Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Help with Win32/Olmarik.TDL4 trojan

Started by KillThem , Jun 18 2012 09:52 AM

Please log in to reply

#1
KillThem

Posted 18 June 2012 - 09:52 AM

Member

Member
20 posts

So my wife contracted this virus on her machine. It has been a HUGE PITA and the machine now also randomly plays various advertisement sound bites. I have gone through various websites looking for some answers from others' experiences. It won't let me run TDSSKiller or aswMBR either, so a bit frustrating. Any help would be greatly appreciated.

#2
WhiteHat

Posted 18 June 2012 - 10:28 AM

Trusted Helper

Retired Staff
1,925 posts

Hello KillThem and welcome to GeeksToGo

My nickname is WhiteHat and I'm going to help you fix your problem.

Please note that I'm currently in training and my posts have to be approved by an expert before I reply.

Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
Please do not try to fix anything without being asked
I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
I am currently reviewing your logs.

#3
KillThem

Posted 18 June 2012 - 10:46 AM

Member

Topic Starter
Member
20 posts

Hi WhiteHat! Looking forward to the help. Thanks!!

#4
WhiteHat

Posted 18 June 2012 - 01:13 PM

Trusted Helper

Retired Staff
1,925 posts

# Step 1 #

Download OTL ( <-- Click with the right button and select the option save as) to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
In Extra Registry, select Use SafeList

Under the Custom Scan box paste this in

netsvcs
msconfig
drives
%SYSTEMDRIVE%\*.*
%systemdrive%\drivers\*.exe
%systemroot%\system32\drivers\*.* /90
%PROGRAMFILES%\*.*
HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /rs
HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /64 /rs
CREATERESTOREPOINT

Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

# Step 2 #

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

The report has the following format: MBRCheck_Date_Time.
For example: MBRCheck_05.13.12_22.35.11

#5
KillThem

Posted 18 June 2012 - 02:13 PM

Member

Topic Starter
Member
20 posts

OTL.txt

OTL logfile created on: 6/18/2012 3:57:47 PM - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Bill Goodwin\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.46 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 52.02% Memory free
6.91 Gb Paging File | 4.25 Gb Available in Paging File | 61.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.83 Gb Total Space | 39.21 Gb Free Space | 27.84% Space Free | Partition Type: NTFS

