\IconCache.db
[2010/03/22 09:34:53 | 000,002,517 | ---- | M] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\Microsoft Office Word 2007.lnk
[2010/03/22 04:56:27 | 000,000,156 | ---- | M] () -- C:\Windows\Twunk001.MTX
[2010/03/22 04:56:27 | 000,000,003 | ---- | M] () -- C:\Windows\Twain001.Mtx
[2010/03/22 04:41:35 | 000,000,510 | ---- | M] () -- C:\Windows\SysNative\BDUpdateV1.xml
[2010/03/21 05:34:46 | 000,000,145 | ---- | M] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\EventGhost • View topic - Change 'Playback Devices' in Control Panel (Sound).url
[2010/03/20 14:22:53 | 000,000,242 | ---- | M] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\Newegg.com - GIGABYTE GA-P55-UD5 LGA 1156 Intel P55 ATX Intel Motherboard - Intel Motherboards.url
[2010/03/20 14:22:36 | 000,000,280 | ---- | M] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\Newegg.com - Intel Core i7-860 Lynnfield 2.8GHz 8MB L3 Cache LGA 1156 95W Quad-Core Processor - Processors - Desktops.url
[2010/03/20 06:30:46 | 000,003,959 | ---- | M] () -- F:\from 98 machine\F_drive\All Data Saved here\My Documents\WINDOWS SERVER 2008 PSWD RECOVERY.vmd5
[2010/03/20 06:30:07 | 000,000,518 | ---- | M] () -- C:\Windows\pwc61.INI
[2010/03/20 05:19:34 | 000,000,291 | ---- | M] () -- C:\Users\BILL\AppData\Roaming\default.pwcfg
[2010/03/20 05:19:33 | 000,000,291 | ---- | M] () -- F:\from 98 machine\F_drive\All Data Saved here\My Documents\ba.pwcfg
[2010/03/20 05:12:49 | 000,000,068 | ---- | M] () -- C:\Windows\Awpr.ini
[2010/03/19 04:33:22 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/03/19 04:33:17 | 000,045,056 | ---- | M] () -- C:\Users\BILL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/18 14:23:41 | 000,000,182 | ---- | M] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\System & security software ElcomSoft System Recovery Forgot administrator password Replace or recover it.url
[2010/03/17 12:25:59 | 000,000,850 | ---- | M] () -- C:\Users\BILL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EventGhost.lnk
[2010/03/16 07:48:20 | 000,000,214 | ---- | M] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\Learn Scripting.url
[2010/03/13 07:50:24 | 000,000,237 | ---- | M] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\LOT 2 Logitech Harmony 880 LCD Universal Remote Control - eBay (item 220503065892 end time Mar-29-10 111702 PDT).url
[2010/03/13 06:36:11 | 000,000,164 | ---- | M] () -- C:\Windows\install.dat
[2010/03/13 04:56:49 | 027,635,135 | ---- | M] () -- C:\Program Files (x86)\EventGhost.zip
[18 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[18 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\BILL\AppData\Local\*.tmp files -> C:\Users\BILL\AppData\Local\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/03/25 04:56:01 | 000,000,289 | ---- | C] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\my computer is scanning for open ports on other computers on my home n.url
[2010/03/24 06:11:56 | 000,000,215 | ---- | C] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\Problem Accessing File System for Playback - SageTV Community.url
[2010/03/23 07:31:10 | 000,357,758 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_vcredistMSI5CE0.txt
[2010/03/23 07:31:10 | 000,018,046 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_vcredistUI5CE0.txt
[2010/03/21 05:34:46 | 000,000,145 | ---- | C] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\EventGhost • View topic - Change 'Playback Devices' in Control Panel (Sound).url
[2010/03/20 14:22:52 | 000,000,242 | ---- | C] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\Newegg.com - GIGABYTE GA-P55-UD5 LGA 1156 Intel P55 ATX Intel Motherboard - Intel Motherboards.url
[2010/03/20 14:22:36 | 000,000,280 | ---- | C] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\Newegg.com - Intel Core i7-860 Lynnfield 2.8GHz 8MB L3 Cache LGA 1156 95W Quad-Core Processor - Processors - Desktops.url
[2010/03/20 06:30:46 | 000,003,959 | ---- | C] () -- F:\from 98 machine\F_drive\All Data Saved here\My Documents\WINDOWS SERVER 2008 PSWD RECOVERY.vmd5
[2010/03/20 05:19:34 | 000,000,291 | ---- | C] () -- C:\Users\BILL\AppData\Roaming\default.pwcfg
[2010/03/20 05:19:33 | 000,000,291 | ---- | C] () -- F:\from 98 machine\F_drive\All Data Saved here\My Documents\ba.pwcfg
[2010/03/20 05:18:08 | 000,000,518 | ---- | C] () -- C:\Windows\pwc61.INI
[2010/03/20 05:06:27 | 000,000,068 | ---- | C] () -- C:\Windows\Awpr.ini
[2010/03/18 14:23:41 | 000,000,182 | ---- | C] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\System & security software ElcomSoft System Recovery Forgot administrator password Replace or recover it.url
[2010/03/17 13:13:24 | 000,142,848 | ---- | C] () -- C:\Windows\SysNative\drivers\ArcHlp.sys
[2010/03/17 12:25:59 | 000,000,850 | ---- | C] () -- C:\Users\BILL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EventGhost.lnk
[2010/03/16 08:28:48 | 000,330,056 | ---- | C] () -- C:\Windows\SysNative\ftd2xx.dll
[2010/03/16 08:28:48 | 000,069,192 | ---- | C] () -- C:\Windows\SysNative\drivers\ftdibus.sys
[2010/03/16 07:48:20 | 000,000,214 | ---- | C] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\Learn Scripting.url
[2010/03/13 07:46:26 | 000,000,237 | ---- | C] () -- F:\from 98 machine\F_drive\All Data Saved here\My Desktop\LOT 2 Logitech Harmony 880 LCD Universal Remote Control - eBay (item 220503065892 end time Mar-29-10 111702 PDT).url
[2010/03/13 06:27:28 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2010/03/13 04:56:49 | 027,635,135 | ---- | C] () -- C:\Program Files (x86)\EventGhost.zip
[2010/02/25 08:09:16 | 000,032,139 | ---- | C] () -- C:\Windows\maxlink.ini
[2009/10/20 14:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/10/17 07:21:50 | 000,084,480 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/10/17 07:20:40 | 000,093,696 | ---- | C] () -- C:\Users\BILL\AppData\Roaming\ezpinst.exe
[2009/10/17 05:35:47 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\rmc_rtspdl.dll
[2009/08/24 09:09:11 | 000,000,281 | ---- | C] () -- C:\Windows\{48C879AA-DF3C-4638-907D-9412730F7A6F}_WiseFW.ini
[2009/08/19 12:23:53 | 000,233,202 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_ATL90SP1_KB973924MSI502F.txt
[2009/08/19 12:23:53 | 000,011,706 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_ATL90SP1_KB973924UI502F.txt
[2009/08/19 12:20:11 | 000,563,842 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_ATL80SP1_KB973923MSI4D57.txt
[2009/08/19 12:20:10 | 000,011,684 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_ATL80SP1_KB973923UI4D57.txt
[2009/08/19 12:19:49 | 000,576,528 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_ATL80SP1_KB973923MSI4D0F.txt
[2009/08/19 12:19:48 | 000,011,780 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_ATL80SP1_KB973923UI4D0F.txt
[2009/03/30 09:59:15 | 000,000,680 | ---- | C] () -- C:\Users\BILL\AppData\Local\d3d9caps.dat
[2009/03/28 07:29:22 | 000,000,734 | ---- | C] () -- C:\Windows\graphedt.INI
