Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random Characters Mysteriously Pasting


  • This topic is locked This topic is locked
9 replies to this topic

#1 WTFudge

WTFudge

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 20 July 2010 - 08:54 PM

Here's a really weird one, and I'm hoping someone has seen this before and can help. I'm using Win7 x64 on an Intel i7 and Gigabyte P55A-UD4P motherboard. I've got 8 GB RAM. My computer simply pastes 8 random characters at any given moment without prompting. I can open windows notepad and leave the cursor in it, and when I come back a few hours later I will find that the computer has re-pasted the same string of 8 random characters several times in succession with no one at the keyboard. It happens at totally random moments. It's like my computer has Turret's Syndrome and just has to blurt something profane without being asked. 6fd39f1b6fd39f1b That's it! It just happened while I was typing. A double blurt. As you can imagine, it hoses up anything I am doing at any given moment. It happened to me a few months ago, and I did a complete re-installation of everything, which worked. I had tried going back to an old archive of my disk using Acronis, but when I completed the restore function, the crap was still there. I just restored from the same fresh re-installation which I know was working properly using Acronis, and I still have it.

Here are things I've tried without success:
  • remove everything USB
  • replace the keyboard and mouse
  • restore using an old, correctly working disk image from Acronis (tried twice)
  • Spybot S&D, MalwareBytes Antimalware, etc.
  • deep registry scrub (JV16 Powertools)
I'm just stumped. I really don't want to do another total re-installation if I can avoid it. You know what a pain that is. Any help or advice would be greatly appreciated.

-Joe

Here's my HJT log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:50:34 PM, on 7/20/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Common Files\Datalode\Encore\Hoyle Puzzle Games 2010\encore_reg.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\Melloware\Intelliremote\Intelliremote.exe
C:\Program Files (x86)\Memturbo 4\MemTurbo.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
C:\Program Files (x86)\TechSmith\Snagit 10\TSCHelp.exe
C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe
C:\Program Files (x86)\TechSmith\Snagit 10\snagiteditor.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.EXE
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DOpus] C:\Program Files\Directory Opus\DOpus.exe
O4 - HKCU\..\Run: [Directory Opus Desktop Dblclk] "C:\Program Files\Directory Opus\dopusrt.exe" /dblclk
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [20090604] C:\Program Files (x86)\Common Files\Datalode\Encore\Hoyle Puzzle Games 2010\encore_reg.exe /r "C:\Program Files (x86)\Common Files\Datalode\Encore\Hoyle Puzzle Games 2010\encore_reg.rpd"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - Startup: Intelliremote.lnk = C:\Program Files (x86)\Melloware\Intelliremote\Intelliremote.exe
O4 - Startup: MemTurbo.lnk = C:\Program Files (x86)\Memturbo 4\MemTurbo.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: Eset Trial Reset (.EsetTrialReset) - Unknown owner - C:\Windows\reset.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intelliservice - Melloware Inc - C:\Program Files (x86)\Melloware\Intelliremote\Intelliservice.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16004 bytes

Edit: Moved topic from Win 7 to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:02 PM

Posted 27 July 2010 - 06:27 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:02 PM

Posted 06 August 2010 - 04:34 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 WTFudge

WTFudge
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 07 August 2010 - 10:39 AM

Here's a really weird one, and I'm hoping someone has seen this before and can help. I'm using Win7 x64 on an Intel i7 and Gigabyte P55A-UD4P motherboard. I've got 8 GB RAM. My computer simply pastes 8 random characters at any given moment without prompting. I can open windows notepad and leave the cursor in it, and when I come back a few hours later I will find that the computer has re-pasted the same string of 8 random characters several times in succession with no one at the keyboard. It happens at totally random moments. It's like my computer has Turret's Syndrome and just has to blurt something profane without being asked. 6fd39f1b6fd39f1b That's it! It just happened while I was typing. A double blurt. As you can imagine, it hoses up anything I am doing at any given moment. It happened to me a few months ago, and I did a complete re-installation of everything, which worked. I had tried going back to an old archive of my disk using Acronis, but when I completed the restore function, the crap was still there. I just restored from the same fresh re-installation which I know was working properly using Acronis, and I still have it.

Here are things I've tried without success:

* remove everything USB
* replace the keyboard and mouse
* restore using an old, correctly working disk image from Acronis (tried twice)
* Spybot S&D, MalwareBytes Antimalware, etc.
* deep registry scrub (JV16 Powertools)

I'm just stumped. I really don't want to do another total re-installation if I can avoid it. You know what a pain that is. Any help or advice would be greatly appreciated. I had posted this once and was out of town. The topic was closed prematurely before I could respond to requests for more info.

-Joe

Here's my HJT log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:50:34 PM, on 7/20/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Common Files\Datalode\Encore\Hoyle Puzzle Games 2010\encore_reg.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\Melloware\Intelliremote\Intelliremote.exe
C:\Program Files (x86)\Memturbo 4\MemTurbo.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
C:\Program Files (x86)\TechSmith\Snagit 10\TSCHelp.exe
C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe
C:\Program Files (x86)\TechSmith\Snagit 10\snagiteditor.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.EXE
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DOpus] C:\Program Files\Directory Opus\DOpus.exe
O4 - HKCU\..\Run: [Directory Opus Desktop Dblclk] "C:\Program Files\Directory Opus\dopusrt.exe" /dblclk
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [20090604] C:\Program Files (x86)\Common Files\Datalode\Encore\Hoyle Puzzle Games 2010\encore_reg.exe /r "C:\Program Files (x86)\Common Files\Datalode\Encore\Hoyle Puzzle Games 2010\encore_reg.rpd"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - Startup: Intelliremote.lnk = C:\Program Files (x86)\Melloware\Intelliremote\Intelliremote.exe
O4 - Startup: MemTurbo.lnk = C:\Program Files (x86)\Memturbo 4\MemTurbo.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: Eset Trial Reset (.EsetTrialReset) - Unknown owner - C:\Windows\reset.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intelliservice - Melloware Inc - C:\Program Files (x86)\Melloware\Intelliremote\Intelliservice.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16004 bytes

#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:02 PM

Posted 08 August 2010 - 03:06 AM

Hi,

I have merged your two topics into one. Please post the logs I have asked in my initial reply.

Please also note that you can request the topic to be reopened at any time, should it be closed, by sending me a PM.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 WTFudge

WTFudge
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 08 August 2010 - 07:30 AM

Myrti,

Thank you for your help! smile.gif Here are the posts as requested:


OTL.txt:

OTL logfile created on: 8/7/2010 11:26:16 AM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\W. Joe Smith\Desktop
64bit- Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 73.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.43 Gb Total Space | 174.39 Gb Free Space | 62.41% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 130.15 Gb Free Space | 13.97% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 238.71 Gb Free Space | 25.63% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 59.79 Gb Free Space | 6.42% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 931.51 Gb Total Space | 1.46 Gb Free Space | 0.16% Space Free | Partition Type: NTFS
Drive I: | 931.51 Gb Total Space | 35.63 Gb Free Space | 3.83% Space Free | Partition Type: NTFS
Drive M: | 1863.01 Gb Total Space | 102.14 Gb Free Space | 5.48% Space Free | Partition Type: NTFS

Computer Name: WJOESMITH-PC
Current User Name: W. Joe Smith
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 60 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/07 10:33:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\W. Joe Smith\Desktop\OTL.exe
PRC - [2010/07/24 23:06:05 | 011,965,104 | ---- | M] (Mozilla Messaging) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2010/07/24 07:26:49 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/07/24 07:26:49 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/07/21 15:53:00 | 010,358,568 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes\iTunes.exe
PRC - [2010/06/22 13:55:10 | 000,841,216 | ---- | M] (Melloware Inc) -- C:\Program Files (x86)\Melloware\Intelliremote\Intelliremote.exe
PRC - [2010/06/17 12:12:14 | 002,480,048 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2010/06/10 22:11:45 | 000,160,592 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2010/06/10 21:54:25 | 002,341,376 | ---- | M] (SoftwareOnline.com, Inc.) -- C:\Program Files (x86)\Memturbo 4\MemTurbo.exe
PRC - [2010/06/10 21:50:47 | 000,322,352 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2010/06/10 21:18:20 | 000,019,760 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/03 13:45:42 | 000,012,592 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
PRC - [2010/05/14 11:00:26 | 000,316,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/04/01 05:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010/03/30 08:40:20 | 000,113,296 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/03/27 16:07:26 | 000,362,232 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2010/03/27 16:06:16 | 005,107,232 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2010/02/18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/12/21 13:28:05 | 000,090,624 | ---- | M] (Melloware Inc) -- C:\Program Files (x86)\Melloware\Intelliremote\Intelliservice.exe
PRC - [2009/11/16 09:04:30 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2009/08/05 12:49:44 | 000,284,016 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2007/12/03 15:37:28 | 000,361,968 | ---- | M] (GP Software) -- C:\Program Files\Directory Opus\dopusx64.exe


