Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Virus Removal Help


  • This topic is locked This topic is locked
13 replies to this topic

#1 wrikgee

wrikgee

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Marblehead, Massachusetts
  • Local time:09:40 AM

Posted 03 August 2010 - 09:35 PM

Hello, I have something infecting my computer, or it could be multiple things. The main issue is that my hard drive is constantly running and I hope this or these viruses haven't spread so much that I cannot fix them. I look at my task manager and the 'svchost.exe' is constantly running processes, which might not be an issue, but some the things are running, I am questioning. Like, there is this certain 'svchost' that is always the top memory process and if I look at the services, one of the is 'AudioEndpointBuilder'? I mean, I looked it up and it was legitimate, but I don't know if these are having issues or other processes/services are. However, I did the preparation and logged everything that I did. Please read it, it is only two paragraphs, as it will answer some question that I am sure you have. I really want to run MBAM, but will wait for your opinion on what to do next. I am going to post the logs (copy and paste them as well as do what else they say). I greatly appreciate any help you can give me. As I have not read much Step 9, I am most likely going to attach MY logfile (as I said, where I went through all eight steps and breifly describe what I did. Thanks again and have a great week. The following are the log results copied and pasted.

P.S. - If you have any questions or are confused as what I am having a problem with, please do not hesitate to write to me.

DDS LOG:


DDS (Ver_10-03-17.01) - NTFSX64
Run by TEST at 18:37:43.10 on Tue 08/03/2010
Internet Explorer: 8.0.6001.18928
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.2046.781 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\inetsrv\inetinfo.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SASHA\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
C:\Windows\SysWow64\perfhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\vds.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\iashost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\WindowsMobile\wmdSync.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~2\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\TEST\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5577
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files (x86)\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
mRun: [WAWifiMessage] "%ProgramFiles(x86)%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
mRun: [hpWirelessAssistant] "%ProgramFiles(x86)%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
mRun: [Conime] %windir%\system32\conime.exe
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
uPolicies-explorer: NoRealMode = 0 (0x0)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files (x86)\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
SSODL: GroupAreaFormat - {705d5ed9-e677-4ca2-b81d-0d562f843802} - c:\program files (x86)\common files\groupareaformat\GroupAreaFormat.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
TB-X64: BitDefender Toolbar: {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - "c:\program files\bitdefender\bitdefender 2010\IEToolbar.dll"
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
mRun-x64: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun-x64: [HP Health Check Scheduler] "c:\program files (x86)\hewlett-packard\hp health check\HPHC_Scheduler.exe"
mRun-x64: [BitDefender Antiphishing Helper 32] "c:\program files\bitdefender\bitdefender 2010\antispam32\IEShow.exe"
mRun-x64: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2010\IEShow.exe"
mRun-x64: [BDAgent] "c:\program files\bitdefender\bitdefender 2010\bdagent.exe"
mRun-x64: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun-x64: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
STS-X64: Windows DreamScene: {E31004D1-A431-41B8-826F-E902F9D95C81} - %SystemRoot%\System32\DreamScene.dll

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2006-12-18 52664]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\system32\drivers\BdfNdisf6.sys [2009-10-19 87048]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-11-18 27648]
R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2010\bdvedisk.sys [2009-9-22 103432]
R2 MSSQL$SASHA;SQL Server (SASHA);c:\program files\microsoft sql server\mssql10.sasha\mssql\binn\sqlservr.exe [2009-3-30 57617752]
R2 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2009-11-18 19968]
R3 BDFM;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-12-7 163936]
R3 CAXHWAZL;CAXHWAZL;c:\windows\system32\drivers\CAXHWAZL.sys [2006-10-18 296448]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-12-2 24664]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe [2010-6-20 304464]
S2 SQLAgent$SASHA;SQL Server Agent (SASHA);c:\program files\microsoft sql server\mssql10.sasha\mssql\binn\SQLAGENT.EXE [2009-3-30 427880]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-10-19 278224]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-11-23 89920]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-11-13 193840]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-11-18 27648]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-4-10 342320]
S3 WMSvc;Web Management Service;c:\windows\system32\inetsrv\WMSvc.exe [2009-11-18 12288]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework64\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-8-15 61976]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 311656]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-08-03 00:09:10 0 d-----w- c:\program files (x86)\ESET
2010-08-02 17:26:10 0 d-----w- c:\program files (x86)\Bonjour
2010-08-02 17:26:09 0 d-----w- c:\program files\Bonjour
2010-08-02 06:50:24 0 d-----w- C:\eBooks That I'm Studying
2010-08-02 06:39:15 0 d-----w- C:\eBooks & video demonstration
2010-08-02 06:06:36 0 d-----w- c:\programdata\Weskysoft
2010-08-02 00:15:48 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-08-02 00:15:48 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-08-02 00:15:48 145184 ----a-w- c:\windows\syswow64\java.exe
2010-08-01 22:50:51 423656 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-08-01 19:40:33 5295 ----a-w- c:\users\test\HP_Chat_Session_1_Aug_2010_15_40.html
2010-08-01 18:01:52 0 d-----w- c:\users\test\appdata\roaming\Runscanner.net
2010-08-01 18:01:52 0 d-----w- c:\program files (x86)\common files\GroupAreaFormat
2010-07-30 05:21:23 165888 ----a-w- c:\windows\MSPUNIN.EXE
2010-07-30 03:25:06 10752 ----a-w- c:\windows\syswow64\BASSMOD.dll
2010-07-29 07:12:27 0 d-----w- C:\Rbackup
2010-07-27 13:57:24 0 d-----w- C:\NerdDinner Backups
2010-07-25 14:18:33 1048576 ----a-w- C:\NerdDinner_log_bak.ldf
2010-07-25 14:18:33 1048576 ----a-w- C:\NerdDinner_log.LDF
2010-07-25 13:50:37 12800 ----a-w- c:\windows\system32\ftpctrs2.dll
2010-07-24 14:30:00 0 d-----w- C:\Visual Studio Projects and Versions
2010-07-24 01:02:35 0 d-----w- c:\program files (x86)\Security Task Manager
2010-07-23 20:01:18 42 ----a-w- c:\windows\syswow64\Jiii_PNUCT.pnc
2010-07-23 20:00:07 42 ----a-w- c:\windows\syswow64\AK083E209605E394C.lie
2010-07-23 19:59:44 0 d-----w- c:\program files\Perfect Uninstaller
2010-07-23 02:29:48 2048 ----a-w- c:\windows\syswow64\winrsmgr.dll
2010-07-23 02:29:48 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2010-07-23 02:29:43 13312 ----a-w- c:\windows\system32\wsmplpxy.dll
2010-07-23 02:29:43 13312 ----a-w- c:\windows\system32\winrssrv.dll
2010-07-23 02:29:29 10240 ----a-w- c:\windows\syswow64\wsmplpxy.dll
2010-07-23 02:29:28 10240 ----a-w- c:\windows\syswow64\winrssrv.dll
2010-07-23 02:29:14 53760 ----a-w- c:\windows\system32\pwrshplugin.dll
2010-07-23 02:29:13 41472 ----a-w- c:\windows\syswow64\pwrshplugin.dll
2010-07-23 02:29:11 24064 ----a-w- c:\windows\system32\winrshost.exe
2010-07-23 02:29:11 13824 ----a-w- c:\windows\system32\wsmprovhost.exe
2010-07-23 02:29:09 51200 ----a-w- c:\windows\system32\winrs.exe
2010-07-23 02:15:40 0 d-----w- c:\program files (x86)\Microsoft
2010-07-23 02:15:39 0 d-----w- c:\program files\Microsoft
2010-07-22 22:10:11 747520 ----a-w- C:\ReStore Registry.mdb
2010-07-22 02:59:52 0 d-----w- C:\msiinv
2010-07-22 02:35:42 66560 ----a-w- C:\msiinv.exe
2010-07-20 04:35:59 0 d-----w- C:\46b06152c4373afb6bbddcdd1143e0
2010-07-19 03:15:27 57393504 ----a-w- C:\SQLEXPR.EXE
2010-07-18 11:58:29 0 d-----w- c:\program files (x86)\Trend Micro
2010-07-18 03:58:46 956 ----a-w- C:\App_Data - Shortcut.lnk
2010-07-14 20:32:26 0 d-----w- c:\program files (x86)\Microsoft F#
2010-07-14 19:43:23 0 d-----w- C:\Visual Studio Backup Files
2010-07-14 02:42:21 1703936 ----a-w- C:\NerdDinner_bak.mdf
2010-07-14 02:42:21 1703936 ----a-w- C:\NerdDinner.mdf
2010-07-13 17:19:46 0 d-----w- c:\program files\vimfiles
2010-07-13 17:16:53 0 d-----w- c:\program files\vim
2010-07-13 15:55:06 0 d-----w- c:\program files\gVim 7.2
2010-07-13 15:54:48 693 ----a-w- c:\users\test\_viminfo
2010-07-13 15:51:53 983 ----a-w- c:\windows\gvimdiff.bat
2010-07-13 15:51:53 983 ----a-w- c:\windows\gview.bat
2010-07-13 15:51:53 983 ----a-w- c:\windows\evim.bat
2010-07-13 15:51:53 975 ----a-w- c:\windows\gvim.bat
2010-07-13 15:51:53 689 ----a-w- c:\windows\vimtutor.bat
2010-07-13 15:51:53 658 ----a-w- c:\windows\vimdiff.bat
2010-07-13 15:51:53 658 ----a-w- c:\windows\view.bat
2010-07-13 15:51:53 654 ----a-w- c:\windows\vim.bat
2010-07-13 15:48:05 17973754 ----a-w- c:\program files\vim72-376-x64.zip
2010-07-13 00:16:39 0 d-----w- C:\Temp
2010-07-13 00:14:18 0 d-----w- c:\program files (x86)\ImTOO
2010-07-11 23:55:28 0 d-----w- c:\program files (x86)\Foxit Software
2010-07-11 19:51:25 0 d-----w- c:\program files (x86)\common files\SureThing Shared
2010-07-11 19:49:39 0 d-----w- c:\program files (x86)\common files\Sonic Shared
2010-07-11 16:02:58 0 d-----w- C:\Perl
2010-07-11 15:03:06 121 ----a-w- c:\windows\bdagent.INI
2010-07-11 03:29:30 47 ----a-w- C:\FlazX.url
2010-07-10 17:37:38 1007 ----a-w- c:\windows\seRapid.INI
2010-07-10 17:33:00 0 d-----w- c:\users\test\appdata\roaming\Advanced Find and Replace 4
2010-07-10 17:32:59 0 d-----w- c:\program files (x86)\Advanced Find and Replace 4
2010-07-10 16:27:41 0 d-----w- c:\program files (x86)\seRapid
2010-07-10 14:42:43 73250 ----a-w- C:\$RVD06H8.srt
2010-07-10 14:42:43 60147 ----a-w- C:\$RU3WNHF.srt
2010-07-10 14:42:43 48660 ----a-w- C:\$RRGF39U.srt
2010-07-10 14:42:43 45053 ----a-w- C:\$RRY1VF8.srt
2010-07-10 14:42:43 39391 ----a-w- C:\$RQ8HIFR.srt
2010-07-10 14:42:43 29220 ----a-w- C:\$R6KLKRQ.srt
2010-07-10 14:36:42 45008 ----a-w- C:\Parallel Life [2010] 2of2.sub
2010-07-10 14:36:18 45008 ----a-w- C:\(before changed) Parallel Life [2010] 2of2.smi
2010-07-10 13:16:51 844314 ----a-w- c:\windows\system32\msdxm64.ocx
2010-07-08 21:00:19 3145728 ----a-w- C:\SlEventManager.mdf
2010-07-05 01:38:31 0 d-----w- c:\program files\Microsoft Analysis Services
2010-07-05 01:38:30 0 d-----w- c:\program files (x86)\Microsoft Analysis Services

==================== Find3M ====================

2010-08-02 19:28:39 86016 ----a-w- c:\windows\inf\infstor.dat
2010-08-02 19:28:39 51200 ----a-w- c:\windows\inf\infpub.dat
2010-08-02 19:28:39 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-08-02 16:18:04 13343 ----a-w- c:\program files (x86)\BitDefender Log in a Word Table Format.docx
2010-08-01 15:36:16 41520 ----a-w- c:\programdata\nvModes.dat
2010-07-30 21:08:24 911092 ----a-w- c:\windows\system32\perfh00A.dat
2010-07-30 21:08:24 224762 ----a-w- c:\windows\system32\perfc00A.dat
2010-07-13 17:19:46 901 ----a-w- c:\program files\_vimrc
2010-07-04 02:10:44 0 ----a-w- c:\users\test\appdata\roaming\wklnhst.dat
2010-06-18 03:13:33 2063 ----a-w- c:\windows\syswow64\secushr.dat
2010-05-26 17:23:46 48128 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 17:06:41 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-05-26 15:10:41 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\syswow64\atmfd.dll
2010-05-21 18:14:28 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-05-15 00:04:05 12978 ----a-w- c:\users\test\appdata\roaming\nvModes.dat
2010-04-28 19:34:14 40258 ----a-w- c:\windows\inf\perflib\0c0a\perfd.dat
2010-04-28 19:34:14 40258 ----a-w- c:\windows\inf\perflib\0c0a\perfc.dat
2010-04-28 19:34:14 336930 ----a-w- c:\windows\inf\perflib\0c0a\perfi.dat
2010-04-28 19:34:14 336930 ----a-w- c:\windows\inf\perflib\0c0a\perfh.dat
2009-12-05 09:43:22 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-20 22:49:25 174 --sha-w- c:\program files\desktop.ini
2009-11-20 22:49:25 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:32 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:32 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:32 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:32 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-11-21 03:32:52 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 18:45:39.81 ===============


/***** NOTE ABOUT ATTACH.TXT *****/

IT SAYS WHEN IT FIRST TALKS ABOUT THE DDS LOGFILE, TO PUT IT IN A .ZIP FILE. I AM GETTING CONTRADICTORY COMMANDS AND I DON'T WANT TO INSULT YOU ALL BY POSTING THE WRONG ONE. I AM GOING TO POST THE ATTCH.ZIP BECAUSE IT IS SMALLER AND THAT WAS HOW I ORIGINALLY DID IT, I HOPE THAT THIS IS OKAY.