[2009/03/04 09:30:43 | 048,198,582 | ---- | C] () -- C:\Program Files (x86)\SageTV.zip
[2009/01/28 09:40:01 | 000,194,178 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_SqlPubWiz.msi5DC5.txt
[2009/01/28 09:39:56 | 000,746,050 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_SSCEDeviceRuntime_MSI5DB5.txt
[2009/01/28 09:39:53 | 000,342,216 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_SQLCEToolsForVS2007_MSI5DAB.txt
[2009/01/28 09:34:20 | 028,326,790 | ---- | C] () -- C:\Users\BILL\AppData\Local\VSMsiLog596B.txt
[2009/01/28 09:13:42 | 018,490,298 | ---- | C] () -- C:\Users\BILL\AppData\Local\VSMsiLog49A1.txt
[2009/01/06 08:45:19 | 000,341,814 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_VC_i64RuntimeMSI7CFA.txt
[2009/01/06 08:45:19 | 000,011,402 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_VC_i64RuntimeUI7CFA.txt
[2009/01/06 08:45:08 | 000,526,982 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_VC_x64RuntimeMSI7CD6.txt
[2009/01/06 08:45:08 | 000,011,480 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_VC_x64RuntimeUI7CD6.txt
[2009/01/06 08:44:59 | 000,451,776 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_VC_x86RuntimeMSI7CB9.txt
[2009/01/06 08:44:59 | 000,011,448 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_VC_x86RuntimeUI7CB9.txt
[2009/01/06 08:26:58 | 000,193,784 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_SqlPubWiz.msi6EEF.txt
[2009/01/06 08:26:57 | 000,286,730 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_WinSDK_RefInt_x64_MSI6EEC.txt
[2009/01/06 08:26:53 | 000,559,514 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_WinSDK_NetFxTools_x64_MSI6EDF.txt
[2009/01/06 08:26:50 | 000,655,650 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_WinSDK_Tools_x64_MSI6ED5.txt
[2009/01/06 08:26:46 | 000,549,266 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_RDBG_AMD64_MSI6EC8.txt
[2009/01/06 08:26:44 | 000,302,186 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_64bitEmulator_MSI6EC1.txt
[2009/01/06 08:26:26 | 005,183,670 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_WMSP_5_0_MSI6E86.txt
[2009/01/06 08:25:54 | 007,098,042 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_WMPPC_5_0_MSI6E1E.txt
[2009/01/06 08:25:49 | 000,745,656 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_SSCEDeviceRuntime_MSI6E0E.txt
[2009/01/06 08:25:46 | 000,340,544 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_SQLCEToolsForVS2007_MSI6E04.txt
[2009/01/06 08:25:40 | 000,362,630 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_SSCERuntime_MSI6DF0.txt
[2009/01/06 08:24:38 | 000,876,868 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_VSTOR_MSI6D26.txt
[2009/01/06 08:24:22 | 001,058,142 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_NETCFSetupv35_MSI6CF2.txt
[2009/01/06 08:24:15 | 001,024,972 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_NETCFSetupv2_MSI6CDB.txt
[2009/01/06 08:18:59 | 028,422,402 | ---- | C] () -- C:\Users\BILL\AppData\Local\VSMsiLog68D3.txt
[2009/01/06 08:17:24 | 002,894,176 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_Dexplorer90_retMSI679D.txt
[2009/01/06 08:17:22 | 000,363,888 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_PreReq_AMD64_MSI6796.txt
[2009/01/06 08:17:18 | 000,882,738 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_VC_MinRed_MSI6789.txt
[2009/01/06 08:13:30 | 000,561,264 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_depcheck_VS_PRO_90.txt
[2009/01/06 08:13:27 | 001,410,784 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_install_vs_procore_90.txt
[2009/01/06 08:13:27 | 000,000,040 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_error_vs_procore_90.txt
[2009/01/06 07:30:31 | 000,456,154 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_rdbgexp64_80MSI43B4.txt
[2009/01/06 07:30:29 | 000,017,232 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_rdbgexp64_80UI43B4.txt
[2009/01/06 07:28:22 | 006,478,448 | ---- | C] () -- C:\Users\BILL\AppData\Local\VSMsiLog4215.txt
[2008/11/28 11:25:03 | 000,338,058 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_SharedManagementObjects_MSI100C.txt
[2008/11/28 11:25:00 | 000,172,810 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_SQLSysClrTypes_msi1002.txt
[2008/11/28 11:21:50 | 012,150,430 | ---- | C] () -- C:\Users\BILL\AppData\Local\VSMsiLog0D96.txt
[2008/11/28 11:20:36 | 000,149,946 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_WinSDK_VWDTools_x64_MSI0CA4.txt
[2008/11/28 11:20:31 | 001,228,318 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_ExpRemoteDbg_x64_MSI0C94.txt
[2008/11/28 11:19:24 | 002,483,440 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_NET_Framework35_x64_MSI0BB9.txt
[2008/11/28 11:08:36 | 000,200,298 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2008/11/28 11:08:35 | 000,205,528 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_dotnetfx35install.txt
[2008/11/28 11:08:35 | 000,000,002 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_dotnetfx35error.txt
[2008/11/28 11:08:22 | 000,421,630 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_VC_Red_MSI0347.txt
[2008/11/28 11:01:41 | 000,213,641 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_depcheck_VNS_EXP_90.txt
[2008/11/28 11:01:37 | 000,813,736 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_install_vns_xcor_90.txt
[2008/11/28 11:01:37 | 000,318,300 | ---- | C] () -- C:\Users\BILL\AppData\Local\uxeventlog.txt
[2008/11/28 11:01:37 | 000,000,002 | ---- | C] () -- C:\Users\BILL\AppData\Local\dd_error_vns_xcor_90.txt
[2008/11/06 05:34:51 | 000,097,802 | ---- | C] () -- C:\Windows\SysWow64\Crp32dll.dll
[2008/11/05 18:58:45 | 000,000,092 | ---- | C] () -- C:\Users\BILL\AppData\Local\fusioncache.dat
[2008/11/05 18:54:50 | 000,000,063 | ---- | C] () -- C:\Windows\SysWow64\behami.DLL
[2008/11/05 18:51:24 | 000,968,686 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/11/05 18:50:51 | 000,000,252 | ---- | C] () -- C:\Windows\miisec.ini
[2008/11/05 18:50:21 | 000,748,160 | ---- | C] () -- C:\Windows\SysWow64\CO2C40EN.DLL
[2008/11/05 18:50:21 | 000,027,136 | ---- | C] () -- C:\Windows\SysWow64\u2lsamp1.dll
[2008/11/05 18:49:59 | 000,245,760 | ---- | C] () -- C:\Windows\SysWow64\OptiSEC.dll
[2008/11/05 18:49:59 | 000,000,195 | ---- | C] () -- C:\Windows\optisec.ini
[2008/11/05 18:49:08 | 000,000,122 | ---- | C] () -- C:\Windows\MiiLink.ini
[2008/08/18 04:18:02 | 007,118,848 | ---- | C] () -- C:\ProgramData\sandra.mda
[2008/08/09 05:03:27 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\sfppm.dll
[2008/07/27 03:02:52 | 000,000,668 | ---- | C] () -- C:\Users\BILL\AppData\Roaming\vso_ts_preview.xml
[2008/07/22 06:32:25 | 000,000,289 | ---- | C] () -- C:\Windows\IfoEdit.INI
[2008/07/22 03:47:45 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008/07/19 16:09:07 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/07/18 03:30:26 | 000,007,867 | ---- | C] () -- C:\Windows\Irremote.ini