========== Modules (SafeList) ==========

MOD - [2010/08/07 10:33:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\W. Joe Smith\Desktop\OTL.exe
MOD - [2010/06/12 03:01:00 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll
MOD - [2009/07/13 21:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rsaenh.dll
MOD - [2009/07/13 21:15:36 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\linkinfo.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 21:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009/06/10 17:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll
MOD - [2009/03/06 04:33:26 | 000,961,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveUtil.dll
MOD - [2009/02/12 15:19:38 | 000,178,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
MOD - [2009/02/12 15:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
MOD - [2008/10/25 11:44:34 | 000,022,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveNew.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/01/29 17:18:20 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/11/16 09:12:56 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009/11/16 09:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/08/18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/13 21:41:54 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\StorSvc.dll -- (StorSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/04/17 14:17:50 | 001,995,544 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2010/06/17 12:12:14 | 002,480,048 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010/06/10 22:59:24 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/03/27 16:09:22 | 001,054,568 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/21 13:28:05 | 000,090,624 | ---- | M] (Melloware Inc) [Auto | Running] -- C:\Program Files (x86)\Melloware\Intelliremote\Intelliservice.exe -- (Intelliservice)
SRV - [2009/08/05 12:49:44 | 000,284,016 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2009/03/20 09:56:57 | 000,357,182 | ---- | M] () [Auto | Stopped] -- C:\Windows\reset.exe -- (.EsetTrialReset)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/06/17 12:12:15 | 000,252,512 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2010/06/17 12:12:13 | 001,477,728 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)
DRV:64bit: - [2010/06/17 12:12:11 | 000,943,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2010/06/17 12:12:10 | 000,271,456 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2010/06/11 08:03:13 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/06/10 19:58:51 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/03/22 17:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/24 11:10:18 | 000,181,248 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/02/24 11:10:16 | 000,078,336 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/01/27 16:58:38 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2010/01/08 08:13:12 | 000,033,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis)
DRV:64bit: - [2009/12/30 12:21:24 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/12/18 15:02:26 | 000,169,080 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2009/12/18 15:02:26 | 000,044,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2009/11/16 09:03:42 | 000,136,584 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009/11/16 08:56:16 | 000,145,336 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:64bit: - [2009/11/10 07:53:16 | 000,058,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/11/10 07:53:00 | 000,056,336 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/10/19 17:10:56 | 001,257,472 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudaxp.sys -- (cmudaxp)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/13 21:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/13 21:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/13 19:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/13 19:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 5B 8D A6 39 0B CB 01 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 5B 8D A6 39 0B CB 01 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-3269775659-219705555-767508609-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3269775659-219705555-767508609-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-3269775659-219705555-767508609-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3269775659-219705555-767508609-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 89 04 CB BD F7 08 CB 01 [binary data]
IE - HKU\S-1-5-21-3269775659-219705555-767508609-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3269775659-219705555-767508609-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=DCF4DF&PC=DCF4&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.27
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.99
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=DCF4DF&PC=DCF4&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2010/06/10 22:11:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010/06/13 16:47:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/14 03:00:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/24 23:31:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/24 07:26:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/07/24 23:06:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/06/11 08:09:51 | 000,000,000 | ---D | M]

[2010/06/10 19:56:27 | 000,000,000 | ---D | M] -- C:\Users\W. Joe Smith\AppData\Roaming\Mozilla\Extensions
[2010/06/10 19:56:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\W. Joe Smith\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/08/07 11:16:41 | 000,000,000 | ---D | M] -- C:\Users\W. Joe Smith\AppData\Roaming\Mozilla\Firefox\Profiles\7dqsw2f6.default\extensions
[2010/07/19 08:49:24 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\W. Joe Smith\AppData\Roaming\Mozilla\Firefox\Profiles\7dqsw2f6.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/06/10 22:13:20 | 000,000,000 | ---D | M] (AI Roboform Toolbar for Firefox) -- C:\Users\W. Joe Smith\AppData\Roaming\Mozilla\Firefox\Profiles\7dqsw2f6.default\extensions\{22119944-ED35-4ab1-910B-E619EA06A115}
[2010/06/10 21:47:52 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\W. Joe Smith\AppData\Roaming\Mozilla\Firefox\Profiles\7dqsw2f6.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010/07/19 08:49:24 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\W. Joe Smith\AppData\Roaming\Mozilla\Firefox\Profiles\7dqsw2f6.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/06/19 10:54:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\W. Joe Smith\AppData\Roaming\Mozilla\Firefox\Profiles\7dqsw2f6.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/06/10 21:47:52 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\W. Joe Smith\AppData\Roaming\Mozilla\Firefox\Profiles\7dqsw2f6.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/06/13 18:46:17 | 000,001,832 | ---- | M] () -- C:\Users\W. Joe Smith\AppData\Roaming\Mozilla\Firefox\Profiles\7dqsw2f6.default\searchplugins\bing.xml
[2010/08/07 10:18:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/01 19:25:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/01 19:25:53 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/07/20 17:31:02 | 000,412,182 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 14241 more lines...
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-3269775659-219705555-767508609-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3269775659-219705555-767508609-1000\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-3269775659-219705555-767508609-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.DLL (C-Media Corporation)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Conime] C:\Windows\SysWow64\conime.exe File not found
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysWow64\spool\DRIVERS\x64\3\EKIJ5000MUI.EXE File not found
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\.DEFAULT..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-18..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3269775659-219705555-767508609-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3269775659-219705555-767508609-1000..\Run: [Directory Opus Desktop Dblclk] C:\Program Files\Directory Opus\dopusrt.exe (GP Software)
O4 - HKU\S-1-5-21-3269775659-219705555-767508609-1000..\Run: [DOpus] C:\Program Files\Directory Opus\dopus.exe (GP Software)
O4 - HKU\S-1-5-21-3269775659-219705555-767508609-1000..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-3269775659-219705555-767508609-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3269775659-219705555-767508609-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - Startup: C:\Users\W. Joe Smith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intelliremote.lnk = C:\Program Files (x86)\Melloware\Intelliremote\Intelliremote.exe (Melloware Inc)
O4 - Startup: C:\Users\W. Joe Smith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MemTurbo.lnk = C:\Program Files (x86)\Memturbo 4\MemTurbo.exe (SoftwareOnline.com, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3269775659-219705555-767508609-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\Directory Opus\dopuslib.dll (GP Software)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/06 15:46:02 | 000,000,000 | ---D | M] - I:\autorun -- [ NTFS ]
O32 - AutoRun File - [2008/11/05 13:19:36 | 000,000,052 | RHS- | M] () - I:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 60 Days ==========