/***** END ATTACH.TXT NOTE *****/

I am now going to upload the 'Attach.zip', the 'ark.txt' and the log that I wrote.

Attached Files



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:40 PM

Posted 12 August 2010 - 07:46 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 wrikgee

wrikgee
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Marblehead, Massachusetts
  • Local time:09:40 AM

Posted 12 August 2010 - 08:14 PM

I has been a few weeks since I wrote this question, but naturally I understand that your queue must be huge, and you all must be swamped to the nth degree. I would like to help someday as I learn more and more, which I am. I am a developer, engineer, architect, so I know code all the way down to the computer level. That is not bragging, thst is a partial cover letter ;-) . I just rewrote a log using word, and it was over a page long. I wrote what I could remember. So here it is and thank you for getting to me. I greatly appreciate it:

8/12/10 – Log of What I Do During this Computer Issue
Epilogue: Before receiving your message -
Hello ‘elise025’ and thank you for replying to my issue. Let me tell you that I have been running MBAM and Spybot (because some detect issues that the other doesn’t, do you happen to know if there is a better program that will do a great job and catch the spyware that both of these programs do? Anyway, I never caught anything major, mostly temp files, cookies and registry entries that were issues. If you would like, I believe I have them in my quarantine folder, I am not one-hundred percent sure, but I might, I can sent the issues that I got. Just let me know. However, I will not run anything unless you suggest that I do as of now.

My OS is Vista Ultimate (a 64 bit OS). I will tell you that I am frequently use Visual Studio 2008 and 2010, and SQL Server 2008 on my machine, so I know that these open many ports needed for their extended services. When I can afford a server, I will host them on it, but right now I am consultanting and learning the newer technologies. But these two services run, and I believe that there are multiple ports open, on windows startup, so even when these programs are not being used, these services are running. I think that these services and open ports are a haven for hackers (but I am only guessing). Of course, I am a programmer, not a network administrator, so I don’t looks for open ports, which I should understand more about in order to keep my computers safe. I assume the firewall should be doing this, but it doesn’t appear to be doing a great job.
The major issue is that my HDD LED is constantly running. I have these two ‘svchost.exe’ processes that are sucking up the most memory, it is not draining me, but they are large, and I looked up the services that they are running and most seem legit, but as I told you, either one of the could be corrupt or whatever. Currently I have one browser window open and Microsoft Word running, but like I said, these services/processes are running, along with those ‘svchost.exe’ files growing larger and larger.
I am using Windows Firewall (not the BitDefender Firewall). BitDefender has a grey icon in my task bar whereas it is usually red. When I hover over it, it says pretty much that the BitDefender services are not running, so I don’t know if a service got corrupted, but I have to figure that out as well, and I know that you are not here to fix my computer, but to rid it of these nasty malware attacks, but it is possible that the malware deleted a service or ‘.dll’ that was running it. I will have to look into that I believe because it is not your issue. I am merely supplying you with information that deals with the issue at hand.
Another anti-hacker /malware product that I have been using is HijackThis. It can be dangerous if you don’t know what you are deleting, but I made sure I deleted what needed to be before I deleted anything. But, if you want to see any of the logs, I will be happy to supply you with them. I ran the scan against the HijackThis! Log Auto Analyzer v2’ site ‘hjt.networktechs.com’, but I do not think (and I have not ran it against it recently, but before) that it was taking into account that this is a 64 bit OS. I only say this because many of the entries that they said were not good looked fine. And today I found the ‘hijackthis.de’ which seems much more legitimate, and appears to take into account that this is not a 32 but OS. And I have to say this again, I can only speculate. You know and I don’t. So you asked to write anything I have done to try to fix the issue. That was what I could remember, so that is what I supplied to you. I am about to begin your first step so I look forward to working with you, thank you very much.


#4 wrikgee

wrikgee
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Marblehead, Massachusetts
  • Local time:09:40 AM

Posted 12 August 2010 - 10:38 PM

Elise, hello again and I appreciate everything this site does. I need to mention 2 things, one about each program:

OTL:

When I ran a scan, it only produced the OTL.txt file. I suspect that it is because I have ran this program before and there are registry settings that are stored to return back to how you had it the last time (maybe or maybe not, I am guessing). Anyway, I changed two things to get Extras.txt to be displayed. First, I unchecked 'Include 64bit Scans'. I think this might have been the problem, but I also moved the 'Extra Registry' radio button from 'None' to 'Use SafeList'. I do not know if you wanted these results, but all of the other radio button groups were defaulted to 'Use SafeList'. Regardless, by switching these two settings, it produced 'Extras.txt'. Please let me know if you need it done a different way.

Gmer (v7eksvlq.exe):

Also, when I run Gmer (or v7eksvlq.exe), there are a number of check boxes on the right that are greyed out. It goes from the top one 'System' all the way down to 'Libraries'. then on the bottom, 'Show all' is greyed out as well. What is checked off is 'Services', 'Registry', 'Files', the 'C:\' Drive and 'ADS'. I don't know if it is because of my OS (being not 32 bit), but will the log file show you what you need? If not, please direct me to another program that will display the information that is required.

Anway, as requested, here are the logfiles:

OTL:

OTL.exe -

OTL logfile created on: 8/12/2010 10:02:21 PM - Run 10
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\TEST\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 48.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 141.49 Gb Total Space | 33.96 Gb Free Space | 24.00% Space Free | Partition Type: NTFS
Drive D: | 7.56 Gb Total Space | 1.04 Gb Free Space | 13.81% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TEST-PC
Current User Name: TEST
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\TEST\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
PRC - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLSched.exe ()
PRC - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\TEST\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_53\midas32.dll (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_53\plugin_net.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_53\plugin_extra.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_53\plugin_nt.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_53\plugin_base.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_53\plugin_fragments.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_53\plugin_registry.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_53\leaktests.m32 (BitDefender SRL)
MOD - C:\WINDOWS\SysWOW64\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (WAS) -- C:\WINDOWS\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\WINDOWS\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_64) -- C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AppHostSvc) -- C:\WINDOWS\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (RapiMgr) -- C:\WINDOWS\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
SRV - (WcesComm) -- C:\WINDOWS\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files (x86)\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (MBAMProtector) -- C:\WINDOWS\SysWOW64\drivers\mbam.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\S-1-5-21-2952794803-3157024702-141513974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKU\S-1-5-21-2952794803-3157024702-141513974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2952794803-3157024702-141513974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKU\S-1-5-21-2952794803-3157024702-141513974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: fiddlerhook@fiddler2.com:2.2.4.7
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.87
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 8888
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 8888
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files (x86)\Fiddler2\FiddlerHook [2010/01/19 23:43:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/08/05 02:43:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/05 02:43:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/05 02:42:07 | 000,000,000 | ---D | M]