[2008/07/13 06:41:54 | 000,000,000 | ---- | C] () -- C:\Windows\oodcnt.INI
[2008/07/12 06:28:37 | 000,000,420 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/07/12 03:09:45 | 000,000,895 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/07/11 19:04:48 | 000,241,664 | ---- | C] () -- C:\Windows\SysWow64\uuirtdrv.dll
[2008/07/07 05:36:39 | 000,000,047 | ---- | C] () -- C:\Windows\SysWow64\veolx32n.dll
[2008/07/07 04:27:55 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2008/07/06 11:29:57 | 000,000,034 | ---- | C] () -- C:\Users\BILL\AppData\Roaming\pcouffin.log
[2008/07/06 11:29:42 | 000,099,384 | ---- | C] () -- C:\Users\BILL\AppData\Roaming\inst.exe
[2008/07/06 11:29:42 | 000,007,859 | ---- | C] () -- C:\Users\BILL\AppData\Roaming\pcouffin.cat
[2008/07/06 11:29:42 | 000,001,167 | ---- | C] () -- C:\Users\BILL\AppData\Roaming\pcouffin.inf
[2008/07/06 11:00:53 | 000,490,865 | ---- | C] () -- C:\Windows\SysWow64\amnau32.dll
[2008/07/06 06:08:42 | 000,000,121 | ---- | C] () -- C:\Windows\bdagent.INI
[2008/06/01 07:21:36 | 000,045,056 | ---- | C] () -- C:\Users\BILL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/01 03:31:57 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/06/01 03:31:14 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/05/31 07:25:35 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2008/05/31 07:12:00 | 000,000,732 | ---- | C] () -- C:\Users\BILL\AppData\Local\d3d9caps64.dat
[2008/05/04 13:08:55 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\CPUINFO2.DLL
[2004/01/30 09:37:50 | 000,000,092 | R--- | C] () -- C:\Windows\SysWow64\FTDIUN2K.INI
[2002/10/11 16:21:46 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\FixP4.dll
[2002/08/26 21:05:44 | 000,045,056 | R--- | C] () -- C:\Windows\SysWow64\ksProptyUtl.dll
[2002/03/01 14:43:34 | 000,028,008 | ---- | C] () -- C:\Windows\SysWow64\SUSUSB.SYS
[2001/12/03 16:50:58 | 000,147,456 | R--- | C] () -- C:\Windows\SysWow64\LTTLS13N.DLL
[2001/12/03 16:50:20 | 000,708,608 | R--- | C] () -- C:\Windows\SysWow64\LTCRY13N.DLL
[2001/09/21 06:00:38 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\InTouchViewer.dll
[2001/09/21 05:59:38 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\InTouchCOMClient.dll
[2001/09/17 09:49:22 | 000,421,888 | R--- | C] () -- C:\Windows\SysWow64\XMLParser.dll
[2001/09/17 09:49:20 | 000,573,440 | R--- | C] () -- C:\Windows\SysWow64\dbsock.dll
[2001/09/17 09:49:20 | 000,118,784 | R--- | C] () -- C:\Windows\SysWow64\Transport.dll
[2001/09/17 09:48:54 | 000,503,808 | R--- | C] () -- C:\Windows\SysWow64\lt_xtrans.dll
[2001/09/17 09:48:54 | 000,286,720 | R--- | C] () -- C:\Windows\SysWow64\MrSIDD.dll
[2001/09/17 09:48:54 | 000,163,840 | R--- | C] () -- C:\Windows\SysWow64\lt_common.dll
[2001/09/17 09:48:54 | 000,126,976 | R--- | C] () -- C:\Windows\SysWow64\lt_trans.dll
[2001/09/17 09:48:54 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\lt_meta.dll
[2001/09/17 09:48:54 | 000,053,248 | R--- | C] () -- C:\Windows\SysWow64\lt_encrypt.dll
[2001/09/17 09:48:54 | 000,020,480 | R--- | C] () -- C:\Windows\SysWow64\lt_messagetext.dll
[2001/09/17 09:48:52 | 000,006,688 | R--- | C] () -- C:\Windows\SysWow64\Digita.sys
[2001/09/17 09:48:48 | 000,049,152 | R--- | C] () -- C:\Windows\SysWow64\TransportUSB.dll
[2001/09/17 09:48:48 | 000,049,152 | R--- | C] () -- C:\Windows\SysWow64\TransportSerial.dll
[2001/09/17 09:48:48 | 000,049,152 | R--- | C] () -- C:\Windows\SysWow64\TransportIrDA.dll
[2001/09/17 09:48:48 | 000,049,152 | R--- | C] () -- C:\Windows\SysWow64\TransportIrCOMM.dll
[2000/07/07 06:49:30 | 000,069,120 | R--- | C] () -- C:\Windows\SysWow64\LTDLL.DLL
[2000/04/12 16:28:12 | 000,118,784 | R--- | C] () -- C:\Windows\SysWow64\LFKODAK.DLL
[2000/04/12 16:24:10 | 000,338,944 | R--- | C] () -- C:\Windows\SysWow64\LFFPX7.DLL
[1999/05/26 19:13:14 | 000,160,256 | ---- | C] () -- C:\Windows\SysWow64\Mase32.dll
[1999/05/26 19:12:28 | 000,060,928 | ---- | C] () -- C:\Windows\SysWow64\Ma32.dll
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL
========== LOP Check ==========
[2010/03/10 11:52:38 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\.oit
[2008/07/07 03:46:08 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\ACD Systems
[2008/11/09 04:52:06 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\Acronis
[2008/12/30 11:21:55 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\BitDefender
[2010/02/27 07:47:09 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\Canon
[2009/05/12 16:49:16 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\Certblaster
[2009/03/20 15:48:59 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\DAEMON Tools
[2009/03/20 16:03:00 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\DAEMON Tools Lite
[2009/03/20 16:53:35 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\DAEMON Tools Pro
[2009/10/22 11:00:33 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\DVD Profiler
[2008/11/28 06:53:10 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\DVDFab
[2008/07/06 06:37:07 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\EA7Backup
[2008/07/07 05:36:03 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\EBookSys
[2010/03/17 06:54:17 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\EventGhost
[2010/03/13 10:50:08 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\foobar2000
[2008/12/22 08:28:47 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\Foxit
[2008/08/17 03:41:15 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\Graphisoft
[2009/09/09 05:49:35 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\ICAClient
[2008/10/06 18:06:05 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\ImgBurn
[2010/01/13 06:30:40 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\IObit
[2009/08/30 08:05:51 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\iPodder
[2009/05/16 13:45:58 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\Moyea
[2010/02/25 08:04:12 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\Nuance
[2010/02/27 05:53:53 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\ScanSoft
[2009/03/07 07:28:07 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\Scooter Software
[2008/08/10 17:30:28 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\Snappy Fax
[2008/08/09 05:41:05 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\Snappy Fax Archives
[2008/11/11 08:07:18 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\Static Windows Live Mail Backup
[2010/01/20 06:36:48 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\TechSmith
[2009/09/28 09:15:39 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\Thinstall
[2009/04/19 15:03:16 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\VideoReDo-TVSuite
[2010/01/12 10:19:27 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\Vso
[2009/02/19 13:30:49 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\Watchtower
[2009/02/21 07:08:45 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\WinPatrol