[2010/08/07 10:33:25 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\W. Joe Smith\Desktop\OTL.exe
[2010/08/02 07:22:25 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Roaming\MP3toiPodAudioBookConverter
[2010/08/02 06:02:04 | 005,939,392 | ---- | C] (Smart Projects ) -- C:\Users\W. Joe Smith\Desktop\isobuster_all_lang.exe
[2010/08/02 05:59:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart Projects
[2010/08/02 05:48:52 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/08/02 00:59:13 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\Desktop\It Might Get Loud
[2010/08/02 00:00:30 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\Desktop\Food Inc
[2010/07/31 22:54:47 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\Desktop\8 MINUTE MEDITATION
[2010/07/31 21:24:33 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\Documents\Private Everest
[2010/07/31 14:07:27 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Roaming\GIRDAC
[2010/07/31 14:07:27 | 000,000,000 | ---D | C] -- C:\GIRDAC
[2010/07/31 14:07:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIRDAC Free PDF Creator
[2010/07/31 11:14:20 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\Desktop\Kaitlin's Party
[2010/07/30 22:02:16 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\Desktop\Discovery.Mighty.Ships.Faust.HDTV.x264.720p.AC3.MVGroup
[2010/07/30 11:52:10 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\Desktop\Waka Flocka Flame & Trap-A-Holics - Lebron Flocka James 2-2010-MIXFIEND
[2010/07/30 11:49:57 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\Desktop\Gucci Mane & The Empire - Bird Flu 3
[2010/07/30 11:49:36 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\Desktop\Gucci Mane - The State Vs. Radric Davis (2009)
[2010/07/25 18:33:48 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Roaming\Xilisoft Corporation
[2010/07/25 18:33:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xilisoft
[2010/07/24 12:57:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Network Stumbler
[2010/07/24 07:47:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/07/24 07:47:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/07/24 07:46:28 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/07/20 21:33:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/07/20 17:31:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\jv16 PowerTools 2009
[2010/07/20 17:24:07 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Local\assembly
[2010/07/20 14:50:13 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Roaming\U3
[2010/07/19 20:27:55 | 000,336,896 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMLMA0.DLL
[2010/07/19 20:25:10 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2010/07/18 16:05:48 | 000,049,152 | ---- | C] (GIRDAC InfoTechnologies) -- C:\Windows\SysWow64\RPFGPU.exe
[2010/07/18 16:05:48 | 000,049,152 | ---- | C] (GIRDAC InfoTechnologies) -- C:\Windows\SysWow64\MDNTFGPC.dll
[2010/07/15 23:21:24 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\Documents\AnyBizSoft PDF Converter
[2010/07/15 22:29:47 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\Documents\AnyBizSoft PDF to EPUB
[2010/07/14 18:58:22 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\Documents\NeroVision
[2010/07/14 16:41:02 | 000,000,000 | --SD | C] -- C:\Users\W. Joe Smith\Documents\My Data Sources
[2010/07/12 11:39:53 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\Documents\Brain Tumor
[2010/07/02 17:16:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2010/07/02 17:16:44 | 000,000,000 | ---D | C] -- C:\ProgramData\kds_kodak
[2010/07/02 17:16:44 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Roaming\Canon
[2010/07/01 19:26:15 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Roaming\FrostWire
[2010/07/01 19:26:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/07/01 19:26:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/07/01 19:26:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FrostWire
[2010/07/01 19:25:56 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/07/01 19:25:56 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/07/01 19:25:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/07/01 19:25:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/07/01 19:25:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010/06/24 20:24:25 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Roaming\Hoyle Puzzle and Board Games
[2010/06/24 20:23:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hoyle Puzzle Games 2010
[2010/06/24 18:52:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Scrabble2009
[2010/06/24 18:50:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Scrabble2009
[2010/06/24 09:16:02 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Roaming\Hoyle FaceCreator
[2010/06/24 09:16:01 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Roaming\Hoyle
[2010/06/24 09:15:34 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2010/06/24 09:14:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Datalode
[2010/06/24 09:13:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Encore
[2010/06/24 03:00:41 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010/06/24 03:00:41 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010/06/24 03:00:40 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010/06/24 03:00:40 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010/06/24 03:00:40 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010/06/24 03:00:40 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/06/24 03:00:40 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010/06/24 03:00:40 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010/06/23 20:05:10 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2010/06/23 20:04:26 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010/06/23 20:04:26 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010/06/23 20:04:26 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010/06/23 20:04:25 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010/06/23 20:04:25 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010/06/23 20:04:25 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/06/23 20:04:25 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010/06/22 09:03:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/06/22 09:01:33 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/22 09:01:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/06/22 08:59:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari
[2010/06/21 10:36:20 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2010/06/21 10:36:20 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2010/06/21 10:36:19 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2010/06/21 10:36:19 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2010/06/21 10:36:19 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2010/06/21 10:36:19 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2010/06/21 10:36:19 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2010/06/21 10:36:19 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2010/06/21 10:36:19 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2010/06/21 10:36:19 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2010/06/21 10:36:19 | 000,021,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_2.dll
[2010/06/21 10:36:19 | 000,018,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_2.dll
[2010/06/21 10:36:18 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2010/06/21 10:36:18 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2010/06/21 10:36:18 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2010/06/21 10:36:18 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2010/06/21 10:36:18 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2010/06/21 10:36:18 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2010/06/21 10:36:18 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2010/06/21 10:36:18 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2010/06/21 10:36:18 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2010/06/21 10:36:18 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2010/06/21 10:36:18 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2010/06/21 10:36:18 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2010/06/21 10:36:17 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2010/06/21 10:36:17 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2010/06/21 10:36:17 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2010/06/21 10:36:17 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2010/06/21 10:36:17 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2010/06/21 10:36:17 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2010/06/21 10:36:17 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2010/06/21 10:36:17 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2010/06/21 10:36:17 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2010/06/21 10:36:17 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2010/06/21 10:36:17 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2010/06/21 10:36:17 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2010/06/21 10:36:17 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2010/06/21 10:36:17 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2010/06/21 10:36:17 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2010/06/21 10:36:17 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2010/06/21 10:35:55 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Local\Microsoft Game Studios
[2010/06/21 10:20:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft Games
[2010/06/21 10:20:17 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2010/06/21 10:20:17 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2010/06/21 10:20:16 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2010/06/21 10:20:16 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2010/06/21 10:20:14 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2010/06/21 10:20:14 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2010/06/21 10:20:14 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2010/06/21 10:20:14 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2010/06/21 10:20:14 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2010/06/21 10:20:14 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2010/06/21 10:20:13 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2010/06/21 10:20:13 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2010/06/21 10:20:13 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2010/06/21 10:20:13 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2010/06/21 10:20:13 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2010/06/21 10:20:13 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2010/06/21 10:20:13 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2010/06/21 10:20:13 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2010/06/21 10:20:12 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2010/06/21 10:20:12 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2010/06/21 10:20:12 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2010/06/21 10:20:12 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2010/06/21 09:51:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2010/06/17 22:39:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Melloware
[2010/06/17 22:39:55 | 000,000,000 | ---D | C] -- C:\Windows\Intelliremote
[2010/06/17 13:02:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/06/17 13:02:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/06/17 12:12:15 | 000,252,512 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\afcdp.sys
[2010/06/17 12:12:11 | 000,943,712 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\timntr.sys
[2010/06/14 22:10:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NEC Electronics
[2010/06/13 16:47:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar
[2010/06/13 16:47:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010/06/13 16:46:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bing Bar Installer
[2010/06/13 16:46:04 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Roaming\Win7codecs
[2010/06/13 16:45:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Win7codecs
[2010/06/13 16:45:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Win7codecs
[2010/06/13 10:01:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2010/06/13 10:00:17 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Local\Logishrd
[2010/06/13 09:59:51 | 000,018,960 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2010/06/13 09:59:21 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd
[2010/06/13 09:59:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
[2010/06/13 09:58:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
[2010/06/13 09:47:31 | 000,000,000 | ---D | C] -- C:\ATI
[2010/06/13 09:47:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2010/06/13 09:47:04 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/06/13 09:46:56 | 002,610,008 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2010/06/13 09:46:56 | 002,602,016 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2010/06/13 09:46:56 | 001,958,944 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2010/06/13 09:46:56 | 001,210,912 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2010/06/13 09:46:56 | 001,146,400 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2010/06/13 09:46:56 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2010/06/13 09:46:56 | 000,476,192 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2010/06/13 09:46:56 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2010/06/13 09:46:56 | 000,332,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2010/06/13 09:46:56 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2010/06/13 09:46:56 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2010/06/13 09:46:56 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2010/06/13 09:46:56 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2010/06/13 09:46:56 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2010/06/13 09:46:56 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2010/06/13 09:46:56 | 000,149,536 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2010/06/13 09:46:56 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2010/06/13 09:46:56 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2010/06/13 09:46:56 | 000,070,176 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2010/06/13 09:46:55 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2010/06/13 09:46:55 | 001,733,464 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2010/06/13 09:46:55 | 000,335,192 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2010/06/13 09:46:55 | 000,335,192 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2010/06/13 09:46:55 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2010/06/13 09:46:53 | 001,325,328 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2010/06/13 09:46:53 | 001,178,384 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2010/06/13 09:46:53 | 000,489,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2010/06/13 09:46:53 | 000,474,896 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2010/06/13 09:46:53 | 000,330,656 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2010/06/13 09:46:53 | 000,315,152 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2010/06/13 09:46:53 | 000,268,560 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2010/06/13 09:46:53 | 000,265,488 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2010/06/13 09:46:53 | 000,123,664 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2010/06/13 09:46:53 | 000,123,152 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2010/06/13 09:46:53 | 000,122,128 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2010/06/13 09:46:52 | 001,110,800 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2010/06/13 09:46:52 | 000,504,592 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2010/06/13 09:46:52 | 000,168,288 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2010/06/13 09:46:52 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2010/06/13 09:46:37 | 001,251,872 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2010/06/13 09:46:37 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2010/06/13 09:46:23 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Roaming\Logishrd
[2010/06/13 09:34:02 | 000,347,680 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2010/06/13 09:34:02 | 000,107,552 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll
[2010/06/13 09:33:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2010/06/13 09:31:18 | 000,315,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Difx9707.rra
[2010/06/13 09:31:18 | 000,000,000 | ---D | C] -- C:\RaidTool
[2010/06/13 09:31:13 | 000,000,000 | ---D | C] -- C:\Windows\RaidTool
[2010/06/13 09:29:14 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2010/06/13 09:29:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2010/06/13 09:28:54 | 000,000,000 | ---D | C] -- C:\Intel
[2010/06/11 20:36:50 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Local\VS Revo Group
[2010/06/11 20:36:49 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\Windows\SysNative\drivers\revoflt.sys