[2010/08/04 22:17:45 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\mozilla\Extensions
[2010/08/05 03:08:36 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\mozilla\Firefox\Profiles\fkh8bfyy.default\extensions
[2010/08/04 22:23:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\TEST\AppData\Roaming\mozilla\Firefox\Profiles\fkh8bfyy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/05 03:08:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TEST\AppData\Roaming\mozilla\Firefox\Profiles\fkh8bfyy.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/08/04 23:23:03 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\mozilla\Firefox\Profiles\fkh8bfyy.default\extensions\firebug@software.joehewitt.com
[2010/08/04 22:16:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/07/20 11:23:59 | 000,000,002 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2952794803-3157024702-141513974-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [Conime] C:\WINDOWS\SysWOW64\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [hpWirelessAssistant] File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [WAWifiMessage] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-2952794803-3157024702-141513974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRealMode = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O21 - SSODL: GroupAreaFormat - {705d5ed9-e677-4ca2-b81d-0d562f843802} - C:\Program Files (x86)\Common Files\GroupAreaFormat\GroupAreaFormat.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\HPWave.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\HPWave.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -H-- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/12 21:15:08 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\TEST\Desktop\OTL.exe
[2010/08/10 15:17:27 | 000,000,000 | ---D | C] -- C:\Users\TEST\Desktop\New Resume - Monster.com Skills.txt
[2010/08/09 18:33:27 | 000,000,000 | ---D | C] -- C:\Office 2000 Professional
[2010/08/09 15:15:19 | 000,000,000 | ---D | C] -- C:\WROX
[2010/08/09 07:19:30 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Roaming\PeerNetworking
[2010/08/08 02:56:44 | 000,000,000 | ---D | C] -- C:\Users\TEST\Documents\My eBooks
[2010/08/08 02:56:44 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Roaming\Mobipocket
[2010/08/08 02:52:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobipocket.com
[2010/08/07 00:06:03 | 000,000,000 | ---D | C] -- C:\RegistryDB
[2010/08/06 23:07:04 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Roaming\Microsoft Web Folders
[2010/08/06 16:59:16 | 000,000,000 | ---D | C] -- C:\dell
[2010/08/06 12:02:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/08/06 12:01:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/08/05 23:50:54 | 000,000,000 | ---D | C] -- C:\Users\TEST\Documents\My Kindle Content
[2010/08/05 23:50:54 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Roaming\Amazon
[2010/08/05 23:50:54 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\Amazon
[2010/08/05 23:50:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2010/08/04 22:31:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2010/08/04 22:23:47 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/08/04 22:17:28 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Roaming\Mozilla
[2010/08/04 22:17:28 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\Mozilla
[2010/08/04 22:16:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/08/04 22:10:03 | 000,000,000 | ---D | C] -- C:\Users\TEST\Documents\Aptana Studio Workspace
[2010/08/04 22:08:22 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\Aptana Studio 2.0
[2010/08/02 18:04:34 | 000,000,000 | R--D | C] -- C:\Users\TEST\Documents\Notes
[2010/08/02 02:50:24 | 000,000,000 | ---D | C] -- C:\eBooks That I'm Studying
[2010/08/02 02:06:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Weskysoft
[2010/08/01 20:15:48 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/08/01 20:15:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/08/01 20:15:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/08/01 18:50:51 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/08/01 14:01:52 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Roaming\Runscanner.net
[2010/08/01 14:01:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\GroupAreaFormat
[2010/08/01 12:08:17 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/08/01 11:54:01 | 000,000,000 | ---D | C] -- C:\Users\TEST\Desktop\Desktop Uninstalled Application Files
[2010/07/29 23:31:17 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\IXP04CBE.tmp
[2010/07/29 03:12:27 | 000,000,000 | ---D | C] -- C:\Rbackup
[2010/07/27 09:57:24 | 000,000,000 | ---D | C] -- C:\NerdDinner Backups
[2010/07/24 10:30:00 | 000,000,000 | ---D | C] -- C:\Visual Studio Projects and Versions
[2010/07/23 21:02:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2010/07/23 20:37:39 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Roaming\Help
[2010/07/23 20:37:39 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\Help
[2010/07/22 22:29:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrsmgr.dll
[2010/07/22 22:29:29 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmplpxy.dll
[2010/07/22 22:29:28 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrssrv.dll
[2010/07/22 22:29:13 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pwrshplugin.dll
[2010/07/22 22:28:51 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecapi.dll
[2010/07/22 22:28:51 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmRes.dll
[2010/07/22 22:28:50 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wevtfwd.dll
[2010/07/22 22:28:50 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecutil.exe
[2010/07/22 22:28:50 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrs.exe
[2010/07/22 22:28:50 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrshost.exe
[2010/07/22 22:28:50 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmprovhost.exe
[2010/07/22 22:28:18 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrscmd.dll
[2010/07/22 22:28:18 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmWmiPl.dll
[2010/07/22 22:28:18 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAuto.dll
[2010/07/22 22:28:17 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManMigrationPlugin.dll
[2010/07/22 22:28:17 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManHTTPConfig.exe
[2010/07/22 22:15:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010/07/21 22:59:52 | 000,000,000 | ---D | C] -- C:\msiinv
[2010/07/21 09:20:31 | 000,000,000 | ---D | C] -- C:\Users\TEST\Documents\SQL Server 2005 Upgrade Advisor Reports
[2010/07/20 00:35:59 | 000,000,000 | ---D | C] -- C:\46b06152c4373afb6bbddcdd1143e0
[2010/07/18 13:15:07 | 000,000,000 | ---D | C] -- C:\Users\TEST\Desktop\HijackThis Logs
[2010/07/18 07:58:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/07/14 16:32:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft F#
[2010/07/14 15:43:23 | 000,000,000 | ---D | C] -- C:\Visual Studio Backup Files
[2010/07/13 23:05:23 | 000,000,000 | ---D | C] -- C:\Users\TEST\Desktop\Silverlight & SQL Server downloads
[2 C:\Users\TEST\AppData\Local\*.tmp files -> C:\Users\TEST\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/12 22:01:41 | 012,582,912 | -HS- | M] () -- C:\Users\TEST\ntuser.dat
[2010/08/12 21:14:34 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\TEST\Desktop\OTL.exe
[2010/08/12 20:51:11 | 000,002,557 | ---- | M] () -- C:\Users\TEST\Desktop\HiJackThis.lnk
[2010/08/12 20:24:18 | 000,085,504 | ---- | M] () -- C:\Users\TEST\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/12 19:50:44 | 000,047,536 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/08/12 19:50:44 | 000,047,536 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/08/12 19:50:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/12 18:49:13 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/12 18:49:04 | 2146,025,472 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/12 00:57:32 | 000,524,288 | -HS- | M] () -- C:\Users\TEST\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000001.regtrans-ms
[2010/08/12 00:57:32 | 000,065,536 | -HS- | M] () -- C:\Users\TEST\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TM.blf
[2010/08/12 00:57:13 | 004,425,555 | -H-- | M] () -- C:\Users\TEST\AppData\Local\IconCache.db
[2010/08/10 12:24:55 | 000,034,993 | ---- | M] () -- C:\Users\TEST\Desktop\Resume 7-2010 Updating File.docx
[2010/08/09 10:31:42 | 000,109,712 | ---- | M] () -- C:\Users\TEST\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/09 08:25:37 | 000,000,968 | ---- | M] () -- C:\Users\TEST\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/08/09 08:18:01 | 000,000,350 | ---- | M] () -- C:\Windows\win.ini
[2010/08/09 07:19:30 | 000,024,226 | ---- | M] () -- C:\Users\TEST\AppData\Roaming\UserTile.png
[2010/08/09 01:49:27 | 000,001,189 | ---- | M] () -- C:\Users\TEST\AppData\Roaming\vso_ts_preview.xml
[2010/08/09 01:07:49 | 000,058,880 | ---- | M] () -- C:\Users\TEST\Documents\bank statement.doc
[2010/08/08 03:16:42 | 000,002,629 | ---- | M] () -- C:\Users\TEST\Desktop\Mobipocket Reader.lnk
[2010/08/07 22:34:14 | 000,000,541 | ---- | M] () -- C:\Users\TEST\Desktop\eBooks - Shortcut.lnk
[2010/08/06 23:11:10 | 000,000,520 | ---- | M] () -- C:\Windows\ODBC.INI
[2010/08/06 23:08:41 | 000,001,901 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/08/04 22:17:34 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/08/04 22:17:20 | 000,001,802 | ---- | M] () -- C:\Users\TEST\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/04 22:17:20 | 000,001,778 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/04 22:09:01 | 000,000,939 | ---- | M] () -- C:\Users\TEST\Application Data\Microsoft\Internet Explorer\Quick Launch\Aptana Studio 2.0.lnk
[2010/08/04 22:09:01 | 000,000,937 | ---- | M] () -- C:\Users\TEST\Desktop\Aptana Studio 2.0.lnk
[2010/08/03 23:01:34 | 000,000,681 | ---- | M] () -- C:\Users\TEST\Desktop\BleepingComputer Folder for 8-10.lnk
[2010/08/03 19:15:37 | 000,000,000 | ---- | M] () -- C:\Users\TEST\defogger_reenable
[2010/08/02 12:18:04 | 000,013,343 | ---- | M] () -- C:\Program Files (x86)\BitDefender Log in a Word Table Format.docx
[2010/08/01 20:15:32 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/08/01 20:15:32 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/08/01 20:15:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/08/01 20:15:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/08/01 15:40:23 | 000,005,295 | ---- | M] () -- C:\Users\TEST\HP_Chat_Session_1_Aug_2010_15_40.html
[2010/07/30 02:20:26 | 001,936,344 | ---- | M] () -- C:\Users\TEST\Documents\essential_job_skills.pdf
[2010/07/30 02:19:59 | 000,398,707 | ---- | M] () -- C:\Users\TEST\Documents\Verification_paper-071709.pdf
[2010/07/29 23:31:39 | 000,010,752 | ---- | M] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010/07/29 03:01:51 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/07/25 03:37:23 | 000,001,265 | ---- | M] () -- C:\Users\TEST\Desktop\Microsoft Visual Studio 2008.lnk
[2010/07/24 01:42:51 | 000,002,208 | ---- | M] () -- C:\Users\TEST\Documents\CD Drive.reg
[2010/07/23 21:02:39 | 000,000,992 | ---- | M] () -- C:\Users\TEST\Desktop\Security Task Manager.lnk
[2010/07/23 21:01:28 | 000,000,168 | ---- | M] () -- C:\Users\TEST\Documents\Neuber Gbr.reg
[2010/07/23 16:01:18 | 000,000,042 | ---- | M] () -- C:\Windows\SysWow64\Jiii_PNUCT.pnc
[2010/07/23 16:00:07 | 000,000,042 | ---- | M] () -- C:\Windows\SysWow64\AK083E209605E394C.lie
[2010/07/23 15:59:49 | 000,000,751 | ---- | M] () -- C:\Users\TEST\Application Data\Microsoft\Internet Explorer\Quick Launch\Perfect Uninstaller.lnk
[2010/07/23 15:59:49 | 000,000,727 | ---- | M] () -- C:\Users\TEST\Desktop\Perfect Uninstaller.lnk
[2010/07/23 10:14:36 | 000,000,000 | -H-- | M] () -- C:\Users\TEST\Documents\Default.rdp
[2010/07/22 18:09:50 | 000,747,520 | ---- | M] () -- C:\ReStore Registry.mdb
[2010/07/20 00:52:14 | 002,199,394 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2 C:\Users\TEST\AppData\Local\*.tmp files -> C:\Users\TEST\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/10 12:24:53 | 000,034,993 | ---- | C] () -- C:\Users\TEST\Desktop\Resume 7-2010 Updating File.docx
[2010/08/10 10:42:24 | 000,536,910 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_ATL80SP1_KB973923MSI29CE.txt
[2010/08/10 10:42:20 | 000,011,668 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_ATL80SP1_KB973923UI29CE.txt
[2010/08/09 07:19:30 | 000,024,226 | ---- | C] () -- C:\Users\TEST\AppData\Roaming\UserTile.png
[2010/08/09 01:07:45 | 000,058,880 | ---- | C] () -- C:\Users\TEST\Documents\bank statement.doc
[2010/08/08 02:52:29 | 000,002,629 | ---- | C] () -- C:\Users\TEST\Desktop\Mobipocket Reader.lnk
[2010/08/07 22:34:14 | 000,000,541 | ---- | C] () -- C:\Users\TEST\Desktop\eBooks - Shortcut.lnk
[2010/08/06 23:08:41 | 000,001,901 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/08/04 22:17:34 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/08/04 22:17:20 | 000,001,802 | ---- | C] () -- C:\Users\TEST\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/04 22:17:20 | 000,001,778 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/04 22:09:01 | 000,000,939 | ---- | C] () -- C:\Users\TEST\Application Data\Microsoft\Internet Explorer\Quick Launch\Aptana Studio 2.0.lnk
[2010/08/04 22:09:01 | 000,000,937 | ---- | C] () -- C:\Users\TEST\Desktop\Aptana Studio 2.0.lnk
[2010/08/03 23:01:34 | 000,000,681 | ---- | C] () -- C:\Users\TEST\Desktop\BleepingComputer Folder for 8-10.lnk
[2010/08/03 19:15:37 | 000,000,000 | ---- | C] () -- C:\Users\TEST\defogger_reenable
[2010/08/03 18:59:21 | 000,647,116 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_NET_Framework35_LangPack_MSI0347.txt
[2010/08/02 12:18:03 | 000,013,343 | ---- | C] () -- C:\Program Files (x86)\BitDefender Log in a Word Table Format.docx
[2010/08/02 04:50:43 | 000,003,266 | ---- | C] () -- C:\Users\TEST\AppData\Local\setup.log
[2010/08/02 04:49:06 | 000,656,148 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_NET_Framework35_LangPack_MSI2A63.txt
[2010/08/01 15:40:33 | 000,005,295 | ---- | C] () -- C:\Users\TEST\HP_Chat_Session_1_Aug_2010_15_40.html
[2010/08/01 13:20:28 | 000,001,265 | ---- | C] () -- C:\Users\TEST\Desktop\Microsoft Visual Studio 2008.lnk
[2010/07/30 02:20:26 | 001,936,344 | ---- | C] () -- C:\Users\TEST\Documents\essential_job_skills.pdf
[2010/07/30 02:19:59 | 000,398,707 | ---- | C] () -- C:\Users\TEST\Documents\Verification_paper-071709.pdf
[2010/07/30 01:21:23 | 000,165,888 | ---- | C] () -- C:\Windows\MSPUNIN.EXE
[2010/07/29 23:25:06 | 000,010,752 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010/07/25 16:28:00 | 000,646,762 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_NET_Framework35_LangPack_MSI503E.txt
[2010/07/25 16:27:38 | 000,000,002 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_dotnetfx35error_lp.txt
[2010/07/25 16:27:37 | 000,307,366 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_dotnetfx35install_lp.txt
[2010/07/25 16:21:58 | 000,860,346 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2010/07/25 16:21:40 | 000,000,002 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_dotnetfx35error.txt
[2010/07/25 16:21:39 | 000,739,530 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_dotnetfx35install.txt
[2010/07/25 02:24:39 | 000,282,192 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_i64RuntimeMSI4AC1.txt
[2010/07/25 02:24:38 | 000,011,146 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_i64RuntimeUI4AC1.txt
[2010/07/25 02:24:23 | 000,384,306 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_x64RuntimeMSI4A8C.txt
[2010/07/25 02:24:22 | 000,011,208 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_x64RuntimeUI4A8C.txt
[2010/07/25 02:23:59 | 000,396,582 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_x86RuntimeMSI4A3E.txt
[2010/07/25 02:23:58 | 000,011,208 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_x86RuntimeUI4A3E.txt
[2010/07/24 01:42:51 | 000,002,208 | ---- | C] () -- C:\Users\TEST\Documents\CD Drive.reg
[2010/07/23 23:03:30 | 000,000,992 | ---- | C] () -- C:\Users\TEST\Desktop\Security Task Manager.lnk
[2010/07/23 21:01:28 | 000,000,168 | ---- | C] () -- C:\Users\TEST\Documents\Neuber Gbr.reg
[2010/07/23 16:01:18 | 000,000,042 | ---- | C] () -- C:\Windows\SysWow64\Jiii_PNUCT.pnc
[2010/07/23 16:00:07 | 000,000,042 | ---- | C] () -- C:\Windows\SysWow64\AK083E209605E394C.lie
[2010/07/23 15:59:49 | 000,000,751 | ---- | C] () -- C:\Users\TEST\Application Data\Microsoft\Internet Explorer\Quick Launch\Perfect Uninstaller.lnk
[2010/07/23 15:59:49 | 000,000,727 | ---- | C] () -- C:\Users\TEST\Desktop\Perfect Uninstaller.lnk
[2010/07/23 10:14:36 | 000,000,000 | -H-- | C] () -- C:\Users\TEST\Documents\Default.rdp
[2010/07/22 22:28:26 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs
[2010/07/22 22:28:26 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml
[2010/07/22 22:28:26 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl
[2010/07/22 18:10:11 | 000,747,520 | ---- | C] () -- C:\ReStore Registry.mdb
[2010/07/21 07:28:36 | 000,282,186 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_i64RuntimeMSI7ADB.txt
[2010/07/21 07:28:35 | 000,011,146 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_i64RuntimeUI7ADB.txt
[2010/07/21 07:28:29 | 000,386,464 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_x64RuntimeMSI7AC7.txt
[2010/07/21 07:28:29 | 000,011,144 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_x64RuntimeUI7AC7.txt
[2010/07/21 07:28:11 | 000,399,826 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_x86RuntimeMSI7A89.txt
[2010/07/21 07:28:10 | 000,011,192 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_x86RuntimeUI7A89.txt
[2010/07/18 07:58:29 | 000,002,557 | ---- | C] () -- C:\Users\TEST\Desktop\HiJackThis.lnk
[2010/07/11 11:03:06 | 000,000,121 | ---- | C] () -- C:\Windows\bdagent.INI
[2010/07/10 13:37:38 | 000,001,007 | ---- | C] () -- C:\Windows\seRapid.INI
[2010/06/20 19:09:53 | 000,034,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\mbamcatchme.sys
[2010/06/20 19:09:53 | 000,015,864 | ---- | C] () -- C:\Windows\SysWow64\drivers\mbam.sys
[2010/06/17 22:36:44 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/11/23 00:55:02 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/11/23 00:51:35 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/11/20 23:51:42 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/11/20 23:51:41 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/11/18 12:05:09 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2009/11/16 13:59:42 | 000,000,520 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/11/13 19:02:04 | 000,000,291 | ---- | C] () -- C:\Windows\SysWow64\XMLConfig_SYSID.ini
[2009/11/13 17:50:01 | 002,199,394 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/02/07 10:05:18 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\hppatusg01.dll
[2006/11/29 03:32:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\px.ini
[2006/09/24 23:02:34 | 000,520,192 | ---- | C] () -- C:\Windows\SysWow64\CddbPlaylist2Roxio.dll
[2006/09/24 23:02:34 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\CddbFileTaggerRoxio.dll
[2004/09/16 16:24:26 | 003,375,104 | ---- | C] () -- C:\Windows\SysWow64\qt-mt331.dll
[2002/10/15 18:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 191 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >
PRC - C:\Users\TEST\Desktop\OTL.exe (OldTimer Tools)