[2010/03/23 07:33:44 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\Wireshark
[2008/07/12 06:40:44 | 000,000,000 | ---D | M] -- C:\Users\BILL\AppData\Roaming\Zeon
[2010/03/23 10:54:15 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/03/25 04:46:32 | 000,000,432 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{D9282B69-8712-430E-B6C4-6FCA8BCB5DF0}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2008/07/12 22:52:41 | 016,191,101 | ---- | M] () .cab file -- C:\$Recycle.Bin\S-1-5-21-3618552482-2967264882-3431833374-1000\$R821Y3Y\SVR_2003\i386\sp2.cab:AGP440.sys
[2008/07/12 22:52:41 | 016,191,101 | ---- | M] () .cab file -- C:\$Recycle.Bin\S-1-5-21-3618552482-2967264882-3431833374-1000\$RK3YT40\i386\sp2.cab:AGP440.sys
[2008/01/19 00:09:10 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
< MD5 for: ATAPI.SYS >
[2008/07/12 22:52:41 | 016,191,101 | ---- | M] () .cab file -- C:\$Recycle.Bin\S-1-5-21-3618552482-2967264882-3431833374-1000\$R821Y3Y\SVR_2003\i386\sp2.cab:atapi.sys
[2008/07/12 22:52:41 | 016,191,101 | ---- | M] () .cab file -- C:\$Recycle.Bin\S-1-5-21-3618552482-2967264882-3431833374-1000\$RK3YT40\i386\sp2.cab:atapi.sys
[2008/01/19 00:07:48 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2006/11/02 07:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< MD5 for: EVENTLOG.DLL >
[2008/07/17 13:07:02 | 000,001,024 | ---- | M] () MD5=7446DC920E2798C03446858B9226C503 -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\lib\eventlog.dll
< MD5 for: IASTORV.SYS >
[2008/01/19 00:11:32 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2008/01/19 00:03:02 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_61f43b1d27cd0ab4\netlogon.dll
[2008/01/18 23:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/18 23:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/18 23:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
[2006/11/02 07:18:47 | 000,684,032 | ---- | M] (Microsoft Corporation) MD5=BFAB28B54DF41208CF3490FF26E53FD9 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_579f90caf36c48b9\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2008/01/19 00:08:52 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
< MD5 for: SCECLI.DLL >
[2008/01/18 23:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/18 23:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/18 23:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2006/11/02 07:19:09 | 000,239,616 | ---- | M] (Microsoft Corporation) MD5=32EF13F20B28966D29DE5EABE036431D -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_91f5bbe3948dcf74\scecli.dll
[2008/01/19 00:03:56 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_9c4a6635c8ee916f\scecli.dll
< MD5 for: SYMMPI.SYS >
[2008/07/12 22:52:41 | 016,191,101 | ---- | M] () .cab file -- C:\$Recycle.Bin\S-1-5-21-3618552482-2967264882-3431833374-1000\$R821Y3Y\SVR_2003\i386\sp2.cab:symmpi.sys
[2008/07/12 22:52:41 | 016,191,101 | ---- | M] () .cab file -- C:\$Recycle.Bin\S-1-5-21-3618552482-2967264882-3431833374-1000\$RK3YT40\i386\sp2.cab:symmpi.sys
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
========== Alternate Data Streams ==========
@Alternate Data Stream - 890 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\When Its OK To Ask For Your Money Back______.eml:OECustomProperty
@Alternate Data Stream - 869 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\Fwd_ Why Trampolines are so dangerous.eml:OECustomProperty
@Alternate Data Stream - 845 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\FW_ No more headaches!.eml:OECustomProperty
@Alternate Data Stream - 800 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\Why Trampolines are so dangerous.eml:OECustomProperty
@Alternate Data Stream - 76 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\wtc_side_by_side1280.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\Windows XP -Turn off services not required.avi:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\Windchil.gif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\Wilmington I-40 sign.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\What the don't want you to know about the coming oil crisis - all pages.tif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\Ulead_mediastudio_pro_6.0-front.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\leoandpatcolor.tiff:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\leoandpatcolor.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\Hudson to Aberdeen NC.trp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\1000roses3.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\010913wtc_attack_20.jpg:Roxio EMC Stream
@Alternate Data Stream - 752 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\vonage_com #1099764.eml:OECustomProperty
@Alternate Data Stream - 72 bytes -> C:\Windows:ADC4763CBFB21565
@Alternate Data Stream - 542 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\Service - What it means.eml:OECustomProperty
@Alternate Data Stream - 510 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\katrina.eml:OECustomProperty
@Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:6108D5DF
@Alternate Data Stream - 189 bytes -> C:\ProgramData\TEMP:66633281
@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 166 bytes -> C:\ProgramData\TEMP:8EF7595F
@Alternate Data Stream - 164 bytes -> C:\ProgramData\TEMP:C895616B
@Alternate Data Stream - 1629 bytes -> F:\from 98 machine\F_drive\All Data Saved here\My Documents\Fwd_ FW_ BAD rear, BAD ASS_EML (261 KB).eml:OECustomProperty
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0A8E2C33
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:B0B959E5
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:9B013599
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:FED912DB
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:0888F409
< End of report >
#5
Posted 25 March 2010 - 03:17 AM
here are the reults for: Extras.Txt
OTL Extras logfile created on: 3/25/2010 4:56:32 AM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = F:\from 98 machine\F_drive\All Data Saved here\My Desktop
64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): c:\pagefile.sys 4603 4603 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 117.19 Gb Total Space | 14.86 Gb Free Space | 12.68% Space Free | Partition Type: NTFS
Drive D: | 97.65 Gb Total Space | 15.04 Gb Free Space | 15.40% Space Free | Partition Type: NTFS
Drive E: | 83.25 Gb Total Space | 13.72 Gb Free Space | 16.48% Space Free | Partition Type: NTFS
Drive F: | 465.75 Gb Total Space | 121.86 Gb Free Space | 26.16% Space Free | Partition Type: NTFS
Drive G: | 232.88 Gb Total Space | 5.36 Gb Free Space | 2.30% Space Free | Partition Type: NTFS
Drive H: | 465.76 Gb Total Space | 22.06 Gb Free Space | 4.74% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Computer Name: DADS_DESKTOP
Current User Name: BILL
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- Reg Error: Key error.