[2010/06/11 20:36:47 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2010/06/11 20:33:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Money 2007
[2010/06/11 20:29:38 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\Documents\DriverGenius
[2010/06/11 20:28:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver-Soft
[2010/06/11 20:22:57 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Roaming\Azureus
[2010/06/11 20:22:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze
[2010/06/11 20:22:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\i4j_jres
[2010/06/11 20:10:19 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Roaming\Logitech
[2010/06/11 20:10:06 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Roaming\Leadertech
[2010/06/11 20:08:15 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Roaming\WinRAR
[2010/06/11 20:08:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
[2010/06/11 20:08:01 | 000,190,992 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\BtCoreIf.dll
[2010/06/11 20:07:55 | 000,235,536 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\KemUtil.dll
[2010/06/11 20:07:55 | 000,235,536 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\kemutb.dll
[2010/06/11 20:07:55 | 000,159,248 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\KemWnd.dll
[2010/06/11 20:07:55 | 000,096,272 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\KemXML.dll
[2010/06/11 20:07:28 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2010/06/11 20:00:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/06/11 19:42:29 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Roaming\LockHunter
[2010/06/11 18:54:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MP3ToIpodAudioBookConverter
[2010/06/11 18:53:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mr QuestionMan
[2010/06/11 18:53:32 | 000,000,000 | ---D | C] -- C:\Program Files\LockHunter
[2010/06/11 18:51:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TagRename
[2010/06/11 08:27:41 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2010/06/11 08:27:40 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Local\TechSmith
[2010/06/11 08:27:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith
[2010/06/11 08:26:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010/06/11 08:24:26 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/06/11 08:24:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HDD Regenerator
[2010/06/11 08:23:58 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Local\Downloaded Installations
[2010/06/11 08:22:13 | 000,091,568 | ---- | C] (PowerISO Computing, Inc.) -- C:\Windows\SysNative\drivers\scdemu.sys
[2010/06/11 08:22:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerISO
[2010/06/11 08:21:51 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Roaming\JAM Software
[2010/06/11 08:21:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TreeSize Professional
[2010/06/11 08:10:19 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Roaming\ESET
[2010/06/11 08:09:49 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/06/11 08:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2010/06/11 08:03:13 | 000,082,816 | ---- | C] (VSO Software) -- C:\Windows\SysNative\drivers\pcouffin.sys
[2010/06/11 08:03:13 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\W. Joe Smith\AppData\Roaming\pcouffin.sys
[2010/06/11 08:03:13 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Roaming\Vso
[2010/06/11 08:03:13 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Roaming\NVIDIA
[2010/06/11 08:03:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDFab 7
[2010/06/11 08:02:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010/06/11 08:00:13 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Roaming\AccurateRip
[2010/06/11 08:00:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Illustrate
[2010/06/11 07:59:35 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Local\GlobalSCAPE
[2010/06/11 07:59:35 | 000,000,000 | ---D | C] -- C:\ProgramData\GlobalSCAPE
[2010/06/11 07:58:37 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Roaming\GlobalSCAPE
[2010/06/11 07:58:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CuteFTP 8 Professional
[2010/06/11 07:57:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2010/06/11 07:53:26 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Roaming\Apple Computer
[2010/06/11 07:53:26 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Local\Apple Computer
[2010/06/11 07:53:19 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2010/06/11 07:53:19 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2010/06/11 07:53:19 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2010/06/11 07:53:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010/06/11 07:53:11 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/06/11 07:52:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/06/11 07:52:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/06/11 07:52:47 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Local\Apple
[2010/06/11 07:52:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/06/11 07:52:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/06/11 07:52:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010/06/11 07:30:34 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/06/11 06:57:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2010/06/11 06:57:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2010/06/11 06:57:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010/06/11 06:57:16 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/06/11 06:57:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/06/11 06:56:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/06/11 06:56:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010/06/11 06:55:46 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Local\Microsoft Help
[2010/06/11 06:55:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2010/06/11 06:55:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/06/11 06:55:25 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/06/10 23:55:15 | 000,000,000 | -HSD | C] -- C:\Diskeeper
[2010/06/10 23:32:24 | 000,000,000 | -HSD | C] -- C:\Boot
[2010/06/10 23:24:14 | 000,000,000 | ---D | C] -- C:\Windows.old
[2010/06/10 23:03:15 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Roaming\Intelliremote
[2010/06/10 23:02:11 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Roaming\vlc
[2010/06/10 23:01:07 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010/06/10 22:59:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2010/06/10 22:59:24 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Local\Adobe
[2010/06/10 22:59:17 | 000,024,416 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll
[2010/06/10 22:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/06/10 22:58:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/06/10 22:58:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010/06/10 22:41:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Diskeeper Corporation
[2010/06/10 22:41:31 | 000,000,000 | ---D | C] -- C:\Program Files\Diskeeper Corporation
[2010/06/10 22:41:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Diskeeper Corporation
[2010/06/10 22:38:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
[2010/06/10 22:37:15 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2010/06/10 22:36:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2010/06/10 22:36:19 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2010/06/10 22:36:18 | 001,321,984 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC560C.dll
[2010/06/10 22:36:18 | 000,328,192 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC560L.dll
[2010/06/10 22:36:18 | 000,303,104 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNC560L.dll
[2010/06/10 22:36:18 | 000,106,496 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNC560U.dll
[2010/06/10 22:36:18 | 000,092,672 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC560I.dll
[2010/06/10 22:36:18 | 000,017,920 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNHMCA6.dll
[2010/06/10 22:36:18 | 000,015,872 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNHMCA.dll
[2010/06/10 22:36:09 | 000,104,960 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNC560O.dll
[2010/06/10 22:36:04 | 000,244,736 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMIUA0.DLL
[2010/06/10 22:35:55 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2010/06/10 22:35:37 | 000,336,896 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMN6PPM.DLL
[2010/06/10 22:35:37 | 000,144,384 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMN6UI.DLL
[2010/06/10 22:35:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\STRING
[2010/06/10 22:35:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\CHM
[2010/06/10 22:35:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2010/06/10 22:33:39 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/06/10 22:33:35 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2010/06/10 22:29:28 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Local\KODAK
[2010/06/10 22:29:19 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Local\Eastman Kodak Company
[2010/06/10 22:29:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\kodak
[2010/06/10 22:28:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2010/06/10 22:28:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kodak
[2010/06/10 22:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/06/10 22:27:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Kodak
[2010/06/10 22:27:18 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Roaming\Temp
[2010/06/10 22:17:08 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Roaming\Acronis
[2010/06/10 22:16:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2010/06/10 22:13:59 | 008,151,040 | ---- | C] (C-Media Corporation) -- C:\Windows\SysWow64\CmiCnfgp.dll
[2010/06/10 22:13:59 | 000,457,728 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\SysNative\cmasiopx.dll
[2010/06/10 22:13:59 | 000,299,008 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\SysWow64\cmasiop.dll
[2010/06/10 22:13:59 | 000,200,704 | ---- | C] (C-Media) -- C:\Windows\SysWow64\Cmpaoxy.dll
[2010/06/10 22:13:48 | 000,524,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\difxapi.dll
[2010/06/10 22:11:10 | 000,000,000 | ---D | C] -- C:\ProgramData\RoboForm
[2010/06/10 22:10:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Siber Systems
[2010/06/10 22:08:45 | 001,477,728 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\tdrpm258.sys
[2010/06/10 22:08:40 | 000,271,456 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\snapman.sys
[2010/06/10 22:08:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Acronis
[2010/06/10 22:08:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acronis
[2010/06/10 21:53:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Memturbo 4
[2010/06/10 21:53:30 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010/06/10 21:53:15 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/06/10 21:53:12 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/06/10 21:52:06 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Roaming\foobar2000
[2010/06/10 21:52:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\foobar2000
[2010/06/10 21:51:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2010/06/10 21:50:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2010/06/10 21:50:32 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Roaming\uTorrent
[2010/06/10 21:47:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MozBackup
[2010/06/10 21:44:27 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/06/10 21:44:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/06/10 20:03:39 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/06/10 20:03:39 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/06/10 20:03:39 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010/06/10 20:03:39 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/06/10 19:58:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2010/06/10 19:58:32 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Roaming\DAEMON Tools Lite
[2010/06/10 19:58:29 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010/06/10 19:56:27 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Roaming\Thunderbird
[2010/06/10 19:56:27 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Local\Thunderbird
[2010/06/10 19:56:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2010/06/10 19:56:10 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Roaming\Mozilla
[2010/06/10 19:56:10 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Local\Mozilla
[2010/06/10 19:55:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/06/10 19:55:24 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Roaming\Macromedia
[2010/06/10 19:55:23 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Roaming\Adobe
[2010/06/10 19:55:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2010/06/10 19:45:52 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Local\GPSoftware
[2010/06/10 19:45:49 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Roaming\GPSoftware
[2010/06/10 19:45:17 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/06/10 19:45:10 | 000,000,000 | ---D | C] -- C:\ProgramData\GPSoftware
[2010/06/10 19:45:01 | 000,000,000 | ---D | C] -- C:\Program Files\Directory Opus
[2010/06/10 19:43:26 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/06/10 19:39:38 | 000,000,000 | R--D | C] -- C:\Users\W. Joe Smith\Searches
[2010/06/10 19:39:38 | 000,000,000 | -H-D | C] -- C:\Users\W. Joe Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/06/10 19:39:31 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Roaming\Identities
[2010/06/10 19:39:29 | 000,000,000 | R--D | C] -- C:\Users\W. Joe Smith\Contacts
[2010/06/10 19:39:28 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Local\VirtualStore
[2010/06/10 19:39:21 | 000,000,000 | --SD | C] -- C:\Users\W. Joe Smith\AppData\Roaming\Microsoft
[2010/06/10 19:39:21 | 000,000,000 | R--D | C] -- C:\Users\W. Joe Smith\Videos
[2010/06/10 19:39:21 | 000,000,000 | R--D | C] -- C:\Users\W. Joe Smith\Saved Games
[2010/06/10 19:39:21 | 000,000,000 | R--D | C] -- C:\Users\W. Joe Smith\Pictures
[2010/06/10 19:39:21 | 000,000,000 | R--D | C] -- C:\Users\W. Joe Smith\Music
[2010/06/10 19:39:21 | 000,000,000 | R--D | C] -- C:\Users\W. Joe Smith\Links
[2010/06/10 19:39:21 | 000,000,000 | R--D | C] -- C:\Users\W. Joe Smith\Favorites
[2010/06/10 19:39:21 | 000,000,000 | R--D | C] -- C:\Users\W. Joe Smith\Downloads
[2010/06/10 19:39:21 | 000,000,000 | -HSD | C] -- C:\Users\W. Joe Smith\AppData\Local\Temporary Internet Files
[2010/06/10 19:39:21 | 000,000,000 | -HSD | C] -- C:\Users\W. Joe Smith\Templates
[2010/06/10 19:39:21 | 000,000,000 | -HSD | C] -- C:\Users\W. Joe Smith\Start Menu
[2010/06/10 19:39:21 | 000,000,000 | -HSD | C] -- C:\Users\W. Joe Smith\SendTo
[2010/06/10 19:39:21 | 000,000,000 | -HSD | C] -- C:\Users\W. Joe Smith\Recent
[2010/06/10 19:39:21 | 000,000,000 | -HSD | C] -- C:\Users\W. Joe Smith\PrintHood
[2010/06/10 19:39:21 | 000,000,000 | -HSD | C] -- C:\Users\W. Joe Smith\NetHood
[2010/06/10 19:39:21 | 000,000,000 | -HSD | C] -- C:\Users\W. Joe Smith\Documents\My Videos
[2010/06/10 19:39:21 | 000,000,000 | -HSD | C] -- C:\Users\W. Joe Smith\Documents\My Pictures
[2010/06/10 19:39:21 | 000,000,000 | -HSD | C] -- C:\Users\W. Joe Smith\Documents\My Music
[2010/06/10 19:39:21 | 000,000,000 | -HSD | C] -- C:\Users\W. Joe Smith\My Documents
[2010/06/10 19:39:21 | 000,000,000 | -HSD | C] -- C:\Users\W. Joe Smith\Local Settings
[2010/06/10 19:39:21 | 000,000,000 | -HSD | C] -- C:\Users\W. Joe Smith\AppData\Local\History
[2010/06/10 19:39:21 | 000,000,000 | -HSD | C] -- C:\Users\W. Joe Smith\Cookies
[2010/06/10 19:39:21 | 000,000,000 | -HSD | C] -- C:\Users\W. Joe Smith\Application Data
[2010/06/10 19:39:21 | 000,000,000 | -HSD | C] -- C:\Users\W. Joe Smith\AppData\Local\Application Data
[2010/06/10 19:39:21 | 000,000,000 | -H-D | C] -- C:\Users\W. Joe Smith\AppData
[2010/06/10 19:39:21 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Local\Temp
[2010/06/10 19:39:21 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Local\Microsoft
[2010/06/10 19:39:21 | 000,000,000 | ---D | C] -- C:\Users\W. Joe Smith\AppData\Roaming\Media Center Programs
[2010/06/10 19:39:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Templates
[2010/06/10 19:39:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start Menu
[2010/06/10 19:39:17 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010/06/10 19:39:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos
[2010/06/10 19:39:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures
[2010/06/10 19:39:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music
[2010/06/10 19:39:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favorites
[2010/06/10 19:39:17 | 000,000,000 | -HSD | C] -- C:\Documents and Settings
[2010/06/10 19:39:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documents
[2010/06/10 19:39:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2010/06/10 19:39:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Data