========== Modules (SafeList) ==========

MOD - C:\Users\TEST\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_53\midas32.dll (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_53\plugin_net.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_53\plugin_extra.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_53\plugin_nt.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_53\plugin_base.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_53\plugin_fragments.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_53\plugin_registry.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_53\leaktests.m32 (BitDefender SRL)
MOD - C:\WINDOWS\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\SysWOW64\normaliz.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (WAS) -- C:\WINDOWS\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\WINDOWS\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_64) -- C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AppHostSvc) -- C:\WINDOWS\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (RapiMgr) -- C:\WINDOWS\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
SRV - (WcesComm) -- C:\WINDOWS\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files (x86)\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (MBAMProtector) -- C:\WINDOWS\SysWOW64\drivers\mbam.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\S-1-5-21-2952794803-3157024702-141513974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKU\S-1-5-21-2952794803-3157024702-141513974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2952794803-3157024702-141513974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKU\S-1-5-21-2952794803-3157024702-141513974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: fiddlerhook@fiddler2.com:2.2.4.7
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.87
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 8888
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 8888
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files (x86)\Fiddler2\FiddlerHook [2010/01/19 23:43:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/08/05 02:43:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/05 02:43:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/05 02:42:07 | 000,000,000 | ---D | M]

[2010/08/04 22:17:45 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\mozilla\Extensions
[2010/08/05 03:08:36 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\mozilla\Firefox\Profiles\fkh8bfyy.default\extensions
[2010/08/04 22:23:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\TEST\AppData\Roaming\mozilla\Firefox\Profiles\fkh8bfyy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/05 03:08:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TEST\AppData\Roaming\mozilla\Firefox\Profiles\fkh8bfyy.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/08/04 23:23:03 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\mozilla\Firefox\Profiles\fkh8bfyy.default\extensions\firebug@software.joehewitt.com
[2010/08/04 22:16:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/07/20 11:23:59 | 000,000,002 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2952794803-3157024702-141513974-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [Conime] C:\WINDOWS\SysWOW64\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [hpWirelessAssistant] File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [WAWifiMessage] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-2952794803-3157024702-141513974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRealMode = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O21 - SSODL: GroupAreaFormat - {705d5ed9-e677-4ca2-b81d-0d562f843802} - C:\Program Files (x86)\Common Files\GroupAreaFormat\GroupAreaFormat.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\HPWave.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\HPWave.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -H-- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/12 21:15:08 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\TEST\Desktop\OTL.exe
[2010/08/10 15:17:27 | 000,000,000 | ---D | C] -- C:\Users\TEST\Desktop\New Resume - Monster.com Skills.txt
[2010/08/09 18:33:27 | 000,000,000 | ---D | C] -- C:\Office 2000 Professional
[2010/08/09 15:15:19 | 000,000,000 | ---D | C] -- C:\WROX
[2010/08/09 07:19:30 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Roaming\PeerNetworking
[2010/08/08 02:56:44 | 000,000,000 | ---D | C] -- C:\Users\TEST\Documents\My eBooks
[2010/08/08 02:56:44 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Roaming\Mobipocket
[2010/08/08 02:52:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobipocket.com
[2010/08/07 00:06:03 | 000,000,000 | ---D | C] -- C:\RegistryDB
[2010/08/06 23:07:04 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Roaming\Microsoft Web Folders
[2010/08/06 16:59:16 | 000,000,000 | ---D | C] -- C:\dell
[2010/08/06 12:02:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/08/06 12:01:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/08/05 23:50:54 | 000,000,000 | ---D | C] -- C:\Users\TEST\Documents\My Kindle Content
[2010/08/05 23:50:54 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Roaming\Amazon
[2010/08/05 23:50:54 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\Amazon
[2010/08/05 23:50:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2010/08/04 22:31:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2010/08/04 22:23:47 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/08/04 22:17:28 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Roaming\Mozilla
[2010/08/04 22:17:28 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\Mozilla
[2010/08/04 22:16:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/08/04 22:10:03 | 000,000,000 | ---D | C] -- C:\Users\TEST\Documents\Aptana Studio Workspace
[2010/08/04 22:08:22 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\Aptana Studio 2.0
[2010/08/02 18:04:34 | 000,000,000 | R--D | C] -- C:\Users\TEST\Documents\Notes
[2010/08/02 02:50:24 | 000,000,000 | ---D | C] -- C:\eBooks That I'm Studying
[2010/08/02 02:06:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Weskysoft
[2010/08/01 20:15:48 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/08/01 20:15:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/08/01 20:15:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/08/01 18:50:51 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/08/01 14:01:52 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Roaming\Runscanner.net
[2010/08/01 14:01:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\GroupAreaFormat
[2010/08/01 12:08:17 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/08/01 11:54:01 | 000,000,000 | ---D | C] -- C:\Users\TEST\Desktop\Desktop Uninstalled Application Files
[2010/07/29 23:31:17 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\IXP04CBE.tmp
[2010/07/29 03:12:27 | 000,000,000 | ---D | C] -- C:\Rbackup
[2010/07/27 09:57:24 | 000,000,000 | ---D | C] -- C:\NerdDinner Backups
[2010/07/24 10:30:00 | 000,000,000 | ---D | C] -- C:\Visual Studio Projects and Versions
[2010/07/23 21:02:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2010/07/23 20:37:39 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Roaming\Help
[2010/07/23 20:37:39 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\Help
[2010/07/22 22:29:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrsmgr.dll
[2010/07/22 22:29:29 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmplpxy.dll
[2010/07/22 22:29:28 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrssrv.dll
[2010/07/22 22:29:13 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pwrshplugin.dll
[2010/07/22 22:28:51 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecapi.dll
[2010/07/22 22:28:51 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmRes.dll
[2010/07/22 22:28:50 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wevtfwd.dll
[2010/07/22 22:28:50 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecutil.exe
[2010/07/22 22:28:50 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrs.exe
[2010/07/22 22:28:50 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrshost.exe
[2010/07/22 22:28:50 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmprovhost.exe
[2010/07/22 22:28:18 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrscmd.dll
[2010/07/22 22:28:18 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmWmiPl.dll
[2010/07/22 22:28:18 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAuto.dll
[2010/07/22 22:28:17 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManMigrationPlugin.dll
[2010/07/22 22:28:17 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManHTTPConfig.exe
[2010/07/22 22:15:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010/07/21 22:59:52 | 000,000,000 | ---D | C] -- C:\msiinv
[2010/07/21 09:20:31 | 000,000,000 | ---D | C] -- C:\Users\TEST\Documents\SQL Server 2005 Upgrade Advisor Reports
[2010/07/20 00:35:59 | 000,000,000 | ---D | C] -- C:\46b06152c4373afb6bbddcdd1143e0
[2010/07/18 13:15:07 | 000,000,000 | ---D | C] -- C:\Users\TEST\Desktop\HijackThis Logs
[2010/07/18 07:58:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/07/14 16:32:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft F#
[2010/07/14 15:43:23 | 000,000,000 | ---D | C] -- C:\Visual Studio Backup Files
[2010/07/13 23:05:23 | 000,000,000 | ---D | C] -- C:\Users\TEST\Desktop\Silverlight & SQL Server downloads
[2 C:\Users\TEST\AppData\Local\*.tmp files -> C:\Users\TEST\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/12 22:07:31 | 012,582,912 | -HS- | M] () -- C:\Users\TEST\ntuser.dat
[2010/08/12 21:14:34 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\TEST\Desktop\OTL.exe
[2010/08/12 20:51:11 | 000,002,557 | ---- | M] () -- C:\Users\TEST\Desktop\HiJackThis.lnk
[2010/08/12 20:24:18 | 000,085,504 | ---- | M] () -- C:\Users\TEST\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/12 19:50:44 | 000,047,536 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/08/12 19:50:44 | 000,047,536 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/08/12 19:50:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/12 18:49:13 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/12 18:49:04 | 2146,025,472 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/12 00:57:32 | 000,524,288 | -HS- | M] () -- C:\Users\TEST\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000001.regtrans-ms
[2010/08/12 00:57:32 | 000,065,536 | -HS- | M] () -- C:\Users\TEST\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TM.blf
[2010/08/12 00:57:13 | 004,425,555 | -H-- | M] () -- C:\Users\TEST\AppData\Local\IconCache.db
[2010/08/10 12:24:55 | 000,034,993 | ---- | M] () -- C:\Users\TEST\Desktop\Resume 7-2010 Updating File.docx