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- Reg Error: Key error.
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 81 6D AE 26 BF C3 C8 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3618552482-2967264882-3431833374-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Promixis\Girder\girder.exe" = C:\Program Files (x86)\Promixis\Girder\girder.exe:*:Enabled:Trust Girder -- (Promixis)
"C:\Program Files (x86)\Promixis\Girder\grunt.exe" = C:\Program Files (x86)\Promixis\Girder\grunt.exe:*:Enabled:Trust Girder Runtime -- (Promixis, LLC)
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Promixis\Girder\girder.exe" = C:\Program Files (x86)\Promixis\Girder\girder.exe:*:Enabled:Trust Girder -- (Promixis)
"C:\Program Files (x86)\Promixis\Girder\grunt.exe" = C:\Program Files (x86)\Promixis\Girder\grunt.exe:*:Enabled:Trust Girder Runtime -- (Promixis, LLC)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Promixis\Girder\girder.exe" = C:\Program Files (x86)\Promixis\Girder\girder.exe:*:Enabled:Trust Girder -- (Promixis)
"C:\Program Files (x86)\Promixis\Girder\grunt.exe" = C:\Program Files (x86)\Promixis\Girder\grunt.exe:*:Enabled:Trust Girder Runtime -- (Promixis, LLC)
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Promixis\Girder\girder.exe" = C:\Program Files (x86)\Promixis\Girder\girder.exe:*:Enabled:Trust Girder -- (Promixis)
"C:\Program Files (x86)\Promixis\Girder\grunt.exe" = C:\Program Files (x86)\Promixis\Girder\grunt.exe:*:Enabled:Trust Girder Runtime -- (Promixis, LLC)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07A93A23-7F01-4890-AB6C-6FAAA76D21D2}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra professional home xii.sp2c\wnt500x64\rpcsandrasrv.exe |
"{29181C18-0603-437A-BE00-747DF5BA0481}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra professional home xii.sp2c\wnt500x64\rpcsandrasrv.exe |
"{3429C3CF-1666-482D-9367-CA642E8264EC}" = lport=56338 | protocol=17 | dir=in | name=color network scangear |
"{35D42812-D3F5-4FAC-BD80-FB024998D1F7}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra professional home xii.sp2c\rpcagentsrv.exe |
"{3E607B2B-2880-4CB1-91FF-4996C9B831CD}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra professional home xii.sp2c\wnt500x64\rpcsandrasrv.exe |
"{4EACC1C2-7DD7-4121-AC8D-7782F8D96B09}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{539334A4-C3EF-418B-8034-C50500D01836}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra professional home xii.sp2c\wnt500x64\rpcsandrasrv.exe |
"{59DBF74F-F4DD-4E42-9209-EAB68B8D4C9F}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra professional home xii.sp2c\wnt500x64\rpcsandrasrv.exe |
"{6BA000AA-984C-4C57-887F-D31E0EAD5FD7}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra professional home xii.sp2c\wnt500x64\rpcsandrasrv.exe |
"{74E0FAB3-783D-459F-BD20-E49037BF567F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7B2A757F-2E34-40FB-BADA-C64D9332BB21}" = lport=56338 | protocol=17 | dir=in | name=color network scangear |
"{82833DFC-5DEC-486E-BB63-90F8183B40D9}" = rport=139 | protocol=6 | dir=out | app=system |
"{955048AE-BE1A-40F2-A0E0-FAE934E722F4}" = lport=137 | protocol=17 | dir=in | app=system |
"{A1179AAE-6CB4-487B-85AD-25D4E7E9924C}" = lport=138 | protocol=17 | dir=in | app=system |
"{A41F1A68-4CA0-4288-8AEE-3DBD05924017}" = rport=137 | protocol=17 | dir=out | app=system |
"{A9DAC733-1AFA-4189-9B9E-088E9D2D2458}" = rport=445 | protocol=6 | dir=out | app=system |
"{ABDFAAD6-C702-4DD5-9DA9-8A512F807F98}" = lport=139 | protocol=6 | dir=in | app=system |
"{AF29613F-2D3E-4E18-8DC0-0AC042F6B8E8}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra professional home xii.sp2c\wnt500x64\rpcsandrasrv.exe |
"{B9E5BB91-F350-43B2-815B-437644333E00}" = lport=445 | protocol=6 | dir=in | app=system |
"{D42D8ED6-2251-48A5-8A39-2DDF813E0205}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra professional home xii.sp2c\wnt500x64\rpcsandrasrv.exe |
"{D70B5AD1-DE65-47A3-9FC0-C0A4E8F832E7}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{DA7C1687-16ED-416F-B187-8543762C3415}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra professional home xii.sp2c\wnt500x64\rpcsandrasrv.exe |
"{F61A8302-A440-4028-9B89-EDABF8EA4625}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F6A4C4FF-C826-4C34-AC01-E98BC18CC4DA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{F84C16BF-1AAF-4423-886B-F6B971CA494C}" = rport=138 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A56D49-E830-42EF-A199-A5337C9C2FB6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{00E82E31-90DF-4324-A781-D674E4836C65}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0B8A2D6A-2187-4751-B14B-51CC1E4477A0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0E797664-A7D0-4DA3-B7A4-D1A24F550DC6}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{0F7CD9D6-0DBC-4EAF-A869-E5882A12CB64}" = protocol=17 | dir=in | app=c:\windows\system32\dkabcoms.exe |
"{10F2DD4E-C2FE-41B2-97F0-26118348A7BE}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{1872BEF6-D020-4880-9399-28F63BEF0325}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{27D44C58-4A52-4866-933A-200ECF421386}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{2C8C3BBB-445B-43B1-90FD-0AE5E848CB83}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{32AE0ED3-EF70-4706-B581-72331A7E6D9A}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) |
"{467F820A-0F99-4372-B1DF-135BD0B68750}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{4F98F9B1-0721-48F1-8F21-42E6C209BC2A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5322B56C-1D6B-4D95-B60D-98CEA563FE28}" = protocol=17 | dir=in | app=c:\program files (x86)\sagetv\sagetv\sagetv.exe |
"{5B908C23-0C84-4FD9-949F-F25298EB3D4C}" = protocol=6 | dir=in | app=c:\program files (x86)\canon\color network scangear\sgtool.exe |
"{5C69F7A9-6A37-4C91-B851-385A40E817DF}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{6D5AF4E4-F911-4096-BA94-E581C8D3D105}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{77E68CA2-555C-415D-B541-36A43650A446}" = protocol=6 | dir=in | app=c:\program files (x86)\sagetv\sagetv\sagetvclient.exe |
"{7C745147-508D-4D9D-A92A-B643875899CF}" = protocol=17 | dir=in | app=c:\windows\system32\dkabcoms.exe |