========== Files - Modified Within 60 Days ==========

[2010/08/07 11:27:26 | 006,815,744 | -HS- | M] () -- C:\Users\W. Joe Smith\NTUSER.DAT
[2010/08/07 10:55:40 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/07 10:55:40 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/07 10:55:40 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/07 10:50:17 | 000,001,015 | ---- | M] () -- C:\Users\W. Joe Smith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MemTurbo.lnk
[2010/08/07 10:49:45 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/07 10:49:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/07 10:49:19 | 2143,789,055 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/07 10:47:16 | 000,002,189 | ---- | M] () -- C:\Users\W. Joe Smith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intelliremote.lnk
[2010/08/07 10:47:15 | 004,548,214 | -H-- | M] () -- C:\Users\W. Joe Smith\AppData\Local\IconCache.db
[2010/08/07 10:33:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\W. Joe Smith\Desktop\OTL.exe
[2010/08/07 10:29:10 | 000,036,107 | ---- | M] () -- C:\Users\W. Joe Smith\Desktop\DT3.jpg
[2010/08/07 10:24:43 | 000,041,577 | ---- | M] () -- C:\Users\W. Joe Smith\Desktop\DT2.jpg
[2010/08/07 10:21:48 | 000,040,762 | ---- | M] () -- C:\Users\W. Joe Smith\Desktop\DT1.jpg
[2010/08/06 10:58:35 | 000,009,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/06 10:58:35 | 000,009,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/02 06:32:48 | 004,919,296 | ---- | M] () -- C:\Users\W. Joe Smith\Documents\My Money.mny
[2010/08/02 06:02:49 | 000,001,096 | ---- | M] () -- C:\Users\W. Joe Smith\Desktop\IsoBuster.lnk
[2010/08/02 06:02:29 | 005,939,392 | ---- | M] (Smart Projects ) -- C:\Users\W. Joe Smith\Desktop\isobuster_all_lang.exe
[2010/07/31 14:07:27 | 000,001,103 | ---- | M] () -- C:\Users\Public\Desktop\GIRDAC Free PDF Creator.lnk
[2010/07/26 06:30:46 | 000,010,960 | ---- | M] () -- C:\Users\W. Joe Smith\Desktop\addresses from Paula.docx
[2010/07/25 09:32:26 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/07/24 07:54:46 | 000,002,429 | ---- | M] () -- C:\Users\W. Joe Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/07/20 17:31:02 | 000,412,182 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/07/18 16:05:48 | 000,049,152 | ---- | M] (GIRDAC InfoTechnologies) -- C:\Windows\SysWow64\RPFGPU.exe
[2010/07/18 16:05:48 | 000,049,152 | ---- | M] (GIRDAC InfoTechnologies) -- C:\Windows\SysWow64\MDNTFGPC.dll
[2010/07/14 17:56:16 | 000,001,777 | ---- | M] () -- C:\Users\W. Joe Smith\Documents\CinemaNow.lnk
[2010/07/01 19:25:53 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/07/01 19:25:53 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/07/01 19:25:53 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/07/01 19:25:53 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/06/26 23:29:20 | 000,003,584 | ---- | M] () -- C:\Users\W. Joe Smith\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/25 22:26:26 | 000,001,345 | ---- | M] () -- C:\Users\W. Joe Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2010/06/24 08:00:54 | 000,002,215 | ---- | M] () -- C:\Users\W. Joe Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Intelliremote.lnk
[2010/06/24 03:17:56 | 000,424,776 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/06/22 09:34:09 | 000,190,888 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/06/21 10:37:21 | 000,111,576 | ---- | M] () -- C:\Users\W. Joe Smith\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/17 13:05:10 | 000,408,517 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100720-173102.backup
[2010/06/17 12:12:15 | 000,252,512 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\afcdp.sys
[2010/06/17 12:12:13 | 001,477,728 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\tdrpm258.sys
[2010/06/17 12:12:11 | 000,943,712 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\timntr.sys
[2010/06/17 12:12:10 | 000,271,456 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\snapman.sys
[2010/06/13 16:47:32 | 000,001,365 | ---- | M] () -- C:\Users\W. Joe Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/13 09:59:51 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2010/06/13 09:33:19 | 000,000,590 | ---- | M] () -- C:\Windows\Cmicnfgp.ini.cfl
[2010/06/13 09:33:19 | 000,000,178 | ---- | M] () -- C:\Windows\Cmicnfgp.ini.imi
[2010/06/13 09:33:19 | 000,000,140 | ---- | M] () -- C:\Windows\System\Dlap.pfx
[2010/06/13 09:33:07 | 000,000,117 | ---- | M] () -- C:\Windows\System\Cmicnfgp.ini
[2010/06/12 03:02:56 | 000,000,039 | ---- | M] () -- C:\Windows\vbaddin.ini
[2010/06/11 20:22:54 | 000,001,848 | ---- | M] () -- C:\Users\W. Joe Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/06/11 20:08:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2010/06/11 20:08:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2010/06/11 20:00:37 | 006,220,858 | ---- | M] () -- C:\Users\W. Joe Smith\Documents\DOpus_Wallpaper.bmp
[2010/06/11 08:33:19 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini
[2010/06/11 08:03:13 | 000,099,384 | ---- | M] () -- C:\Users\W. Joe Smith\AppData\Roaming\inst.exe
[2010/06/11 08:03:13 | 000,082,816 | ---- | M] (VSO Software) -- C:\Windows\SysNative\drivers\pcouffin.sys
[2010/06/11 08:03:13 | 000,082,816 | ---- | M] (VSO Software) -- C:\Users\W. Joe Smith\AppData\Roaming\pcouffin.sys
[2010/06/11 08:03:13 | 000,007,859 | ---- | M] () -- C:\Users\W. Joe Smith\AppData\Roaming\pcouffin.cat
[2010/06/11 08:03:13 | 000,001,167 | ---- | M] () -- C:\Users\W. Joe Smith\AppData\Roaming\pcouffin.inf
[2010/06/11 08:02:41 | 000,002,869 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Tag From Filename] Codec.dat
[2010/06/11 08:02:40 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Tag From Filename] Codec.bmp
[2010/06/11 08:02:36 | 000,002,900 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [ReplayGain] Codec.dat
[2010/06/11 08:02:34 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [ReplayGain] Codec.bmp
[2010/06/11 08:02:30 | 000,002,971 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.dat
[2010/06/11 08:02:28 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.bmp
[2010/06/11 08:02:24 | 000,002,862 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Length Split] Codec.dat
[2010/06/11 08:02:22 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Length Split] Codec.bmp
[2010/06/11 08:02:17 | 000,002,836 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [ID Tag Update] Codec.dat
[2010/06/11 08:02:15 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [ID Tag Update] Codec.bmp
[2010/06/11 08:02:11 | 000,002,999 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Channel Split] Codec.dat
[2010/06/11 08:02:09 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Channel Split] Codec.bmp
[2010/06/11 08:02:06 | 000,002,871 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Audio Info] Codec.dat
[2010/06/11 08:02:04 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Audio Info] Codec.bmp
[2010/06/11 08:01:59 | 000,002,879 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Arrange Audio] Codec.dat
[2010/06/11 08:01:57 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Arrange Audio] Codec.bmp
[2010/06/11 08:01:33 | 000,003,190 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
[2010/06/11 08:01:26 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.bmp
[2010/06/11 08:01:20 | 000,003,631 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4a Codec.dat
[2010/06/11 08:01:12 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4a Codec.bmp
[2010/06/11 08:01:06 | 000,001,850 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Mp2 and BwfMp2 codec.dat
[2010/06/11 08:01:05 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Wave64 Codec.bmp
[2010/06/11 08:01:05 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBPoweramp tooLame MP2 codec.bmp
[2010/06/11 08:01:05 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Mp2 and BwfMp2 codec.bmp
[2010/06/11 08:01:05 | 000,002,234 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBPoweramp tooLame MP2 codec.dat
[2010/06/11 08:01:05 | 000,001,230 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Wave64 Codec.dat
[2010/06/11 08:01:04 | 000,011,479 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.dat
[2010/06/11 08:01:02 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.bmp
[2010/06/11 08:01:01 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Dalet Codec.bmp
[2010/06/11 08:01:01 | 000,001,212 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Dalet Codec.dat
[2010/06/11 08:01:00 | 000,003,014 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp WavPack Codec.dat
[2010/06/11 08:00:54 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp WavPack Codec.bmp
[2010/06/11 08:00:54 | 000,003,071 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
[2010/06/11 08:00:48 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.bmp
[2010/06/11 08:00:48 | 000,003,159 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
[2010/06/11 08:00:43 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.bmp
[2010/06/11 08:00:42 | 000,003,113 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
[2010/06/11 08:00:36 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Monkeys Audio Codec.bmp
[2010/06/11 08:00:36 | 000,002,993 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp FLAC Codec.dat
[2010/06/11 08:00:31 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp FLAC Codec.bmp
[2010/06/11 08:00:31 | 000,002,849 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
[2010/06/11 08:00:29 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.bmp
[2010/06/11 08:00:11 | 000,010,105 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2010/06/11 08:00:08 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.bmp
[2010/06/11 08:00:07 | 000,014,055 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/06/11 07:59:58 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.bmp
[2010/06/11 07:29:32 | 000,000,162 | ---- | M] () -- C:\Windows\ODBC.INI
[2010/06/10 23:32:25 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/06/10 22:40:20 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/06/10 22:36:12 | 000,000,619 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/06/10 22:36:12 | 000,000,619 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010/06/10 21:55:00 | 000,000,248 | ---- | M] () -- C:\Windows\system.ini
[2010/06/10 21:52:38 | 000,001,031 | ---- | M] () -- C:\Users\W. Joe Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\foobar2000.lnk
[2010/06/10 21:51:39 | 000,001,066 | ---- | M] () -- C:\Users\W. Joe Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\VLC media player.lnk
[2010/06/10 21:50:47 | 000,000,967 | ---- | M] () -- C:\Users\W. Joe Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/06/10 21:44:32 | 000,419,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\systemcpl.dll
[2010/06/10 21:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2010/06/10 21:44:32 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2010/06/10 21:44:10 | 001,008,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\user32.dll
[2010/06/10 20:02:44 | 000,000,822 | ---- | M] () -- C:\Users\W. Joe Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Directory Opus.lnk
[2010/06/10 19:58:51 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/06/10 19:56:23 | 000,002,029 | ---- | M] () -- C:\Users\W. Joe Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2010/06/10 19:56:11 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/06/10 19:56:00 | 000,001,963 | ---- | M] () -- C:\Users\W. Joe Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/10 19:40:07 | 000,524,288 | -HS- | M] () -- C:\Users\W. Joe Smith\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/06/10 19:40:07 | 000,524,288 | -HS- | M] () -- C:\Users\W. Joe Smith\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/06/10 19:40:07 | 000,065,536 | -HS- | M] () -- C:\Users\W. Joe Smith\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/06/10 19:39:21 | 000,000,020 | -HS- | M] () -- C:\Users\W. Joe Smith\ntuser.ini