[2010/08/09 10:31:42 | 000,109,712 | ---- | M] () -- C:\Users\TEST\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/09 08:25:37 | 000,000,968 | ---- | M] () -- C:\Users\TEST\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/08/09 08:18:01 | 000,000,350 | ---- | M] () -- C:\Windows\win.ini
[2010/08/09 07:19:30 | 000,024,226 | ---- | M] () -- C:\Users\TEST\AppData\Roaming\UserTile.png
[2010/08/09 01:49:27 | 000,001,189 | ---- | M] () -- C:\Users\TEST\AppData\Roaming\vso_ts_preview.xml
[2010/08/09 01:07:49 | 000,058,880 | ---- | M] () -- C:\Users\TEST\Documents\bank statement.doc
[2010/08/08 03:16:42 | 000,002,629 | ---- | M] () -- C:\Users\TEST\Desktop\Mobipocket Reader.lnk
[2010/08/07 22:34:14 | 000,000,541 | ---- | M] () -- C:\Users\TEST\Desktop\eBooks - Shortcut.lnk
[2010/08/06 23:11:10 | 000,000,520 | ---- | M] () -- C:\Windows\ODBC.INI
[2010/08/06 23:08:41 | 000,001,901 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/08/04 22:17:34 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/08/04 22:17:20 | 000,001,802 | ---- | M] () -- C:\Users\TEST\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/04 22:17:20 | 000,001,778 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/04 22:09:01 | 000,000,939 | ---- | M] () -- C:\Users\TEST\Application Data\Microsoft\Internet Explorer\Quick Launch\Aptana Studio 2.0.lnk
[2010/08/04 22:09:01 | 000,000,937 | ---- | M] () -- C:\Users\TEST\Desktop\Aptana Studio 2.0.lnk
[2010/08/03 23:01:34 | 000,000,681 | ---- | M] () -- C:\Users\TEST\Desktop\BleepingComputer Folder for 8-10.lnk
[2010/08/03 19:15:37 | 000,000,000 | ---- | M] () -- C:\Users\TEST\defogger_reenable
[2010/08/02 12:18:04 | 000,013,343 | ---- | M] () -- C:\Program Files (x86)\BitDefender Log in a Word Table Format.docx
[2010/08/01 20:15:32 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/08/01 20:15:32 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/08/01 20:15:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/08/01 20:15:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/08/01 15:40:23 | 000,005,295 | ---- | M] () -- C:\Users\TEST\HP_Chat_Session_1_Aug_2010_15_40.html
[2010/07/30 02:20:26 | 001,936,344 | ---- | M] () -- C:\Users\TEST\Documents\essential_job_skills.pdf
[2010/07/30 02:19:59 | 000,398,707 | ---- | M] () -- C:\Users\TEST\Documents\Verification_paper-071709.pdf
[2010/07/29 23:31:39 | 000,010,752 | ---- | M] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010/07/29 03:01:51 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/07/25 03:37:23 | 000,001,265 | ---- | M] () -- C:\Users\TEST\Desktop\Microsoft Visual Studio 2008.lnk
[2010/07/24 01:42:51 | 000,002,208 | ---- | M] () -- C:\Users\TEST\Documents\CD Drive.reg
[2010/07/23 21:02:39 | 000,000,992 | ---- | M] () -- C:\Users\TEST\Desktop\Security Task Manager.lnk
[2010/07/23 21:01:28 | 000,000,168 | ---- | M] () -- C:\Users\TEST\Documents\Neuber Gbr.reg
[2010/07/23 16:01:18 | 000,000,042 | ---- | M] () -- C:\Windows\SysWow64\Jiii_PNUCT.pnc
[2010/07/23 16:00:07 | 000,000,042 | ---- | M] () -- C:\Windows\SysWow64\AK083E209605E394C.lie
[2010/07/23 15:59:49 | 000,000,751 | ---- | M] () -- C:\Users\TEST\Application Data\Microsoft\Internet Explorer\Quick Launch\Perfect Uninstaller.lnk
[2010/07/23 15:59:49 | 000,000,727 | ---- | M] () -- C:\Users\TEST\Desktop\Perfect Uninstaller.lnk
[2010/07/23 10:14:36 | 000,000,000 | -H-- | M] () -- C:\Users\TEST\Documents\Default.rdp
[2010/07/22 18:09:50 | 000,747,520 | ---- | M] () -- C:\ReStore Registry.mdb
[2010/07/20 00:52:14 | 002,199,394 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2 C:\Users\TEST\AppData\Local\*.tmp files -> C:\Users\TEST\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/10 12:24:53 | 000,034,993 | ---- | C] () -- C:\Users\TEST\Desktop\Resume 7-2010 Updating File.docx
[2010/08/10 10:42:24 | 000,536,910 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_ATL80SP1_KB973923MSI29CE.txt
[2010/08/10 10:42:20 | 000,011,668 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_ATL80SP1_KB973923UI29CE.txt
[2010/08/09 07:19:30 | 000,024,226 | ---- | C] () -- C:\Users\TEST\AppData\Roaming\UserTile.png
[2010/08/09 01:07:45 | 000,058,880 | ---- | C] () -- C:\Users\TEST\Documents\bank statement.doc
[2010/08/08 02:52:29 | 000,002,629 | ---- | C] () -- C:\Users\TEST\Desktop\Mobipocket Reader.lnk
[2010/08/07 22:34:14 | 000,000,541 | ---- | C] () -- C:\Users\TEST\Desktop\eBooks - Shortcut.lnk
[2010/08/06 23:08:41 | 000,001,901 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/08/04 22:17:34 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/08/04 22:17:20 | 000,001,802 | ---- | C] () -- C:\Users\TEST\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/04 22:17:20 | 000,001,778 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/04 22:09:01 | 000,000,939 | ---- | C] () -- C:\Users\TEST\Application Data\Microsoft\Internet Explorer\Quick Launch\Aptana Studio 2.0.lnk
[2010/08/04 22:09:01 | 000,000,937 | ---- | C] () -- C:\Users\TEST\Desktop\Aptana Studio 2.0.lnk
[2010/08/03 23:01:34 | 000,000,681 | ---- | C] () -- C:\Users\TEST\Desktop\BleepingComputer Folder for 8-10.lnk
[2010/08/03 19:15:37 | 000,000,000 | ---- | C] () -- C:\Users\TEST\defogger_reenable
[2010/08/03 18:59:21 | 000,647,116 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_NET_Framework35_LangPack_MSI0347.txt
[2010/08/02 12:18:03 | 000,013,343 | ---- | C] () -- C:\Program Files (x86)\BitDefender Log in a Word Table Format.docx
[2010/08/02 04:50:43 | 000,003,266 | ---- | C] () -- C:\Users\TEST\AppData\Local\setup.log
[2010/08/02 04:49:06 | 000,656,148 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_NET_Framework35_LangPack_MSI2A63.txt
[2010/08/01 15:40:33 | 000,005,295 | ---- | C] () -- C:\Users\TEST\HP_Chat_Session_1_Aug_2010_15_40.html
[2010/08/01 13:20:28 | 000,001,265 | ---- | C] () -- C:\Users\TEST\Desktop\Microsoft Visual Studio 2008.lnk
[2010/07/30 02:20:26 | 001,936,344 | ---- | C] () -- C:\Users\TEST\Documents\essential_job_skills.pdf
[2010/07/30 02:19:59 | 000,398,707 | ---- | C] () -- C:\Users\TEST\Documents\Verification_paper-071709.pdf
[2010/07/30 01:21:23 | 000,165,888 | ---- | C] () -- C:\Windows\MSPUNIN.EXE
[2010/07/29 23:25:06 | 000,010,752 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010/07/25 16:28:00 | 000,646,762 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_NET_Framework35_LangPack_MSI503E.txt
[2010/07/25 16:27:38 | 000,000,002 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_dotnetfx35error_lp.txt
[2010/07/25 16:27:37 | 000,307,366 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_dotnetfx35install_lp.txt
[2010/07/25 16:21:58 | 000,860,346 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2010/07/25 16:21:40 | 000,000,002 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_dotnetfx35error.txt
[2010/07/25 16:21:39 | 000,739,530 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_dotnetfx35install.txt
[2010/07/25 02:24:39 | 000,282,192 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_i64RuntimeMSI4AC1.txt
[2010/07/25 02:24:38 | 000,011,146 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_i64RuntimeUI4AC1.txt
[2010/07/25 02:24:23 | 000,384,306 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_x64RuntimeMSI4A8C.txt
[2010/07/25 02:24:22 | 000,011,208 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_x64RuntimeUI4A8C.txt
[2010/07/25 02:23:59 | 000,396,582 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_x86RuntimeMSI4A3E.txt
[2010/07/25 02:23:58 | 000,011,208 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_x86RuntimeUI4A3E.txt
[2010/07/24 01:42:51 | 000,002,208 | ---- | C] () -- C:\Users\TEST\Documents\CD Drive.reg
[2010/07/23 23:03:30 | 000,000,992 | ---- | C] () -- C:\Users\TEST\Desktop\Security Task Manager.lnk
[2010/07/23 21:01:28 | 000,000,168 | ---- | C] () -- C:\Users\TEST\Documents\Neuber Gbr.reg
[2010/07/23 16:01:18 | 000,000,042 | ---- | C] () -- C:\Windows\SysWow64\Jiii_PNUCT.pnc
[2010/07/23 16:00:07 | 000,000,042 | ---- | C] () -- C:\Windows\SysWow64\AK083E209605E394C.lie
[2010/07/23 15:59:49 | 000,000,751 | ---- | C] () -- C:\Users\TEST\Application Data\Microsoft\Internet Explorer\Quick Launch\Perfect Uninstaller.lnk
[2010/07/23 15:59:49 | 000,000,727 | ---- | C] () -- C:\Users\TEST\Desktop\Perfect Uninstaller.lnk
[2010/07/23 10:14:36 | 000,000,000 | -H-- | C] () -- C:\Users\TEST\Documents\Default.rdp
[2010/07/22 22:28:26 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs
[2010/07/22 22:28:26 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml
[2010/07/22 22:28:26 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl
[2010/07/22 18:10:11 | 000,747,520 | ---- | C] () -- C:\ReStore Registry.mdb
[2010/07/21 07:28:36 | 000,282,186 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_i64RuntimeMSI7ADB.txt
[2010/07/21 07:28:35 | 000,011,146 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_i64RuntimeUI7ADB.txt
[2010/07/21 07:28:29 | 000,386,464 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_x64RuntimeMSI7AC7.txt
[2010/07/21 07:28:29 | 000,011,144 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_x64RuntimeUI7AC7.txt
[2010/07/21 07:28:11 | 000,399,826 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_x86RuntimeMSI7A89.txt
[2010/07/21 07:28:10 | 000,011,192 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_x86RuntimeUI7A89.txt
[2010/07/18 07:58:29 | 000,002,557 | ---- | C] () -- C:\Users\TEST\Desktop\HiJackThis.lnk
[2010/07/11 11:03:06 | 000,000,121 | ---- | C] () -- C:\Windows\bdagent.INI
[2010/07/10 13:37:38 | 000,001,007 | ---- | C] () -- C:\Windows\seRapid.INI
[2010/06/20 19:09:53 | 000,034,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\mbamcatchme.sys
[2010/06/20 19:09:53 | 000,015,864 | ---- | C] () -- C:\Windows\SysWow64\drivers\mbam.sys
[2010/06/17 22:36:44 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/11/23 00:55:02 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/11/23 00:51:35 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/11/20 23:51:42 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/11/20 23:51:41 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/11/18 12:05:09 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2009/11/16 13:59:42 | 000,000,520 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/11/13 19:02:04 | 000,000,291 | ---- | C] () -- C:\Windows\SysWow64\XMLConfig_SYSID.ini
[2009/11/13 17:50:01 | 002,199,394 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/02/07 10:05:18 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\hppatusg01.dll
[2006/11/29 03:32:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\px.ini
[2006/09/24 23:02:34 | 000,520,192 | ---- | C] () -- C:\Windows\SysWow64\CddbPlaylist2Roxio.dll
[2006/09/24 23:02:34 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\CddbFileTaggerRoxio.dll
[2004/09/16 16:24:26 | 003,375,104 | ---- | C] () -- C:\Windows\SysWow64\qt-mt331.dll
[2002/10/15 18:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 191 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >


Extras.txt -

OTL Extras logfile created on: 8/12/2010 10:02:21 PM - Run 10
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\TEST\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 48.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 141.49 Gb Total Space | 33.96 Gb Free Space | 24.00% Space Free | Partition Type: NTFS
Drive D: | 7.56 Gb Total Space | 1.04 Gb Free Space | 13.81% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TEST-PC
Current User Name: TEST
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.js [@ = ] -- ""

[HKEY_USERS\S-1-5-21-2952794803-3157024702-141513974-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- "C:\Users\TEST\AppData\Local\Aptana Studio 2.0\AptanaStudio.exe" "%1" ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- File not found


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015A5FC5-202E-4B36-B112-EFB6DB64EF83}" = lport=445 | protocol=6 | dir=in | app=system |
"{035E7449-2E3D-44A6-8985-951CA012B3E9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{202DDA29-EC7C-408F-B970-3084F42587B2}" = lport=9323 | protocol=6 | dir=in | name=ekdiscovery |
"{2342D039-8A88-48AA-84F6-5C7565A7F406}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{2802A5E6-8FB9-4D51-BCAC-18978DD8BAFE}" = rport=139 | protocol=6 | dir=out | app=system |
"{33758832-66C3-4189-98E0-38B20445C281}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{59673DF0-9015-4AFB-AFB3-D166A4B0A918}" = lport=137 | protocol=17 | dir=in | app=system |
"{66DECE45-5CF7-4126-86F6-284231458BCF}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{697B023A-D416-4263-BACD-E00B96955ADD}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{783EAE85-7F49-4925-B99B-9CD1C68F2AFF}" = lport=9324 | protocol=6 | dir=in | name=ekdiscovery |
"{7E2E8D57-223C-4470-9497-2A50B0B61CB4}" = rport=138 | protocol=17 | dir=out | app=system |
"{80FEC881-A22C-4D09-8F16-941288DDEFB4}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{85D1AC31-E9C1-4924-BA97-25804C84B1A0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8F4BDCDF-3D7C-47EC-ADF2-6314528D5226}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{967B5D30-EB06-4B27-BEFC-B5E4A26E3825}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9D3274EC-2E52-4DC8-BE06-37F5D576CA58}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B4AE56BE-650F-4A46-A8DB-C930FE80FB87}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF4B10B1-CC2A-4496-AF68-FD780F9FED34}" = rport=137 | protocol=17 | dir=out | app=system |
"{D7654F47-2362-4BC6-8D3F-6130462DBD9C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DDFC874D-FAC6-4F52-A8AB-C4AEB41ED69A}" = lport=139 | protocol=6 | dir=in | app=system |
"{E065524F-160C-4F61-AABC-CBFBE55A6783}" = rport=445 | protocol=6 | dir=out | app=system |
"{E8185D11-0222-43D0-B718-C82F299D95C9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EEF0FA55-ACCE-4A5D-92B9-044BD05925EE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{F47CB3D7-2E62-415D-859C-EE78B7E33EB2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F60CAF63-8EEE-41F3-A38D-ECD47610C17F}" = lport=49158 | protocol=6 | dir=in | name=akamai netsession interface |
"{FB1DE577-CD66-4D4F-B4FA-6429B95798DE}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FE2CF553-D289-42F4-B3DB-6DD3C08EE56C}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AD0C639-BE91-4BF5-A762-DF10B377340E}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero 9\nero drivespeed\drivespeed.exe |
"{0E711C9C-5540-45EA-90A3-34C9FB448598}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{0F0B26CB-9782-4D86-82B1-A06815E43C35}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{124449C4-8334-48E6-9357-B4021BA2FBB0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft works\msworks.exe |
"{12C08949-94BF-4A9F-859E-47B677A27E61}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{1A817AF0-E8CD-4EFD-86AA-9B0038D3F628}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{1D441F40-50C0-48BE-8698-CCE83396B803}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{27C5B757-54AB-4EA3-AA90-ED7B6C3DC42B}" = protocol=6 | dir=in | app=c:\program files (x86)\malwarebytes' anti-malware\mbam.exe |
"{28B06EA7-7749-411D-8144-C4F6DF7CC694}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{2D3BE97C-3E5B-44D9-AAC2-28758A9A8E74}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2DC881E2-760E-4CE7-B9D4-F47D152B921B}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{38895B52-4BC0-4F14-807E-4BB3AE5B13E1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3937B700-C6CB-40A2-BACE-EE47AC158B26}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{39FED78C-1E83-45B2-8448-C6FF83CB4F16}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{412FEE1E-3694-44D8-AB21-32BEF23D623A}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{41E5069A-F941-46EB-891E-30A4B6000A19}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{421A34BC-F872-4FC8-B901-253E10167943}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{43FFCFFA-CE63-4EF3-AE92-FD16F5252AA5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft works\msworks.exe |
"{4E346BAD-1D24-4F7E-8A85-E90D1804F466}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\nero\nero backitup 4\nbsftp.exe |
"{50AE689E-741B-4FB0-BED5-5FD967AC7697}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{564FAAE9-CF94-451E-9F97-96481E30EECA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{5931BF0D-F427-4D3E-823A-FEC92CC989ED}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{5EC62D8E-54AD-4E5F-83F9-3EBA8E1C140E}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero 9\nero drivespeed\drivespeed.exe |
"{69455849-806C-4341-9C1F-F9C16B2A98F0}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\nero\nero backitup 4\nbsftp.exe |
"{69D70E6D-FDD9-4C94-A91B-4596FCECD62D}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{6B15F02D-D1F6-4EF9-A7BB-C19A4E38A716}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6F209376-FA7B-43EE-B9F8-8F12BE72885B}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{863E9A56-4CB2-4EE9-8CDF-3FC8E5118903}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{90D1B94B-B150-4711-811B-CFDC7008982C}" = protocol=17 | dir=in | app=c:\program files (x86)\malwarebytes' anti-malware\mbam.exe |
"{928BFFFA-EEF8-4A5D-A6F3-A92D079FBF22}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{9982A180-78B0-4C36-B0C5-F328EB1BE3C2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{AC4E148B-2A33-42A9-B1C4-58EC18A91370}" = protocol=6 | dir=in | app=c:\program files (x86)\hp\quickplay\qp.exe |
"{B2874441-A656-488F-A136-D98F42F2F2EC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{B5DD9ACB-B569-4F9B-A954-BBB8F33956A7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C0EE1240-A3D9-47A3-9680-6B5E4E1DE9BC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C5ACE26F-30A7-413D-B81F-7D6B73B4A696}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{D071420D-9746-4357-950D-327145EF6DF2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E7AF0B25-1AA8-4480-AA8F-97AFDF7429EF}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{E7BAC804-D923-489B-9A70-6FFE88EEAFA2}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{EB074E7D-EA79-4F39-81D6-50BEC459CE16}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{ECFB8F6E-1838-4B67-9707-379E6329E693}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F1290F01-5D26-4660-9772-B2927EF6D4AC}" = protocol=17 | dir=in | app=c:\program files (x86)\hp\quickplay\qp.exe |
"{FEAC813B-4737-4929-AB38-2E48038BC5FC}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"TCP Query User{C9D2DF8C-E465-4722-BCF1-62672B18493F}C:\program files (x86)\microsoft visual studio 9.0\common7\ide\devenv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 9.0\common7\ide\devenv.exe |
"TCP Query User{FC851A74-F116-4CA8-A7E0-5E5866CBC31B}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{2D7DB57E-3BAD-4E44-92DD-F5A595234B47}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{4303DF42-C346-47B1-A8C7-4C26D45772F5}C:\program files (x86)\microsoft visual studio 9.0\common7\ide\devenv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft visual studio 9.0\common7\ide\devenv.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{01C5A10F-AD9B-405B-853A-6659841A1242}" = Microsoft SQL Server 2008 Policies
"{02F33FB0-F7D5-4C0A-B4AD-8CE5CE230BBE}" = HP Wireless Assistant
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{082BDF7B-4810-4599-BF0D-E3AC44EC8524}" = Microsoft ASP.NET 2.0 AJAX Extensions 1.0
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}" = Visual C++ 2008 x64 Runtime - (v9.0.30729)
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01" = Visual C++ 2008 x64 Runtime - v9.0.30729.01
"{0E837AF0-4C92-4077-83F0-D022073F17C0}" = Microsoft Expression Blend 3 SDK
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{21E62565-8639-457C-B64C-A3FF0A8B4D80}" = HP Active Support Library
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22E23C71-C27A-3F30-8849-BB6129E50679}" = Visual C++ 2008 IA64 Runtime - (v9.0.30729)
"{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01" = Visual C++ 2008 IA64 Runtime - v9.0.30729.01
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{27B6D024-FD7E-4A88-BC17-5AFBE33EC072}" = Microsoft F# Runtime for Silvelight 4
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{44F7BA74-C11A-49FC-B2FC-1B827C491F74}" = Microsoft Expression Studio 3
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.0
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{558358E5-E4F3-4374-BA1D-26FF39EF87D9}" = Microsoft Silverlight 4 Tools for Visual Studio 2010
"{59209BBF-6241-4188-85AF-22A0ABA50A5B}" = Microsoft ASP.NET AJAX Extensions Source Code
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5BDFAB82-060E-438B-AB4F-A2331B2294C0}" = Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools
"{5CA81D12-9EC2-4082-972B-43ECA63F41F2}" = HP Pavilion Webcam Driver for Vista v061.001.00005
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{64CDE8F2-3791-46F5-BAD2-72FFF5252FAB}" = Microsoft SQL Server Compact 3.5 SP1 Query Tools English
"{65BCF909-6AF7-4B01-8EB3-713CE2873DC8}" = Microsoft Expression Web 3
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{752E90AC-3F11-4EA3-88EA-96441047EC31}" = Microsoft Expression Web 3 SP1
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7B33F480-496D-334A-BAC2-205DEC0CBC2D}" = Visual C++ 2008 x86 Runtime - (v9.0.30729.4148)
"{7B33F480-496D-334A-BAC2-205DEC0CBC2D}.vc_x86runtime_30729_4148" = Visual C++ 2008 x86 Runtime - v9.0.30729.4148
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{801B0DA3-A3FF-46CC-B97F-D76D510AF5AE}" = Microsoft Silverlight 4 SDK
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85076DFF-7A17-3566-9CC0-488E6E6D4494}" = Microsoft Visual Web Developer 2010 Express - ENU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E67940F-CFDB-4B01-A83A-4D75923FAFC1}" = Microsoft Silverlight 3 Tools for Visual Studio 2008 SP1 - ENU
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{8FFC6175-D2C5-4FA7-91E8-E2A9431A5CDA}" = WCF RIA Services V1.0 for Visual Studio 2010
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{99C5770C-1C90-42E7-9B74-D47CFAF14621}" = muvee autoProducer 5.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3
"{9C77E1EC-086A-405E-8253-F96CAEE6396F}" = Windows Cache Extension 1.1 for PHP 5.2 (Beta)
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A4394612-D02F-11DC-9BFF-D18556D89593}" = Microsoft ASP.NET MVC 1.0
"{A4FA40F1-B88C-4BDF-B291-ED34982CB48F}" = Microsoft Expression Blend 3
"{A73D6EC1-6FE9-4AA0-9AF5-6FB162E14431}" = PHP 5.2.13
"{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{B0F97FBF-9F98-4522-B65D-8980FE38C726}" = HP User Guide 0042
"{B158F76F-76AB-4115-A4F0-4C6EF6956093}_is1" = VirtualDubMOD 1.5.10.3 US
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DA20D1D5-34A7-4CC6-A7B7-74C69864A357}" = Sandcastle
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.10.324
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK
"{E9980014-BE11-4891-A5F4-0F2917B856BC}" = Microsoft Expression Design 3
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5A759ED-CB84-4045-9B8B-B76163E749F8}" = Telerik RadControls for ASP.NET AJAX Q3 2009 SP1
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F73340A9-8AA9-49C4-937E-E271B837056C}" = Microsoft Expression Encoder 3
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Flex Builder 3" = Adobe Flex Builder 3
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional
"Advanced Find and Replace 4_is1" = Advanced Find and Replace v4.2
"Aptana Studio 2.0" = Aptana Studio 2.0
"Blend_3.0.1927.0" = Microsoft Expression Blend 3
"Design_6.0.1739.0" = Microsoft Expression Design 3
"Encoder_3.0.1332.0" = Microsoft Expression Encoder 3
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ExpressionStudio_3.0.1061.0" = Microsoft Expression Studio 3
"Fiddler2" = Fiddler2
"Foxit PDF Editor" = Foxit PDF Editor
"ImTOO Audio Maker" = ImTOO Audio Maker
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"Microsoft Visual Web Developer 2010 Express - ENU" = Microsoft Visual Web Developer 2010 Express - ENU
"mIRC" = mIRC
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Security Task Manager" = Security Task Manager 1.7g
"SubtitleWorkshop" = Subtitle Workshop 2.51
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VobSub" = VobSub v2.23 (Remove Only)
"Web_3.0.3813.0" = Microsoft Expression Web 3
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.2 final uninstall
"yvltobnqee" = Tagging System Cashtitan

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/12/2010 7:50:19 PM | Computer Name = TEST-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/12/2010 7:50:19 PM | Computer Name = TEST-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2172080

Error - 8/12/2010 7:50:19 PM | Computer Name = TEST-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2172080

Error - 8/12/2010 7:50:20 PM | Computer Name = TEST-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/12/2010 7:50:20 PM | Computer Name = TEST-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2173188

Error - 8/12/2010 7:50:20 PM | Computer Name = TEST-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2173188

Error - 8/12/2010 7:50:21 PM | Computer Name = TEST-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/12/2010 7:50:21 PM | Computer Name = TEST-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2174186

Error - 8/12/2010 7:50:21 PM | Computer Name = TEST-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2174186

Error - 8/12/2010 7:50:56 PM | Computer Name = TEST-PC | Source = System Restore | ID = 8193
Description =

[ Media Center Events ]
Error - 7/21/2010 4:09:36 PM | Computer Name = TEST-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ OSession Events ]
Error - 12/9/2009 2:26:13 PM | Computer Name = TEST-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8269
seconds with 1320 seconds of active time. This session ended with a crash.

Error - 12/11/2009 1:45:01 PM | Computer Name = TEST-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 99
seconds with 60 seconds of active time. This session ended with a crash.

Error - 12/11/2009 2:13:00 PM | Computer Name = TEST-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1637
seconds with 60 seconds of active time. This session ended with a crash.

Error - 12/15/2009 2:16:41 PM | Computer Name = TEST-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1315
seconds with 180 seconds of active time. This session ended with a crash.

Error - 12/16/2009 1:00:57 PM | Computer Name = TEST-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10236
seconds with 240 seconds of active time. This session ended with a crash.

Error - 12/17/2009 11:36:49 AM | Computer Name = TEST-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 55
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/17/2009 11:37:52 AM | Computer Name = TEST-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/17/2009 2:36:05 PM | Computer Name = TEST-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10084
seconds with 600 seconds of active time. This session ended with a crash.

Error - 12/24/2009 5:55:33 PM | Computer Name = TEST-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1005
seconds with 60 seconds of active time. This session ended with a crash.

Error - 6/7/2010 10:16:10 AM | Computer Name = TEST-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 98
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/11/2010 7:31:32 PM | Computer Name = TEST-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 8/11/2010 7:31:32 PM | Computer Name = TEST-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 8/11/2010 7:34:58 PM | Computer Name = TEST-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 8/11/2010 7:59:04 PM | Computer Name = TEST-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 8/12/2010 6:49:34 PM | Computer Name = TEST-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 8/12/2010 6:49:34 PM | Computer Name = TEST-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 8/12/2010 6:50:56 PM | Computer Name = TEST-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 8/12/2010 6:50:56 PM | Computer Name = TEST-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 8/12/2010 6:50:56 PM | Computer Name = TEST-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 8/12/2010 6:53:58 PM | Computer Name = TEST-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =


< End of report >


/******** Gmer ********/

I have noticed on various different outputs of malware logs that the some files (according to this scan, many files) of the source code examples for two eBooks that I have seem to have some corruption. If needed, I can remove these, but if a virus somehow got attached to these, I am sure that they spread and removing the files will not be an ultimate fix for anything. I am certain that you will see this, I just wanted to tell you what it is that is in those folders. It is Visual Studio Silverlight 3 and C# source code. That's all. The scan is still running, but I imagine it will be done soon. Thank you:

Gmer logfile:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-12 23:30:53
Windows 6.0.6002 Service Pack 2
Running: v7eksvlq.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001641dbc9a6
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001641dbc9a6 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001641dbc9a6 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001641dbc9a6 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\001641dbc9a6 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001641dbc9a6 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\001641dbc9a6 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\001641dbc9a6 (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\Silverlight\Books\Source Code for Silverlight Books\Foundation Silverlight 3 Animation\FdnSilverlight3Animation\Chapter_03\DoubleFromToWithCodeCompleted\DoubleFromToWithCodeCompleted.Web\bin\zh-Hans\System.Web.Silverlight.resources.dll 318352 bytes executable
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\Silverlight\Books\Source Code for Silverlight Books\Foundation Silverlight 3 Animation\FdnSilverlight3Animation\Chapter_03\DoubleFromToWithCodeCompleted\DoubleFromToWithCodeCompleted.Web\bin\zh-Hant\System.Web.Silverlight.resources.dll 322448 bytes executable
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\Silverlight\Books\Source Code for Silverlight Books\Foundation Silverlight 3 Animation\FdnSilverlight3Animation\Chapter_03\DoubleFromToWithCodeCompleted\DoubleFromToWithCodeCompleted.Web\Properties\AssemblyInfo.cs 1437 bytes
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\Silverlight\Books\Source Code for Silverlight Books\Foundation Silverlight 3 Animation\FdnSilverlight3Animation\Chapter_03\DoubleUsingKeyframesCompleted\DoubleUsingKeyframesCompleted.Web\bin\zh-Hans\System.Web.Silverlight.resources.dll 318352 bytes executable
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\Silverlight\Books\Source Code for Silverlight Books\Foundation Silverlight 3 Animation\FdnSilverlight3Animation\Chapter_03\DoubleUsingKeyframesCompleted\DoubleUsingKeyframesCompleted.Web\bin\zh-Hant\System.Web.Silverlight.resources.dll 322448 bytes executable
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\Silverlight\Books\Source Code for Silverlight Books\Foundation Silverlight 3 Animation\FdnSilverlight3Animation\Chapter_03\DoubleUsingKeyframesCompleted\DoubleUsingKeyframesCompleted.Web\Properties\AssemblyInfo.cs 1437 bytes
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\Silverlight\Books\Source Code for Silverlight Books\Foundation Silverlight 3 Animation\FdnSilverlight3Animation\Chapter_03\GeneratingAnimationsCompleted\GeneratingAnimationsCompleted.Web\bin\zh-Hans\System.Web.Silverlight.resources.dll 318352 bytes executable
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\Silverlight\Books\Source Code for Silverlight Books\Foundation Silverlight 3 Animation\FdnSilverlight3Animation\Chapter_03\GeneratingAnimationsCompleted\GeneratingAnimationsCompleted.Web\bin\zh-Hant\System.Web.Silverlight.resources.dll 322448 bytes executable
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\Silverlight\Books\Source Code for Silverlight Books\Foundation Silverlight 3 Animation\FdnSilverlight3Animation\Chapter_03\GeneratingAnimationsCompleted\GeneratingAnimationsCompleted.Web\Properties\AssemblyInfo.cs 1437 bytes
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\Silverlight\Books\Source Code for Silverlight Books\Foundation Silverlight 3 Animation\FdnSilverlight3Animation\Chapter_05\oneDimensionalVectorCompleted\oneDimensionalVectorCompleted.Web\bin\zh-Hans\System.Web.Silverlight.resources.dll 318352 bytes executable
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\Silverlight\Books\Source Code for Silverlight Books\Foundation Silverlight 3 Animation\FdnSilverlight3Animation\Chapter_05\oneDimensionalVectorCompleted\oneDimensionalVectorCompleted.Web\bin\zh-Hant\System.Web.Silverlight.resources.dll 322448 bytes executable
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\Silverlight\Books\Source Code for Silverlight Books\Foundation Silverlight 3 Animation\FdnSilverlight3Animation\Chapter_05\oneDimensionalVectorCompleted\oneDimensionalVectorCompleted.Web\Properties\AssemblyInfo.cs 1437 bytes
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\Silverlight\Books\Source Code for Silverlight Books\Foundation Silverlight 3 Animation\FdnSilverlight3Animation\Chapter_05\twoDimensionalVectorCompleted\twoDimensionalVectorCompleted.Web\bin\zh-Hans\System.Web.Silverlight.resources.dll 318352 bytes executable
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\Silverlight\Books\Source Code for Silverlight Books\Foundation Silverlight 3 Animation\FdnSilverlight3Animation\Chapter_05\twoDimensionalVectorCompleted\twoDimensionalVectorCompleted.Web\bin\zh-Hant\System.Web.Silverlight.resources.dll 322448 bytes executable
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\Silverlight\Books\Source Code for Silverlight Books\Foundation Silverlight 3 Animation\FdnSilverlight3Animation\Chapter_05\twoDimensionalVectorCompleted\twoDimensionalVectorCompleted.Web\Properties\AssemblyInfo.cs 1437 bytes
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\Silverlight\Books\Source Code for Silverlight Books\Foundation Silverlight 3 Animation\FdnSilverlight3Animation\Chapter_06\DegreeRadianRotationCompleted\DegreeRadianRotationCompleted.Web\bin\zh-Hans\System.Web.Silverlight.resources.dll 318352 bytes executable
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\Silverlight\Books\Source Code for Silverlight Books\Foundation Silverlight 3 Animation\FdnSilverlight3Animation\Chapter_06\DegreeRadianRotationCompleted\DegreeRadianRotationCompleted.Web\bin\zh-Hant\System.Web.Silverlight.resources.dll 322448 bytes executable
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\Silverlight\Books\Source Code for Silverlight Books\Foundation Silverlight 3 Animation\FdnSilverlight3Animation\Chapter_06\DegreeRadianRotationCompleted\DegreeRadianRotationCompleted.Web\Properties\AssemblyInfo.cs 1437 bytes
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\Silverlight\Books\Source Code for Silverlight Books\Foundation Silverlight 3 Animation\FdnSilverlight3Animation\Chapter_08\AngledSurfaceCollisionCompleted\AngledSurfaceCollisionCompleted\Properties\AppManifest.xml 702 bytes
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\Silverlight\Books\Source Code for Silverlight Books\Foundation Silverlight 3 Animation\FdnSilverlight3Animation\Chapter_08\AngledSurfaceCollisionCompleted\AngledSurfaceCollisionCompleted\Properties\AssemblyInfo.cs 1433 bytes
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\Silverlight\Books\Source Code for Silverlight Books\Foundation Silverlight 3 Animation\FdnSilverlight3Animation\Chapter_08\AngledSurfaceCollisionCompleted\AngledSurfaceCollisionCompleted.Web\bin\de\System.Web.Silverlight.resources.dll 322440 bytes executable
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\Silverlight\Books\Source Code for Silverlight Books\Foundation Silverlight 3 Animation\FdnSilverlight3Animation\Chapter_08\AngledSurfaceCollisionCompleted\AngledSurfaceCollisionCompleted.Web\bin\es\System.Web.Silverlight.resources.dll 322448 bytes executable
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\Silverlight\Books\Source Code for Silverlight Books\Foundation Silverlight 3 Animation\FdnSilverlight3Animation\Chapter_08\AngledSurfaceCollisionCompleted\AngledSurfaceCollisionCompleted.Web\bin\fr\System.Web.Silverlight.resources.dll 322448 bytes executable
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\Silverlight\Books\Source Code for Silverlight Books\Foundation Silverlight 3 Animation\FdnSilverlight3Animation\Chapter_08\AngledSurfaceCollisionCompleted\AngledSurfaceCollisionCompleted.Web\bin\it\System.Web.Silverlight.resources.dll 322440 bytes executable
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\Silverlight\Books\Source Code for Silverlight Books\Foundation Silverlight 3 Animation\FdnSilverlight3Animation\Chapter_08\AngledSurfaceCollisionCompleted\AngledSurfaceCollisionCompleted.Web\bin\ja\System.Web.Silverlight.resources.dll 322448 bytes executable
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\Silverlight\Books\Source Code for Silverlight Books\Foundation Silverlight 3 Animation\FdnSilverlight3Animation\Chapter_08\AngledSurfaceCollisionCompleted\AngledSurfaceCollisionCompleted.Web\bin\ko\System.Web.Silverlight.resources.dll 322440 bytes executable
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\Silverlight\Books\Source Code for Silverlight Books\Foundation Silverlight 3 Animation\FdnSilverlight3Animation\Chapter_08\AngledSurfaceCollisionCompleted\AngledSurfaceCollisionCompleted.Web\bin\zh-Hans\System.Web.Silverlight.resources.dll 318352 bytes executable
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\Silverlight\Books\Source Code for Silverlight Books\Foundation Silverlight 3 Animation\FdnSilverlight3Animation\Chapter_08\AngledSurfaceCollisionCompleted\AngledSurfaceCollisionCompleted.Web\bin\zh-Hant\System.Web.Silverlight.resources.dll 322448 bytes executable
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\Silverlight\Books\Source Code for Silverlight Books\Foundation Silverlight 3 Animation\FdnSilverlight3Animation\Chapter_08\AngledSurfaceCollisionCompleted\AngledSurfaceCollisionCompleted.Web\ClientBin\AngledSurfaceCollisionCompleted.xap 6159 bytes
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\Silverlight\Books\Source Code for Silverlight Books\Foundation Silverlight 3 Animation\FdnSilverlight3Animation\Chapter_08\AngledSurfaceCollisionCompleted\AngledSurfaceCollisionCompleted.Web\obj\Debug\AngledSurfaceCollisionCompleted.Web.csproj.FileListAbsolute.txt 5164 bytes
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\Silverlight\Books\Source Code for Silverlight Books\Foundation Silverlight 3 Animation\FdnSilverlight3Animation\Chapter_08\AngledSurfaceCollisionCompleted\AngledSurfaceCollisionCompleted.Web\obj\Debug\AngledSurfaceCollisionCompleted.Web.dll 4096 bytes executable
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\Silverlight\Books\Source Code for Silverlight Books\Foundation Silverlight 3 Animation\FdnSilverlight3Animation\Chapter_08\AngledSurfaceCollisionCompleted\AngledSurfaceCollisionCompleted.Web\obj\Debug\AngledSurfaceCollisionCompleted.Web.pdb 13824 bytes
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\Silverlight\Books\Source Code for Silverlight Books\Foundation Silverlight 3 Animation\FdnSilverlight3Animation\Chapter_08\AngledSurfaceCollisionCompleted\AngledSurfaceCollisionCompleted.Web\obj\Debug\ResolveAssemblyReference.cache 7987 bytes
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\Silverlight\Books\Source Code for Silverlight Books\Foundation Silverlight 3 Animation\FdnSilverlight3Animation\Chapter_08\AngledSurfaceCollisionCompleted\AngledSurfaceCollisionCompleted.Web\obj\Debug\TempPE 0 bytes
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\Silverlight\Books\Source Code for Silverlight Books\Foundation Silverlight 3 Animation\FdnSilverlight3Animation\Chapter_08\AngledSurfaceCollisionCompleted\AngledSurfaceCollisionCompleted.Web\Properties\AssemblyInfo.cs 1441 bytes
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\Silverlight\Books\Source Code for Silverlight Books\Foundation Silverlight 3 Animation\FdnSilverlight3Animation\Chapter_08\FindElementsInHostCoordinates\FindElementsInHostCoordinates.Web\bin\zh-Hans\System.Web.Silverlight.resources.dll 318352 bytes executable
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\Silverlight\Books\Source Code for Silverlight Books\Foundation Silverlight 3 Animation\FdnSilverlight3Animation\Chapter_08\FindElementsInHostCoordinates\FindElementsInHostCoordinates.Web\bin\zh-Hant\System.Web.Silverlight.resources.dll 322448 bytes executable
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\Silverlight\Books\Source Code for Silverlight Books\Foundation Silverlight 3 Animation\FdnSilverlight3Animation\Chapter_08\FindElementsInHostCoordinates\FindElementsInHostCoordinates.Web\Properties\AssemblyInfo.cs 1437 bytes
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\ASP.NET 4.0, C# 4, Silverlight 4,\Pro C# 2010 and the.NET 4 Platform, Fifth Edition Source Code\Chapter 25\MagicEightBallServiceHTTPDefaultBindings\MagicEightBallServiceClient\Service References\ServiceReference\configuration.svcinfo 4289 bytes
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\ASP.NET 4.0, C# 4, Silverlight 4,\Pro C# 2010 and the.NET 4 Platform, Fifth Edition Source Code\Chapter 25\MagicEightBallServiceHTTPDefaultBindings\MagicEightBallServiceClient\Service References\ServiceReference\configuration91.svcinfo 40394 bytes
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\ASP.NET 4.0, C# 4, Silverlight 4,\Pro C# 2010 and the.NET 4 Platform, Fifth Edition Source Code\Chapter 25\MagicEightBallServiceHTTPDefaultBindings\MagicEightBallServiceClient\Service References\ServiceReference\MagicEightBallService.disco 379 bytes
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\ASP.NET 4.0, C# 4, Silverlight 4,\Pro C# 2010 and the.NET 4 Platform, Fifth Edition Source Code\Chapter 25\MagicEightBallServiceHTTPDefaultBindings\MagicEightBallServiceClient\Service References\ServiceReference\MagicEightBallService.wsdl 2156 bytes
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\ASP.NET 4.0, C# 4, Silverlight 4,\Pro C# 2010 and the.NET 4 Platform, Fifth Edition Source Code\Chapter 25\MagicEightBallServiceHTTPDefaultBindings\MagicEightBallServiceClient\Service References\ServiceReference\MagicEightBallService.xsd 2488 bytes
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\ASP.NET 4.0, C# 4, Silverlight 4,\Pro C# 2010 and the.NET 4 Platform, Fifth Edition Source Code\Chapter 25\MagicEightBallServiceHTTPDefaultBindings\MagicEightBallServiceClient\Service References\ServiceReference\MagicEightBallService1.wsdl 4140 bytes
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\ASP.NET 4.0, C# 4, Silverlight 4,\Pro C# 2010 and the.NET 4 Platform, Fifth Edition Source Code\Chapter 25\MagicEightBallServiceHTTPDefaultBindings\MagicEightBallServiceClient\Service References\ServiceReference\MagicEightBallService1.xsd 720 bytes
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\ASP.NET 4.0, C# 4, Silverlight 4,\Pro C# 2010 and the.NET 4 Platform, Fifth Edition Source Code\Chapter 25\MagicEightBallServiceHTTPDefaultBindings\MagicEightBallServiceClient\Service References\ServiceReference\Reference.cs 2547 bytes
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\ASP.NET 4.0, C# 4, Silverlight 4,\Pro C# 2010 and the.NET 4 Platform, Fifth Edition Source Code\Chapter 25\MagicEightBallServiceHTTPDefaultBindings\MagicEightBallServiceClient\Service References\ServiceReference\Reference.svcmap 2376 bytes
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\ASP.NET 4.0, C# 4, Silverlight 4,\Pro C# 2010 and the.NET 4 Platform, Fifth Edition Source Code\Chapter 25\MagicEightBallServiceHTTPDefaultBindings\MagicEightBallServiceHost\MagicEightBallServiceHost\App.config 943 bytes
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\ASP.NET 4.0, C# 4, Silverlight 4,\Pro C# 2010 and the.NET 4 Platform, Fifth Edition Source Code\Chapter 25\MagicEightBallServiceHTTPDefaultBindings\MagicEightBallServiceHost\MagicEightBallServiceHost\MagicEightBallServiceHost.csproj 4949 bytes
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\ASP.NET 4.0, C# 4, Silverlight 4,\Pro C# 2010 and the.NET 4 Platform, Fifth Edition Source Code\Chapter 25\MagicEightBallServiceHTTPDefaultBindings\MagicEightBallServiceHost\MagicEightBallServiceHost\MagicEightBallServiceHost.csproj.user 452 bytes
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\ASP.NET 4.0, C# 4, Silverlight 4,\Pro C# 2010 and the.NET 4 Platform, Fifth Edition Source Code\Chapter 25\MagicEightBallServiceHTTPDefaultBindings\MagicEightBallServiceHost\MagicEightBallServiceHost\Program.cs 1432 bytes
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\ASP.NET 4.0, C# 4, Silverlight 4,\Pro C# 2010 and the.NET 4 Platform, Fifth Edition Source Code\Chapter 25\MagicEightBallServiceHTTPDefaultBindings\MagicEightBallServiceHost\MagicEightBallServiceHost\Properties 0 bytes
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\ASP.NET 4.0, C# 4, Silverlight 4,\Pro C# 2010 and the.NET 4 Platform, Fifth Edition Source Code\Chapter 25\MagicEightBallServiceHTTPDefaultBindings\MagicEightBallServiceHost\MagicEightBallServiceHost\Properties\AssemblyInfo.cs 1462 bytes
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\ASP.NET 4.0, C# 4, Silverlight 4,\Pro C# 2010 and the.NET 4 Platform, Fifth Edition Source Code\Chapter 25\MagicEightBallServiceHTTPDefaultBindings\MagicEightBallServiceLib\MagicEightBallServiceLib\IEightBall.cs 388 bytes
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\ASP.NET 4.0, C# 4, Silverlight 4,\Pro C# 2010 and the.NET 4 Platform, Fifth Edition Source Code\Chapter 25\MagicEightBallServiceHTTPDefaultBindings\MagicEightBallServiceLib\MagicEightBallServiceLib\MagicEightBallService.cs 679 bytes
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\ASP.NET 4.0, C# 4, Silverlight 4,\Pro C# 2010 and the.NET 4 Platform, Fifth Edition Source Code\Chapter 25\MagicEightBallServiceHTTPDefaultBindings\MagicEightBallServiceLib\MagicEightBallServiceLib\MagicEightBallServiceLib.csproj 4637 bytes
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\ASP.NET 4.0, C# 4, Silverlight 4,\Pro C# 2010 and the.NET 4 Platform, Fifth Edition Source Code\Chapter 25\MagicEightBallServiceHTTPDefaultBindings\MagicEightBallServiceLib\MagicEightBallServiceLib\MagicEightBallServiceLib.csproj.user 497 bytes
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\ASP.NET 4.0, C# 4, Silverlight 4,\Pro C# 2010 and the.NET 4 Platform, Fifth Edition Source Code\Chapter 25\MagicEightBallServiceHTTPDefaultBindings\MagicEightBallServiceLib\MagicEightBallServiceLib\Properties 0 bytes
File C:\Users\TEST\Desktop\Programming\eBooks That I'm Studying\ASP.NET 4.0, C# 4, Silverlight 4,\Pro C# 2010 and the.NET 4 Platform, Fifth Edition Source Code\Chapter 25\MagicEightBallServiceHTTPDefaultBindings\MagicEightBallServiceLib\MagicEightBallServiceLib\Properties\AssemblyInfo.cs 1460 bytes