"{872E2A0B-33D0-442F-9CC3-5C81FC170706}" = protocol=17 | dir=in | app=c:\program files (x86)\sagetv\sagetv\sagetvclient.exe |
"{8C37787F-6210-4132-97F7-8736ECBA19F6}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{8D2CE1C6-5B69-479D-A8AB-2AE55724D63C}" = protocol=6 | dir=in | app=c:\windows\system32\dkabcoms.exe |
"{A457752C-B7D0-4317-AAAB-1E23C4A6DAC8}" = protocol=6 | dir=in | app=c:\program files (x86)\sagetv\sagetv\sagetv.exe |
"{A5C857A9-ACB9-44AA-8A02-0C62CCB3A0E5}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{ADE352D0-1DD4-4A63-AB6E-F5FB991A7733}" = protocol=17 | dir=in | app=c:\program files (x86)\canon\color network scangear\sgtool.exe |
"{C3FB3CAD-DA61-4FA7-8D87-F560B845ECDB}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{C56C948F-AA7C-4461-802D-3C0C6E584336}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{CE444E8D-C420-42AE-9539-2095F4675847}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{D3573C06-2E29-47A2-B533-B88053F85B93}" = protocol=6 | dir=in | app=c:\windows\system32\dkabcoms.exe |
"{D6088543-9BD8-4437-A859-82EE703CD238}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{E3D85348-6019-4C8B-BE1B-EB64D6B2CE77}" = protocol=6 | dir=in | app=c:\program files (x86)\sagetv\sagetv\sagetvservice.exe |
"{E58E9639-7428-4B1C-ACD1-744EBCCCC2EA}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{EE9582E0-0E01-4B7A-9B21-37FB0122FF73}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{F1BBA8B4-743C-4C9D-A005-568235A180CB}" = protocol=6 | dir=in | app=c:\program files (x86)\canon\color network scangear\sgtool.exe |
"{F26FD530-72A4-4854-9A8E-43E82A1F734A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F27D4A6E-463C-47C8-9C8D-185E3FE04B64}" = protocol=17 | dir=in | app=c:\program files (x86)\canon\color network scangear\sgtool.exe |
"{F2913DE3-51F0-48E4-9D60-8AFBFCC8D382}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{F62C7D28-5FB5-4535-AE4F-41FD72D7D93D}" = protocol=17 | dir=in | app=c:\program files (x86)\sagetv\sagetv\sagetvservice.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{18C5A65B-0A39-40B5-B958-63055AFAB65C}" = Microsoft SQL Server Setup Support Files (English)
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{29C93182-34F6-3275-A18D-59326851CD57}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu
"{5AC267EB-6FBC-D3DC-1C09-EF62556092FD}" = ccc-utility64
"{62D2F823-0EAA-496D-B0F9-A869BFC51550}" = Microsoft SQL Server 2005 Backward compatibility
"{62EED300-E841-4083-A1D6-60B906271804}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Tools
"{64D5BBC6-5270-3711-AA39-31C1087AF4E6}" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
"{7B738CD9-D107-48C7-8E65-2E6639A39C8D}" = PerfectDisk 10 Professional
"{7D95B533-4BA1-4EED-8096-EFCB6DD6B95F}" = AdventureWorksDBAMD64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer
"{8A52D844-0DA7-40B0-8602-0567C068C081}" = Microsoft SQL Server 2005 Integration Services (64-bit)
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9aa5f39c-a8de-46b0-919a-0248f8bc8490}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{9DAB307E-531F-4992-AB30-6F1AD39E6CF9}" = Desktop Restore
"{AB8F4C84-3DB5-4CD2-B5AE-E93D46452251}" = BitDefender Internet Security 2009
"{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On
"{B358C627-4492-469A-8D0A-FCA1EC769DA9}" = SQLXML4
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B88F5E68-B0FB-950F-EC6F-82FB18DF3E5D}" = ATI Catalyst Install Manager
"{BCDA28CF-BDE3-49BE-AB50-87FD47CA4559}" = OneTouch 4.0
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Professional Home XII.SP2c
"{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}" = Microsoft SQL Server 2008 Native Client
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFF1444A-30A3-4CEC-89F3-18D2F65590F4}" = Nuance PDF Create! 5
"{D1EF69B7-7A97-40FC-9AF1-6D6656FF874F}" = ATI AVIVO64 Codecs
"{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}" = Visual Studio .NET Prerequisites - English
"{D9473D19-26F1-4B91-BBAC-4089CB41BC48}" = Microsoft SQL Server 2008 Management Objects
"{E6459059-B943-4770-9EE4-180F70B765F4}" = Canon D460-490
"{EF8B1A2E-9CCB-3AB2-91E3-4EEDAB1294E1}" = Microsoft Device Emulator (64 bit) version 3.0 - ENU
"{F14F2E25-99AF-42A9-977C-F6D0352DC59F}" = Microsoft SQL Server 2005 (64-bit)
"{F4264106-F90E-4076-98CF-1B878DB14513}" = SQL Server System CLR Types
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"{FE7C8861-3195-4CA5-98EB-094652478192}" = Microsoft SQL Server 2005 Tools (64-bit)
"Dell_HostCD" = Dell Software Uninstall
"HashTab" = HashTab 3.0.0
"Levels Wizard_is1" = Levels Wizard Version 0.1.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005 (64-bit)
"Microsoft Visual Studio 2008 Remote Debugger - ENU" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"RealVNC_is1" = VNC Enterprise Edition E4.4.1
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Snappy Fax Version 4_is1" = Snappy Fax Version 4
"VNCMirror_is1" = VNC Mirror Driver 1.8.0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Create
"{07E1A8A8-EEE0-198D-9AB7-8CBE42A830F4}" = Catalyst Control Center Core Implementation
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}" = Visual C++ 2008 x64 Runtime - (v9.0.30729)
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01" = Visual C++ 2008 x64 Runtime - v9.0.30729.01
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{17D1D0AC-CB9C-4273-A827-2D242460C6B5}" = FlipAlbum 5.0 Pro
"{184EF454-D0BF-44A0-AA5A-533C86B16DF7}" = Certblaster CompTIA A+ Enterprise Technician (220-602)
"{186326B4-AF94-B714-7A5C-678524061EFD}" = CCC Help English
"{1F5B0A0A-ACBA-1C8D-DD8C-AB20597DABE9}" = ccc-core-static
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20DA320C-65C1-4F8E-9ECC-93FA326BA227}" = MiTek 2020 Version 7.0 (c:\MiTek)
"{22101996-62AE-4369-8CEF-581A12221033}" = Nero 8 Ultra Edition HD
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22E23C71-C27A-3F30-8849-BB6129E50679}" = Visual C++ 2008 IA64 Runtime - (v9.0.30729)
"{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01" = Visual C++ 2008 IA64 Runtime - v9.0.30729.01
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{34AFE453-F544-4269-89C9-CAB7F0744963}" = Nuance OmniPage 17