========== Files Created - No Company Name ==========

[2010/08/07 10:29:10 | 000,036,107 | ---- | C] () -- C:\Users\W. Joe Smith\Desktop\DT3.jpg
[2010/08/07 10:24:42 | 000,041,577 | ---- | C] () -- C:\Users\W. Joe Smith\Desktop\DT2.jpg
[2010/08/07 10:21:47 | 000,040,762 | ---- | C] () -- C:\Users\W. Joe Smith\Desktop\DT1.jpg
[2010/08/02 06:00:01 | 000,001,096 | ---- | C] () -- C:\Users\W. Joe Smith\Desktop\IsoBuster.lnk
[2010/07/31 14:07:27 | 000,001,103 | ---- | C] () -- C:\Users\Public\Desktop\GIRDAC Free PDF Creator.lnk
[2010/07/26 06:30:45 | 000,010,960 | ---- | C] () -- C:\Users\W. Joe Smith\Desktop\addresses from Paula.docx
[2010/07/25 09:32:26 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/07/24 07:54:46 | 000,002,429 | ---- | C] () -- C:\Users\W. Joe Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/07/02 17:16:44 | 000,000,000 | ---- | C] () -- C:\Users\W. Joe Smith\Sti_Trace.log
[2010/06/26 23:29:19 | 000,003,584 | ---- | C] () -- C:\Users\W. Joe Smith\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/25 22:26:26 | 000,001,345 | ---- | C] () -- C:\Users\W. Joe Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2010/06/22 09:34:09 | 000,190,888 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/06/17 22:40:09 | 000,002,215 | ---- | C] () -- C:\Users\W. Joe Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Intelliremote.lnk
[2010/06/13 09:34:02 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2010/06/11 20:22:54 | 000,001,848 | ---- | C] () -- C:\Users\W. Joe Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/06/11 20:08:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2010/06/11 20:08:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2010/06/11 08:03:19 | 000,000,034 | ---- | C] () -- C:\Users\W. Joe Smith\AppData\Roaming\pcouffin.log
[2010/06/11 08:03:13 | 000,099,384 | ---- | C] () -- C:\Users\W. Joe Smith\AppData\Roaming\inst.exe
[2010/06/11 08:03:13 | 000,007,859 | ---- | C] () -- C:\Users\W. Joe Smith\AppData\Roaming\pcouffin.cat
[2010/06/11 08:03:13 | 000,001,167 | ---- | C] () -- C:\Users\W. Joe Smith\AppData\Roaming\pcouffin.inf
[2010/06/11 08:02:41 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Tag From Filename] Codec.bmp
[2010/06/11 08:02:41 | 000,002,869 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Tag From Filename] Codec.dat
[2010/06/11 08:02:36 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [ReplayGain] Codec.bmp
[2010/06/11 08:02:36 | 000,002,900 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [ReplayGain] Codec.dat
[2010/06/11 08:02:30 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.bmp
[2010/06/11 08:02:30 | 000,002,971 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.dat
[2010/06/11 08:02:24 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Length Split] Codec.bmp
[2010/06/11 08:02:24 | 000,002,862 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Length Split] Codec.dat
[2010/06/11 08:02:17 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [ID Tag Update] Codec.bmp
[2010/06/11 08:02:17 | 000,002,836 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [ID Tag Update] Codec.dat
[2010/06/11 08:02:11 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Channel Split] Codec.bmp
[2010/06/11 08:02:11 | 000,002,999 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Channel Split] Codec.dat
[2010/06/11 08:02:06 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Audio Info] Codec.bmp
[2010/06/11 08:02:06 | 000,002,871 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Audio Info] Codec.dat
[2010/06/11 08:01:59 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Arrange Audio] Codec.bmp
[2010/06/11 08:01:59 | 000,002,879 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Arrange Audio] Codec.dat
[2010/06/11 08:01:33 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.bmp
[2010/06/11 08:01:33 | 000,003,190 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
[2010/06/11 08:01:20 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4a Codec.bmp
[2010/06/11 08:01:20 | 000,003,631 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4a Codec.dat
[2010/06/11 08:01:06 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Mp2 and BwfMp2 codec.bmp
[2010/06/11 08:01:06 | 000,001,850 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Mp2 and BwfMp2 codec.dat
[2010/06/11 08:01:05 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Wave64 Codec.bmp
[2010/06/11 08:01:05 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBPoweramp tooLame MP2 codec.bmp
[2010/06/11 08:01:05 | 000,002,234 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBPoweramp tooLame MP2 codec.dat
[2010/06/11 08:01:05 | 000,001,230 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Wave64 Codec.dat
[2010/06/11 08:01:04 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.bmp
[2010/06/11 08:01:04 | 000,011,479 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.dat
[2010/06/11 08:01:01 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Dalet Codec.bmp
[2010/06/11 08:01:01 | 000,001,212 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Dalet Codec.dat
[2010/06/11 08:01:00 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp WavPack Codec.bmp
[2010/06/11 08:01:00 | 000,003,014 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp WavPack Codec.dat
[2010/06/11 08:00:54 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.bmp
[2010/06/11 08:00:54 | 000,003,071 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
[2010/06/11 08:00:48 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.bmp
[2010/06/11 08:00:48 | 000,003,159 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
[2010/06/11 08:00:42 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Monkeys Audio Codec.bmp
[2010/06/11 08:00:42 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
[2010/06/11 08:00:36 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp FLAC Codec.bmp
[2010/06/11 08:00:36 | 000,002,993 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp FLAC Codec.dat
[2010/06/11 08:00:31 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.bmp
[2010/06/11 08:00:31 | 000,002,849 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
[2010/06/11 08:00:11 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.bmp
[2010/06/11 08:00:11 | 000,010,105 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2010/06/11 08:00:07 | 000,243,064 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2010/06/11 08:00:07 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.bmp
[2010/06/11 08:00:07 | 000,014,055 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/06/11 07:53:52 | 000,002,189 | ---- | C] () -- C:\Users\W. Joe Smith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intelliremote.lnk
[2010/06/11 07:29:32 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/06/10 23:32:25 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2010/06/10 23:32:24 | 000,383,562 | RHS- | C] () -- C:\bootmgr
[2010/06/10 22:40:20 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/06/10 22:36:18 | 000,012,800 | ---- | C] () -- C:\Windows\SysWow64\CNC173ED.TBL
[2010/06/10 22:36:18 | 000,012,800 | ---- | C] () -- C:\Windows\SysNative\CNC173ED.TBL
[2010/06/10 22:33:20 | 2143,789,055 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/10 22:27:13 | 000,172,394 | ---- | C] () -- C:\Users\W. Joe Smith\AppData\Local\installer.log
[2010/06/10 22:13:59 | 001,144,983 | ---- | C] () -- C:\Windows\KB936225x64.msu
[2010/06/10 22:13:59 | 000,792,064 | ---- | C] () -- C:\Windows\SysNative\Cmeauoxy.exe
[2010/06/10 22:13:59 | 000,389,120 | ---- | C] () -- C:\Windows\SysNative\CmiCnfgP.cpl
[2010/06/10 22:13:59 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll
[2010/06/10 22:13:59 | 000,000,590 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
[2010/06/10 22:13:59 | 000,000,140 | ---- | C] () -- C:\Windows\System\Dlap.pfx
[2010/06/10 22:13:59 | 000,000,059 | ---- | C] () -- C:\Windows\SysNative\cmasiopx.ini
[2010/06/10 22:13:59 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini
[2010/06/10 22:13:48 | 000,359,424 | ---- | C] () -- C:\Windows\SysNative\CmiInstallResAll64.dll
[2010/06/10 22:13:48 | 000,002,778 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg
[2010/06/10 22:13:48 | 000,002,207 | ---- | C] () -- C:\Windows\cmudaxp.ini
[2010/06/10 22:13:48 | 000,000,178 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi
[2010/06/10 22:13:48 | 000,000,117 | ---- | C] () -- C:\Windows\System\Cmicnfgp.ini
[2010/06/10 21:54:05 | 000,001,015 | ---- | C] () -- C:\Users\W. Joe Smith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MemTurbo.lnk
[2010/06/10 21:52:38 | 000,001,031 | ---- | C] () -- C:\Users\W. Joe Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\foobar2000.lnk
[2010/06/10 21:51:39 | 000,001,066 | ---- | C] () -- C:\Users\W. Joe Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\VLC media player.lnk
[2010/06/10 21:50:47 | 000,000,967 | ---- | C] () -- C:\Users\W. Joe Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/06/10 19:58:51 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/06/10 19:58:20 | 000,000,822 | ---- | C] () -- C:\Users\W. Joe Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Directory Opus.lnk
[2010/06/10 19:56:23 | 000,002,029 | ---- | C] () -- C:\Users\W. Joe Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2010/06/10 19:56:11 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/06/10 19:56:00 | 000,001,963 | ---- | C] () -- C:\Users\W. Joe Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/10 19:50:40 | 000,001,365 | ---- | C] () -- C:\Users\W. Joe Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/10 19:39:21 | 006,815,744 | -HS- | C] () -- C:\Users\W. Joe Smith\NTUSER.DAT
[2010/06/10 19:39:21 | 000,524,288 | -HS- | C] () -- C:\Users\W. Joe Smith\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/06/10 19:39:21 | 000,524,288 | -HS- | C] () -- C:\Users\W. Joe Smith\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/06/10 19:39:21 | 000,262,144 | -HS- | C] () -- C:\Users\W. Joe Smith\ntuser.dat.LOG1
[2010/06/10 19:39:21 | 000,065,536 | -HS- | C] () -- C:\Users\W. Joe Smith\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/06/10 19:39:21 | 000,000,290 | ---- | C] () -- C:\Users\W. Joe Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/06/10 19:39:21 | 000,000,272 | ---- | C] () -- C:\Users\W. Joe Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/06/10 19:39:21 | 000,000,020 | -HS- | C] () -- C:\Users\W. Joe Smith\ntuser.ini
[2010/06/10 19:39:21 | 000,000,000 | -HS- | C] () -- C:\Users\W. Joe Smith\ntuser.dat.LOG2
[2010/05/18 01:47:52 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/08/16 10:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/05/29 15:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/05/29 15:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2007/02/05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows.old\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows.old\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows.old\Windows\System32\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows.old\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Users\W. Joe Smith\Desktop\Temp\Backup For Driver Genius Pro\Primary IDE Channel\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Users\W. Joe Smith\Desktop\Temp\Backup For Driver Genius Pro\Secondary IDE Channel\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows.old\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows.old\Windows\System32\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows.old\Windows\System32\drivers\iaStorV.sys
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows.old\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows.old\Windows\System32\netlogon.dll
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows.old\Windows\SysWOW64\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVATA.SYS >
[2005/08/18 05:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\Users\W. Joe Smith\Desktop\Temp\Backup For Driver Genius Pro\NVIDIA nForce4 Serial ATA Controller#1\nvata.sys
[2005/08/18 05:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\Users\W. Joe Smith\Desktop\Temp\Backup For Driver Genius Pro\NVIDIA nForce4 Serial ATA Controller\nvata.sys