---- EOF - GMER 1.0.15 ----

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:40 PM

Posted 13 August 2010 - 02:19 AM

Hello, well done. smile.gif

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 wrikgee

wrikgee
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Marblehead, Massachusetts
  • Local time:09:40 AM

Posted 13 August 2010 - 08:06 PM

I have Spybot and MBAM installed, but they are not running in the background, I run them manually. They also are not running in any processes that I am aware of. So I did not have to do anything to them. However I did have to disable BitDefender (which did come back as red, I forgot that I had shut it off per your request…I apologize for that), and Windows Defender. Finally, I disabled Windows Firewall.

With those disabled, I personally created a restore point before I proceeded. Then I ran the Combofix.exe. However, before I went any further, a 'Win 32 error came up. It said that this program only works for workstations with XP or 2000. As I have stated, I am running Vista Ultimate (64 bit). Perhaps I did something wrong, but I do not believe that I did. I could have looked on the web for program similar to Combofix that are 64 bit compatible, but I think that it is better for you to lead me in the proper direction. So can you please tell me what to do next. Thank you:

-wrikgee


#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:40 PM

Posted 14 August 2010 - 04:37 AM

Sorry, my bad. Usually GMER doesn't run on 64 bit systems, so when I saw your GMER log, I didn't look any further at your windows version.

First and for all, I would attempt to uninstall/reinstall BitDefender. I see a few malware leftovers in your log and often security programs get corrupted by malware.

OTL FIX
------------
We need to run an OTL Fix
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"
    CODE
    :otl
    IE - HKU\S-1-5-21-2952794803-3157024702-141513974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
    IE - HKU\S-1-5-21-2952794803-3157024702-141513974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

    :commands
    [emptytemp]
  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 wrikgee

wrikgee
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Marblehead, Massachusetts
  • Local time:09:40 AM

Posted 15 August 2010 - 07:48 AM

I am going to do this probably do this in the afternoon today. It is almost 9AM, so I will work on it before 6PM. I am a free-lance consultor, and I have a big interview tomorrow for a full-time client because I am sick of going from one company to the next.

Anyway, my point is that I have to review and study all day. I cannot afford to lose this computer to a virus (do a complete format / reinstall the OS), so all of your help is appreciate. Have a great day and I will do this and write ASAP.

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:40 PM

Posted 15 August 2010 - 08:19 AM

Don't worry, we should be able to get everything clean and running again. smile.gif

Good luck with your interview!


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 wrikgee

wrikgee
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Marblehead, Massachusetts
  • Local time:09:40 AM

Posted 15 August 2010 - 04:10 PM

Log Up to Running 'OTL' script:

Okay, thank you for the apology, we all make mistakes. If we didn't we wouldn't be a human, we would be a computer (or a gameshow host -Heathers). I tried to tell you multiple times that I was running a 64 but OS, but that was in the first document that I wrote to you, and I am sure that you get many, many people that you talk to and you are so used to them having 32-bit operating systems, that you don't think twice about telling them what to use. I am not trying to insult you, I am trying to tell you that your
workload is probably always the same or close to the same and you are used to doing things a certain. Then someone (like me) comes along and thorws a monkey wrench into your routine and screws everything up. You know, it is good that we caught this now, because the last time I did this, this person who was helping me (who was very good BTW and got the virus out of my system, but I am not sure that we got everything out). The reason I say that is because I noticed those errors in BitDefender and they were in the logs he saw, but he paid no attention to them, so I figured that they must be okay. Sometimes, however, if you run a 32-bit log, it is not used to some of the files in the 64-bit
system and it says that these files are not correct, so I don't know. You are the professional. All that I ask is if you can please have me use products that understand a 64
bit, then I would really appreciate it (and if I get this job, which I looked at the grammar in that two paragraph note and it was atrocious), I will most dertainly send a
donation. Right now, I am lucky to have what I have and am over-qualified for what I do (not to sould cocky, but I really am for this particular job, and I would admit if I was
under-qualified for a certain job).

Anyway, I apologize for going off into obscurity, on with the show. I uninstalled BitDefender. I downloaded NOD32 trial (the 64 bit version) because I got it for my
parents (using the 32 bit version, and not SmartSecurity. I merely got them the AV version), but they don't have fast machines and I do, and NOD32 is great. It doesn't kill
your memory, like certain AV oftware that we all know of and it has an extremely simple UI. I got the Smart security, I hope it works well. If it works well, I am going to get
it. When it was complete, it told me of 61 window updates that I had to download. At that time, of course, I remember that I forgot to turn back on the Windows Update
reminder. I do not remember why I did it, but my last installed update was on the 10th, so it wasn't too long ago. I usually out it to tell me there are new update, but not do
anything so I can look at them and look at other people that have used them to see if there are any issues. In all reality there was something like 23 important updates that I
needed to do, the others were not important. they were like language pack for languages that I don't need. So I am in the middle of downloading and installing the important
ones as I write this.

Before doing the Windows Updates, I created a system restore. Even though it says a restore point is made, I never even looked to see what Microsoft does. The first update I did was a single one (I don't run all of the mandatory ones at the same time, I group them), which was the 'Windows Malicious Software Removal Tool x64 - August 2010 (KB890830)', which I obviously assumed was this months update for the tool. When completed, it asked to restart the computer and I did. As I did, it said to wait while blah blah blah was being updated and TO NOT MANUALLY SHUT OFF'. However, I noticed that it was taking as unusually inordinate amount of time to complete (more time than it should have. So after I decided that there was an issue, I shut it off like it warned me not to. When I turned it back on, before it went to the desktop, it said to wait while the
system was being updated. And it completed, I check the 'Previously Installed updates'. Sure enough it was in there and 'Successful'. I downloaded two more and even thought
these did not require a restart, I did one to see if it would actually restart and it did. Now up to this point, there APPEARS to be no issues, but I am waiting to see what
happens.

I finally completed the Windows Updates, which included many security updates, including one for the .NET Framework 3.5 SP1 and Vista. When I finished that one, I did the last nine, which were all Vista x64 security updates. they completed in Windows, but when it got to restarting, the same thing happened. It said congiguring updates 0 of
3. It completed the first one the froze when it got to the 2nd one. It stayed at 0%. So I had to manually shut it down. When it booted back up, it ran some registry updates,
then rebooted. Then it went back to the screen where it said 'Configuring Updates, Do Not Turn Off'. Luckily this time it completed successfully. I checked the update history
and it said that they were all successful. Again, I hope there are no issues. Now I can start your recommendations:

I opened 'OTL' and copied and pasted the script that you gave me that appears to get rid of those two registry entries, but who can be sure. The last time you requested that I check 'Scan All Users', but I didn't this time as I believe this is merely going into the registry and removing some entries. 'Include 64bit Scans' IS checked. In all of the radio button group lists, 'Use SafeList' is selected in everyone EXCEPT for 'Extra Registry'. I kept everything as is as you did not suggest that I change anything.

When I clicked ' ', it went through a process and a Message Box came up asking me to reboot, so I did. ***** AFTER REBOOT ***** Apparently the reboot was required to kill a process and it ran before the process came back up, at least this is my understanding, kind of....so I ran the script and did everything else you suggested, and I hope you don't mind, wrote this log as I went along. I do not know if removing BitDefender and installing ESET NOD32 is an issue, maybe all of the file entries for BitDefender or
entries are not removed, just a simple suggestion. I have no idea why the reboots did that, it could have been those updates. Anyway, thank you, I look forward to your next
post and here are the results of that log:

/***** OTL Log *****/

All processes killed
========== OTL ==========
HKU\S-1-5-21-2952794803-3157024702-141513974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-2952794803-3157024702-141513974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: data

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: languages

User: programs

User: Public

User: TEST
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 43290804 bytes
->Java cache emptied: 217358 bytes
->FireFox cache emptied: 63562707 bytes
->Flash cache emptied: 93519 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 231833 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 407467 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 3857402 bytes

Total Files Cleaned = 107.00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 08152010_165227

Files\Folders moved on Reboot...
C:\Users\TEST\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IONTH2VG\iframe[1].htm moved successfully.
C:\Users\TEST\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZX6UV8J\topic337067[1].htm moved successfully.
File move failed. C:\Windows\SysNative\bda14CE.tmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...

/***** OTL Log End *****/

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:40 PM

Posted 16 August 2010 - 01:53 AM

QUOTE
All that I ask is if you can please have me use products that understand a 64
Thats why we use OTL, which is completely 64 bit compatible. smile.gif

I'm working on quite a few 64 bit logs, but sometimes something slips by, as you say, we're all human. Fortunately 64 bit OS's rarely get as heavily infected as 32 bit machines.

In your case a malicious proxy was set that prevented all kind of updates, this is why windows jumped in after the fix.

ESET is good, but its not free, if you are interested in a good, free Antivirus product, please see below.

Three good antivirus programs free for non-commercial home use are Avast!, Antivir and Microsoft Security Essentials
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.


Please let me know what problems you are still having at this point. Also launch Malwarebytes Antimalware, update it and run a full scan. Post me the resulting log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 wrikgee

wrikgee
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Marblehead, Massachusetts
  • Local time:09:40 AM

Posted 16 August 2010 - 03:04 PM

Ok, I didn't know that we were all done. I honestly haven't been monitoring because I was waiting for you to tell me the next step. I will monitor it now. Sorry, that was not too bright. As far as ESET, I realize the price, but I am willing to pay for either that or BitDefender, they are both good. I just downloaded it b/c you told me to get rid of my other BitDefender virus protection and reinstall it, but I could find the code last night, I will pput it in today or tomorrow or something. I will certainly check this out tonight and let you know if anything is up. Do you think that you could send me a URL that talks abouot these 'Fake Proxies' so I could check them out? I had noticed these in hijackhis and deleted them constantly, but they came back. I assume you have to remove it from your registry, or is there something else that I have to do?

So, once again, thank you so much for your help and I will contact you before 12AM (it is 4PM right now) and let you know the status. Right now however, everything looks okay. It was nice doing business with you. And can you please send some kind of text on these proxies that are sent? Have a great week.

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:40 PM

Posted 16 August 2010 - 03:38 PM

Hi, the problem with those proxies, is that they are set by malware. Usually a rogue program does it to make sure other bad stuff can be downloaded easily.

I have been looking around for an article, but couldn't find anything. I know just from experience that they are very common lately and are like a nasty surprise left by many rogue antivirus programs.

Fixing a proxy with HJT is the same as editing the registry, but as long as there is malware active, it makes no sense to do so. Also, OTL shows more details, so by using that, all entries can be caught.

QUOTE
Ok, I didn't know that we were all done. I honestly haven't been monitoring because I was waiting for you to tell me the next step.
This is something we need to do together. smile.gif I see the logs, but just as important is what you tell me. A lot shows up in a log, but not everything.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:40 PM

Posted 30 August 2010 - 08:23 AM

Due to lack of feedback, this topic will now be closed.

If you are the original topic starter and you need this topic reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users