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D4F1315-9DC5-45BA-A410-3506C543D133}" = ObjectDBX2005
"{3F7572FF-53D7-47D4-BC16-7B96E8AA2A47}" = eFrame Layout 2.21
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45C8C3C0-789C-4923-8E41-87D4761B99F1}" = AntiPack
"{46B8AE59-A7CB-4C70-BE55-A5B61E5B72D3}" = HD264 Pack
"{48C879AA-DF3C-4638-907D-9412730F7A6F}" = SageTV Client
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59991D18-A988-45AB-B1BF-5ADE6E64CD3F}" = SnagIt 9
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5D7D6980-226F-43A2-A595-5E3A72F2F663}" = MiTek 2020
"{62BDDBDA-82E5-4081-AFA4-3F3FF2192F11}" = MiTek 2020
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf07
"{687E4D73-CC18-430F-9854-AD012C5936A5}" = CertBlaster Security+ 2008
"{6882B3A9-AB98-4ABA-A623-2979FBEA5F9F}_is1" = Moyea FLV Player version 1.5.2.7
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6D1ACE56-38B1-1055-5926-EADFB056F2F2}" = Catalyst Control Center InstallProxy
"{6FDD4688-E063-401D-B6BE-7234E20B9173}" = Microsoft SQL Server 2005 Books Online (English) (September 2007)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.1.3.38d
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79FAE709-37BC-FBAD-53DB-6B8609231007}" = Catalyst Control Center Graphics Full Existing
"{7c3aeaa8-8e35-45f3-b6d9-31da59e6db5e}" = Watchtower Library 2007 - English
"{7E42E47F-DA35-47DC-9EBF-9D3AC1225504}" = ScanSoft PaperPort 11
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{92605735-AAFB-47F7-A67D-17ED129EFF9C}" = ACDSee 4.0
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9F185C48-595B-401A-A1D6-AAB324890DC4}" = GiPo@MoveOnBoot 1.9.5
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A777CB31-A5EC-4E32-A462-2E24F45D4D4F}_is1" = Moyea FLV to Video Converter Pro version 1.29.2.11
"{A8BB9906-E618-406A-B161-7383AFF46C39}" = EasyRecovery Professional
"{AB6E9CF7-7A9B-4973-9A1D-96FB27F4B6AC}" = DataPilot
"{ABA7DDDE-ECA7-4DD3-94D6-0FD6A50D66E0}" = Autodesk Architectural 2005 Object Enabler
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_931" = Adobe Acrobat 9.3.1 - CPSID_50570
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AFE68D65-01D4-4B1A-902D-2660BC0C503F}" = Certblaster CompTIA Network+ (2009 Edition)
"{B5F47039-9B19-4AC3-9A4A-E1CA3068E59F}" = ArcSoft TotalMedia Theatre 3
"{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.1.14.223
"{BDD7EB42-5609-49B1-A4B1-70C9CBD62D5C}" = Certblaster CompTIA A+ Essentials (220-601)
"{BF2A74BF-8D12-47F1-8B19-22B30AF6B0D1}" = Linksys EasyLink Advisor
"{C25EF637-BE7A-4761-9B45-9069989C319F}" = Microsoft Visual Studio 2005 Premier Partner Edition - ENU
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBD55377-3FEA-4A93-A877-DB87B6C6C990}" = Logitech Harmony Remote Software 7
"{CC67C580-EFEA-1B4C-F86C-C360C0593FE3}" = Catalyst Control Center Graphics Previews Vista
"{CD125857-F6CF-4452-8235-AEEE845CDAC4}" = ACDSee 4.0 Service Release 1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CF929EEB-CE39-4F06-B1BF-F51FC617A2B2}" = Catalyst Control Center - Branding
"{D27DBCEF-7D01-C5DF-659E-F27A24AC2181}" = Catalyst Control Center Graphics Previews Common
"{D4A2EF65-9888-4EFF-8EA0-A2D2C3152A29}" = Samsung USB Driver (MCCI 4.34) WHQL v3.4
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{D9E2AA0C-078F-491E-A728-1A621ADF9900}" = OmniForm Premium 5.0
"{E0DFA6F8-C275-823C-9A73-A1608D84E333}" = Catalyst Control Center Graphics Full New
"{E2B64929-B616-4235-B10E-D26D686296F9}" = GiPo@FileUtilities 3.2
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E5343B27-55DF-40BD-9FCF-A643C1331E8A}" = Acronis True Image Home
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{EA426461-31AA-4AB3-B15D-EDD748F08394}_is1" = Moyea FLV Downloader version 1.15.0.15
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED7852A1-F608-423A-B672-6570EFDA499E}" = OptiFrame V2
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1658760-1173-4D65-B709-A0591C104AE1}" = Color Network ScanGear Ver.2.61
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4A06E47-FD0D-CCB2-CEDA-659131E90F3C}" = Catalyst Control Center Graphics Light
"{F665C0D9-D110-4E21-A073-952057C7ADB1}" = PTDD Super Fdisk 1.0
"{FABB748F-B1AA-ECD0-11CC-28DCAEA2EAA5}" = Catalyst Control Center HydraVision Full
"{FBDBC490-089D-4476-BF72-1F7A6368200A}" = Pure Networks Platform
"{FD7A7CD4-4D52-48B1-ABB9-0B40E67B6F27}" = AutoMate 6
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"ACD FotoSlate" = ACD FotoSlate
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Advanced File Organizer_is1" = Advanced File Organizer 3.0
"Advanced RAR Repair v1.0" = Advanced RAR Repair v1.0
"Advanced RAR Repair v1.2" = Advanced RAR Repair v1.2
"Agent Ransack_is1" = Agent Ransack Version 1.7.3
"AnyDVD" = AnyDVD
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"BC2_is1" = Beyond Compare Version 2.2.7
"BeyondCompare3_is1" = Beyond Compare Version 3.0.15
"CCleaner" = CCleaner (remove only)
"Citrix ICA Web Client" = Citrix Presentation Server Web Client for Win32
"cyberlnH" = CyberLink H.264/AVC Video Decoder
"DebugMode Wink" = DebugMode Wink
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"Driver Magician_is1" = Driver Magician 3.28
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.2.5
"DVDFab 6_is1" = DVDFab 6.2.0.5 (11/11/2009)
"EA7_is1" = Express Assist 7.0
"Effective File Search" = Effective File Search 5.4
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"EventGhost_is1" = EventGhost 0.3.6.1486
"ffdshow_is1" = ffdshow [rev 2975] [2009-05-28]
"Floppy Image_is1" = Floppy Image 2.3
"FolderView" = FolderView
"foobar2000" = foobar2000 v0.9.5
"Foxit Reader" = Foxit Reader
"HaaliMkx" = Haali Media Splitter
"HD Tune_is1" = HD Tune 2.55
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{A8BB9906-E618-406A-B161-7383AFF46C39}" = EasyRecovery Professional
"InstallShield_{AB6E9CF7-7A9B-4973-9A1D-96FB27F4B6AC}" = DataPilot
"InstallShield_{B5F47039-9B19-4AC3-9A4A-E1CA3068E59F}" = ArcSoft TotalMedia Theatre 3
"InstallShield_{D4A2EF65-9888-4EFF-8EA0-A2D2C3152A29}" = Samsung USB Driver (MCCI 4.34) WHQL v3.4
"InvelosDVDProfiler_is1" = DVD Profiler Version 3.1.1
"IsoBuster_is1" = IsoBuster 2.5.5