< MD5 for: NVRAID.SYS >
[2009/07/13 21:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows.old\Windows\System32\drivers\nvraid.sys
[2009/07/13 21:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvraid.sys
[2009/07/13 21:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows.old\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvraid.sys
[2009/07/13 21:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvraid.sys
[2009/07/13 21:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows.old\Windows\System32\drivers\nvstor.sys
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows.old\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows.old\Windows\SysWOW64\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows.old\Windows\System32\scecli.dll
[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 185 bytes -> C:\ProgramData\TEMP:1AAB2E68
< End of report >



Extras.txt:


OTL Extras logfile created on: 8/7/2010 11:26:16 AM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\W. Joe Smith\Desktop
64bit- Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 73.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.43 Gb Total Space | 174.39 Gb Free Space | 62.41% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 130.15 Gb Free Space | 13.97% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 238.71 Gb Free Space | 25.63% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 59.79 Gb Free Space | 6.42% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 931.51 Gb Total Space | 1.46 Gb Free Space | 0.16% Space Free | Partition Type: NTFS
Drive I: | 931.51 Gb Total Space | 35.63 Gb Free Space | 3.83% Space Free | Partition Type: NTFS
Drive M: | 1863.01 Gb Total Space | 102.14 Gb Free Space | 5.48% Space Free | Partition Type: NTFS

Computer Name: WJOESMITH-PC
Current User Name: W. Joe Smith
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 60 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3269775659-219705555-767508609-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [foobar2000.enqueue] -- "C:\Program Files (x86)\foobar2000\foobar2000.exe" /add "%1" ()
Directory [foobar2000.play] -- "C:\Program Files (x86)\foobar2000\foobar2000.exe" "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [foobar2000.enqueue] -- "C:\Program Files (x86)\foobar2000\foobar2000.exe" /add "%1" ()
Directory [foobar2000.play] -- "C:\Program Files (x86)\foobar2000\foobar2000.exe" "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Scrabble2009\ScrabblePCR.exe" = C:\Program Files (x86)\Scrabble2009\ScrabblePCR.exe:*:Enabled:ScrabblePCR -- ()
"C:\Program Files (x86)\Scrabble2009\ScrabblePCR.exe" = C:\Program Files (x86)\Scrabble2009\ScrabblePCR.exe:*:Enabled:ScrabblePCR -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Scrabble2009\ScrabblePCR.exe" = C:\Program Files (x86)\Scrabble2009\ScrabblePCR.exe:*:Enabled:ScrabblePCR -- ()
"C:\Program Files (x86)\Scrabble2009\ScrabblePCR.exe" = C:\Program Files (x86)\Scrabble2009\ScrabblePCR.exe:*:Enabled:ScrabblePCR -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{23B45E10-0CA5-43E9-BD6D-C2BD6CBE11AC}" = iTunes
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{55E76113-3899-4A63-A308-71A9BD3491EE}" = MobileMe Control Panel
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.2.0
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{C6B80683-42E1-44BB-AB00-01DE6B82A393}" = ESET Smart Security
"{DE849015-10C0-4B37-A712-C8419834D42F}" = Diskeeper 2009 Pro Premier
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"C-Media Oxygen HD Audio Driver" = C-Media Oxygen HD Audio Device
"LockHunter_is1" = LockHunter version 1.0 beta 3, 64 bit edition
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"SP6" = Logitech SetPoint 6.0
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{2445981B-A23B-4A0E-AD15-3D391BDAEC3E}" = HDD Regenerator
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C556B5C-8EF7-47B4-AE05-FE71EEB2C25B}" = Plus Pack for Acronis True Image Home 2010
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}" = Snagit 10
"{5D4F167D-CCC8-413E-A6EE-F2FABBBBF50D}" = GPSoftware Directory Opus
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis True Image Home
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_VISPRO_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CD4D567E-44D7-4CDA-977D-C918D88FA3D9}_is1" = Memturbo ™ 4
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Home Center
"{E21DA178-9FB0-4F91-B79C-5A6DDEEBFB8D}" = Bing Bar Platform
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE24086F-3B0C-4C47-A874-97A7B8E2FBBE}" = aioscnnr
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AI RoboForm" = AI RoboForm (All Users)
"Canon MP560 series User Registration" = Canon MP560 series User Registration
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"dBpoweramp [Arrange Audio] Codec" = dBpoweramp [Arrange Audio] Codec
"dBpoweramp [Audio Info] Codec" = dBpoweramp [Audio Info] Codec
"dBpoweramp [Calculate Audio CRC] Codec" = dBpoweramp [Calculate Audio CRC] Codec
"dBpoweramp [Channel Split] Codec" = dBpoweramp [Channel Split] Codec
"dBpoweramp [ID Tag Update] Codec" = dBpoweramp [ID Tag Update] Codec
"dBpoweramp [Length Split] Codec" = dBpoweramp [Length Split] Codec
"dBpoweramp [Multi Encoder] Codec" = dBpoweramp [Multi Encoder] Codec
"dBpoweramp [ReplayGain] Codec" = dBpoweramp [ReplayGain] Codec
"dBpoweramp [Tag From Filename] Codec" = dBpoweramp [Tag From Filename] Codec
"dBpoweramp Dalet Codec" = dBpoweramp Dalet Codec
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec
"dBpoweramp m4a Codec" = dBpoweramp m4a Codec
"dBpoweramp Monkeys Audio Codec" = dBpoweramp Monkeys Audio Codec
"dBpoweramp Mp2 and BwfMp2 codec" = dBpoweramp Mp2 and BwfMp2 codec
"dBpoweramp mp3 (Fraunhofer IIS) Codec" = dBpoweramp mp3 (Fraunhofer IIS) Codec
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"dBpoweramp Ogg Vorbis Codec" = dBpoweramp Ogg Vorbis Codec
"dBpoweramp Real Audio (Helix) Encoder" = dBpoweramp Real Audio (Helix) Encoder
"dBPoweramp tooLame MP2 codec" = dBPoweramp tooLame MP2 codec
"dBpoweramp Wave64 Codec" = dBpoweramp Wave64 Codec
"dBpoweramp WavPack Codec" = dBpoweramp WavPack Codec
"dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"DVDFab 7_is1" = DVDFab 7.0.3.0 (26/03/2010)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"foobar2000" = foobar2000 v1.0.3
"FrostWire" = FrostWire 4.20.6
"GIRDAC Free PDF Creator" = GIRDAC Free PDF Creator
"Hoyle Card Games 2010" = Hoyle Card Games 2010 (remove only)
"Hoyle Puzzle & Board Games 2010" = Hoyle Puzzle & Board Games 2010 (remove only)
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"Intelliremote_2.0" = Intelliremote 2.7.9.912
"IsoBuster_is1" = IsoBuster 2.8
"jv16 PowerTools 2009_is1" = jv16 PowerTools 2009
"Money2007b" = Microsoft Money 2007
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Thunderbird (3.0.6)" = Mozilla Thunderbird (3.0.6)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"PowerISO" = PowerISO
"RTMshadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X
"Scrabble™ Interactive 2009 Edition_is1" = Scrabble™ Interactive 2009 Edition
"SP1shadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X Service Pack 1
"Tag&Rename_is1" = Tag&Rename 3.5.3
"TreeSize Professional_is1" = TreeSize Professional 5.2.2
"uTorrent" = µTorrent
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 1.0.5
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3269775659-219705555-767508609-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/26/2010 1:44:47 AM | Computer Name = WJoeSmith-PC | Source = Application Error | ID = 1000
Description = Faulting application name: dopus.exe, version: 4.0.0.8, time stamp:
0x47539597 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time stamp:
0x4ba9b802 Exception code: 0xc0000374 Fault offset: 0x00000000000c6df2 Faulting process
id: 0xadc Faulting application start time: 0x01cb2bb17118aed3 Faulting application
path: C:\Program Files\Directory Opus\dopus.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: e5fc4491-9878-11df-8c98-00241dca98ef