"Linksys EasyLink Advisor" = Linksys EasyLink Advisor
"Local Port Scanner_is1" = Local Port Scanner v1.2.2
"MakeMKV" = MakeMKV v1.4.6_beta
"MediaInfo" = MediaInfo 0.7.19 (32-bit)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"MKVtoolnix" = MKVtoolnix 2.5.3
"MVApplication1" = SureThing CD Labeler Deluxe 4
"N10-004" = TestInside N10-004
"nLite_is1" = nLite 1.4.9.1
"OneTouch Version 3.0" = OneTouch Version 3.0
"PicturesToExe" = PicturesToExe
"Promixis Girder_is1" = Promixis Girder 4.0.5.2
"QuickTime" = QuickTime
"RealAlt_is1" = Real Alternative 1.9.0
"Replay Media Catcher 3.01" = Replay Media Catcher 3.01
"Revo Uninstaller" = Revo Uninstaller 1.83
"R-Studio 4.6NSIS" = R-Studio 4.6
"R-Studio Agent Emergency Startup Media Creator 4.6NSIS" = R-Studio Agent Emergency Startup Media Creator 4.6
"Snappy Fax Version 4_is1" = Snappy Fax Version 4
"SpeedFan" = SpeedFan (remove only)
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.2
"Spyware Doctor" = Spyware Doctor 6.0
"ST6UNST #1" = MiTek Link
"Static Windows Live Mail Backup_is1" = Static Windows Live Mail Backup 2.6
"TweakVI" = TweakVI
"UltraISO_is1" = UltraISO 8.0 Premium Edition
"VideoReDoTVSuite_is1" = VideoReDo TVSuite Version 3.1.3.544
"VirtualCloneDrive" = VirtualCloneDrive
"Visual CertExam Suite_is1" = Visual CertExam Suite 1.9
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR archiver
"Wireshark" = Wireshark 1.2.6
"YouTubeGet_is1" = YouTubeGet 4.9.10
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"8e6da7758020d260" = Contacts
"HuluDesktop" = HuluDesktop
"WinImage" = WinImage
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 1/22/2010 4:57:49 AM | Computer Name = Dads_Desktop | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.
Error - 1/24/2010 1:42:43 AM | Computer Name = Dads_Desktop | Source = APC UPS Service | ID = 61456
Description = PowerChute not communicating with the battery backup.
Error - 1/24/2010 6:05:13 AM | Computer Name = Dads_Desktop | Source = APC UPS Service | ID = 61456
Description = PowerChute not communicating with the battery backup.
Error - 1/24/2010 1:01:42 PM | Computer Name = Dads_Desktop | Source = APC UPS Service | ID = 61456
Description = PowerChute not communicating with the battery backup.
Error - 1/24/2010 2:30:47 PM | Computer Name = Dads_Desktop | Source = APC UPS Service | ID = 61456
Description = PowerChute not communicating with the battery backup.
Error - 1/24/2010 3:59:47 PM | Computer Name = Dads_Desktop | Source = APC UPS Service | ID = 61456
Description = PowerChute not communicating with the battery backup.
Error - 1/25/2010 8:59:36 AM | Computer Name = Dads_Desktop | Source = System Restore | ID = 8193
Description =
Error - 1/25/2010 10:52:15 AM | Computer Name = Dads_Desktop | Source = APC UPS Service | ID = 61456
Description = PowerChute not communicating with the battery backup.
Error - 1/25/2010 2:16:40 PM | Computer Name = Dads_Desktop | Source = APC UPS Service | ID = 61456
Description = PowerChute not communicating with the battery backup.
Error - 1/26/2010 12:23:15 AM | Computer Name = Dads_Desktop | Source = APC UPS Service | ID = 61456
Description = PowerChute not communicating with the battery backup.
[ OSession Events ]
Error - 3/3/2010 5:47:29 AM | Computer Name = Dads_Desktop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
#6
Posted 25 March 2010 - 06:10 PM
Please go to: VirusTotal
- Click the Browse button and search for the following files:
C:\Windows\GSetup.ini
C:\Windows\SysWow64\behami.DLL
C:\Windows\{48C879AA-DF3C-4638-907D-9412730F7A6F}_WiseFW.ini
C:\Windows\SysNative\bdod.bin
C:\Users\BILL\AppData\Roaming\inst.exe
- Click Open
- Then click Send File
- Please be patient while the file is scanned.
- Once the scan results appear, please provide them in your next reply.
Please post the results in your next reply.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.whatthetech.com/donate
#7
Posted 26 March 2010 - 04:48 AM
#8
Posted 26 March 2010 - 05:02 PM
I don't see any obvious signs of malware on your machine, but I'd like to do a couple of additional scans to be on the safe side.
Please download Malwarebytes' Anti-Malware to your desktop.
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform quick scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected .
- When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
- Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Please download JavaRa to your desktop and unzip it to its own folder
- Run JavaRa.exe as administrator (right click and choose Run as Administrator) pick the language of your choice and click Select. Then click Remove Older Versions.
- Accept any prompts.
- Open JavaRa.exe again and select Search For Updates.
- Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
Please do a scan with Kaspersky Online Scanner
- Click on the Accept button and install any components it needs.
- The program will install and then begin downloading the latest definition files.
- After the files have been downloaded on the left side of the page in the Scan section select My Computer.
- This will start the program and scan your system.
- The scan will take a while, so be patient and let it run. (At times it may appear to stall)
- Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
- Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
- Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
- Once the scan is complete, click on View scan report To obtain the report:
- Click on: Save Report As
- Next, in the ]Save as prompt, Save in area, select: Desktop
- In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select:
- Text file [*.txt] Then, click: Save
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.whatthetech.com/donate
#9
Posted 29 March 2010 - 08:54 AM
I have tried two times to get this to complete
the Kaspersky Online Scanner and it hangs after 14 hours
see image
I am jsut going to reformat my c: drive and do a fresh install of Vista x64
you can close this topic
Thank you for all your help
Scat
Edited by scat-2006, 29 March 2010 - 08:55 AM.
#10
Posted 29 March 2010 - 03:37 PM
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.
Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users