Error - 7/26/2010 2:15:47 AM | Computer Name = WJoeSmith-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\TechSmith\Snagit
10\SnagDX64.dll".Error in manifest or policy file "C:\Program Files (x86)\TechSmith\Snagit
10\Microsoft.VC90.MFC.MANIFEST" on line 11. Component identity found in manifest
does not match the identity of the component requested. Reference is Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1".
Definition
is Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Please
use sxstrace.exe for detailed diagnosis.

Error - 7/26/2010 2:15:49 AM | Computer Name = WJoeSmith-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\TechSmith\Snagit
10\SnagAA64.dll".Error in manifest or policy file "C:\Program Files (x86)\TechSmith\Snagit
10\Microsoft.VC90.MFC.MANIFEST" on line 11. Component identity found in manifest
does not match the identity of the component requested. Reference is Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1".
Definition
is Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Please
use sxstrace.exe for detailed diagnosis.

Error - 7/26/2010 2:15:52 AM | Computer Name = WJoeSmith-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\TechSmith\Snagit
10\SnagDx.dll".Error in manifest or policy file "C:\Program Files (x86)\TechSmith\Snagit
10\Microsoft.VC90.MFC.MANIFEST" on line 11. Component identity found in manifest
does not match the identity of the component requested. Reference is Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1".
Definition
is Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Please
use sxstrace.exe for detailed diagnosis.

Error - 7/26/2010 2:15:53 AM | Computer Name = WJoeSmith-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\TechSmith\Snagit
10\SnagAA.dll".Error in manifest or policy file "C:\Program Files (x86)\TechSmith\Snagit
10\Microsoft.VC90.MFC.MANIFEST" on line 11. Component identity found in manifest
does not match the identity of the component requested. Reference is Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1".
Definition
is Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Please
use sxstrace.exe for detailed diagnosis.

Error - 7/26/2010 2:15:54 AM | Computer Name = WJoeSmith-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\TechSmith\Snagit
10\SnagitET.dll".Error in manifest or policy file "C:\Program Files (x86)\TechSmith\Snagit
10\Microsoft.VC90.MFC.MANIFEST" on line 11. Component identity found in manifest
does not match the identity of the component requested. Reference is Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1".
Definition
is Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Please
use sxstrace.exe for detailed diagnosis.

Error - 7/26/2010 2:15:54 AM | Computer Name = WJoeSmith-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\TechSmith\Snagit
10\SnagEx64.dll".Error in manifest or policy file "C:\Program Files (x86)\TechSmith\Snagit
10\Microsoft.VC90.MFC.MANIFEST" on line 11. Component identity found in manifest
does not match the identity of the component requested. Reference is Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1".
Definition
is Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Please
use sxstrace.exe for detailed diagnosis.

Error - 7/26/2010 2:15:56 AM | Computer Name = WJoeSmith-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\TechSmith\Snagit
10\SnagEx.dll".Error in manifest or policy file "C:\Program Files (x86)\TechSmith\Snagit
10\Microsoft.VC90.MFC.MANIFEST" on line 11. Component identity found in manifest
does not match the identity of the component requested. Reference is Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1".
Definition
is Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Please
use sxstrace.exe for detailed diagnosis.

Error - 7/26/2010 2:16:04 AM | Computer Name = WJoeSmith-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Acronis\TrueImageHome\BartPE\Files\TrueImage.exe".
Dependent
Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/26/2010 2:16:45 AM | Computer Name = WJoeSmith-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\mozbackup\dll\DelZip179.dll".Error
in manifest or policy file "c:\program files (x86)\mozbackup\dll\DelZip179.dll"
on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is
invalid.

[ Media Center Events ]
Error - 6/11/2010 1:26:49 PM | Computer Name = WJoeSmith-PC | Source = MCUpdate | ID = 0
Description = 1:26:46 PM - Error connecting to the internet. 1:26:46 PM - Unable
to contact server..

Error - 6/11/2010 2:27:21 PM | Computer Name = WJoeSmith-PC | Source = MCUpdate | ID = 0
Description = 2:27:20 PM - Error connecting to the internet. 2:27:20 PM - Unable
to contact server..

Error - 6/11/2010 3:27:53 PM | Computer Name = WJoeSmith-PC | Source = MCUpdate | ID = 0
Description = 3:27:52 PM - Error connecting to the internet. 3:27:52 PM - Unable
to contact server..

Error - 6/11/2010 4:28:07 PM | Computer Name = WJoeSmith-PC | Source = MCUpdate | ID = 0
Description = 4:28:04 PM - Error connecting to the internet. 4:28:04 PM - Unable
to contact server..

[ System Events ]
Error - 8/1/2010 10:46:36 PM | Computer Name = WJoeSmith-PC | Source = Service Control Manager | ID = 7023
Description = The SPP Notification Service service terminated with the following
error: %%5

Error - 8/1/2010 11:46:36 PM | Computer Name = WJoeSmith-PC | Source = Service Control Manager | ID = 7023
Description = The SPP Notification Service service terminated with the following
error: %%5

Error - 8/2/2010 12:21:36 AM | Computer Name = WJoeSmith-PC | Source = Service Control Manager | ID = 7023
Description = The SPP Notification Service service terminated with the following
error: %%5

Error - 8/2/2010 12:46:36 AM | Computer Name = WJoeSmith-PC | Source = Service Control Manager | ID = 7023
Description = The SPP Notification Service service terminated with the following
error: %%5

Error - 8/2/2010 1:46:36 AM | Computer Name = WJoeSmith-PC | Source = Service Control Manager | ID = 7023
Description = The SPP Notification Service service terminated with the following
error: %%5

Error - 8/2/2010 2:21:36 AM | Computer Name = WJoeSmith-PC | Source = Service Control Manager | ID = 7023
Description = The SPP Notification Service service terminated with the following
error: %%5

Error - 8/2/2010 2:46:36 AM | Computer Name = WJoeSmith-PC | Source = Service Control Manager | ID = 7023
Description = The SPP Notification Service service terminated with the following
error: %%5

Error - 8/2/2010 3:46:36 AM | Computer Name = WJoeSmith-PC | Source = Service Control Manager | ID = 7023
Description = The SPP Notification Service service terminated with the following
error: %%5

Error - 8/2/2010 4:21:36 AM | Computer Name = WJoeSmith-PC | Source = Service Control Manager | ID = 7023
Description = The SPP Notification Service service terminated with the following
error: %%5

Error - 8/2/2010 4:46:36 AM | Computer Name = WJoeSmith-PC | Source = Service Control Manager | ID = 7023
Description = The SPP Notification Service service terminated with the following
error: %%5


< End of report >


#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:02 PM

Posted 08 August 2010 - 02:42 PM

hi,

please run a scan with Malwarebytes next:
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:02 PM

Posted 19 August 2010 - 06:15 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:02 PM

Posted 19 August 2010 - 06:51 AM

Topic reopened, please post your logs when ready.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:02 PM

Posted 25 August 2010 - 08:49 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users