Computer Name: ELENAPC | User Name: Bill Goodwin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/18 15:55:22 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Bill Goodwin\Desktop\OTL.com
PRC - [2012/06/13 20:49:14 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/03/21 11:28:16 | 017,834,888 | ---- | M] (InternetCalls) -- C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/15 10:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2011/09/22 12:03:02 | 003,080,264 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2011/06/24 00:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 08:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2010/03/10 22:32:26 | 000,648,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research in Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/12/28 16:21:29 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/10/28 18:59:46 | 000,057,344 | ---- | M] () -- C:\Program Files\Informatica Secure Agent\infaagent.exe
PRC - [2009/10/21 14:58:56 | 000,086,016 | ---- | M] (PFU LIMITED) -- C:\Windows\twain_32\fjscan32\FiWiaChecker.exe
PRC - [2009/09/03 02:09:42 | 000,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/08/28 01:29:16 | 000,286,720 | ---- | M] (PFU LIMITED) -- C:\Windows\twain_32\fjscan32\ERG\FTErGuid.exe
PRC - [2009/08/14 14:30:56 | 000,015,872 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
PRC - [2009/08/07 07:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/08/05 07:38:48 | 004,562,944 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
PRC - [2009/08/05 07:38:48 | 000,026,112 | ---- | M] () -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
PRC - [2009/08/05 07:38:42 | 003,086,848 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
PRC - [2009/07/27 14:18:02 | 000,134,656 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2009/07/16 14:13:34 | 001,245,472 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
PRC - [2009/07/16 14:10:22 | 000,382,752 | ---- | M] (Dell Inc.) -- c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
PRC - [2009/07/08 16:45:34 | 000,131,072 | ---- | M] (FUJITSU LIMITED) -- C:\Windows\twain_32\fjscan32\FjtwMkup.exe
PRC - [2009/06/29 16:44:38 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/06/29 16:44:38 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b8f542503f95f21b\stacsv.exe
PRC - [2009/06/24 22:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/06/19 18:57:40 | 000,249,856 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2009/06/11 23:46:46 | 000,656,384 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
PRC - [2009/06/11 20:43:08 | 001,622,016 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
PRC - [2009/05/15 19:33:40 | 001,803,512 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2009/04/27 15:40:26 | 000,293,968 | ---- | M] (Dell Inc.) -- c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
PRC - [2009/04/07 10:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/02/01 04:15:38 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2009/02/01 02:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/12/09 23:54:40 | 000,143,360 | ---- | M] (PFU LIMITED) -- C:\Windows\twain_32\fjscan32\SOP\FtLnSOP.exe
PRC - [2008/11/24 17:56:46 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/10/14 22:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2008/10/02 12:23:16 | 000,546,288 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2007/10/16 19:58:38 | 000,045,056 | ---- | M] (PFU LIMITED) -- C:\Windows\twain_32\fjscan32\FTPWREVT\FTPWREVT.exe
PRC - [2007/04/27 07:40:00 | 000,206,400 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2007/04/27 01:00:04 | 000,316,992 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
PRC - [2007/03/08 16:23:04 | 000,045,056 | ---- | M] (PFU LIMITED) -- C:\Windows\twain_32\fjscan32\FJTWMKSV.exe
PRC - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/16 13:23:53 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/06/16 13:21:35 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012/06/16 13:21:27 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/06/16 13:20:41 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/16 13:20:33 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/16 13:20:11 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/06/16 13:20:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/06/16 13:20:06 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/06/16 13:19:56 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/06/13 20:49:13 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/05/04 18:53:05 | 008,797,856 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/12/12 16:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/11/12 02:40:28 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Status Lib\1.6.320.13950__f25c74fcad379103\Status Lib.dll
MOD - [2009/11/12 02:40:28 | 000,008,192 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\StatusInterfaces\1.6.320.13949__4ca2a925deedf37d\StatusInterfaces.dll
MOD - [2009/08/05 07:38:40 | 000,055,808 | ---- | M] () -- C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll
MOD - [2009/07/27 14:15:32 | 000,249,856 | ---- | M] () -- C:\Windows\System32\wxvault.dll
MOD - [2009/06/03 14:07:50 | 000,010,752 | ---- | M] () -- C:\Windows\System32\Wavx_ESC_Logging.dll
MOD - [2009/03/12 16:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2009/02/27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2008/11/21 14:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
MOD - [2008/11/12 15:24:40 | 000,004,608 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/05/30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2010/02/25 04:00:41 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/28 16:21:29 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/28 18:59:46 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Informatica Secure Agent\infaagent.exe -- (InformaticaSecureAgent)
SRV - [2009/09/03 02:09:42 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/08/07 07:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/08/05 07:38:48 | 000,026,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2009/07/23 22:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/07/16 14:10:22 | 000,382,752 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/29 16:44:38 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b8f542503f95f21b\stacsv.exe -- (STacSV)
SRV - [2009/06/11 20:43:08 | 001,622,016 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2009/06/03 14:15:24 | 001,019,904 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2009/05/15 19:33:40 | 001,803,512 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2009/04/27 15:40:26 | 000,293,968 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc32)
SRV - [2008/11/12 15:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2007/04/27 07:40:00 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2007/04/27 01:00:04 | 000,316,992 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2007/03/08 16:23:04 | 000,045,056 | ---- | M] (PFU LIMITED) [Auto | Running] -- C:\Windows\twain_32\fjscan32\FJTWMKSV.exe -- (FJTWMKSV)
SRV - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)

========== Driver Services (SafeList) ==========

DRV - File not found [File_System | On_Demand | Stopped] -- -- (StarOpen)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\PCTINDIS5.SYS -- (PCTINDIS5)
DRV - [2011/08/09 14:24:52 | 000,163,424 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2011/08/04 09:20:38 | 000,147,480 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2011/08/04 09:20:38 | 000,050,624 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2011/08/04 09:20:38 | 000,033,656 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV - [2011/08/04 09:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2011/05/18 08:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/11/19 13:53:48 | 000,026,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2009/08/05 07:38:48 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2009/07/29 17:46:24 | 000,212,528 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/07/27 14:17:56 | 000,200,192 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2009/07/13 20:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 20:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 19:45:20 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acpials.sys -- (acpials)
DRV - [2009/07/04 22:37:08 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdpe86.sys -- (rixdpcie)
DRV - [2009/07/02 12:50:16 | 000,047,104 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)
DRV - [2009/06/30 23:28:28 | 000,049,152 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie)
DRV - [2009/06/29 16:44:38 | 000,408,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/06/25 20:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 20:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 20:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/05/26 15:12:36 | 000,122,368 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2009/05/11 13:55:12 | 000,084,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\basp.sys -- (Blfp)
DRV - [2008/06/04 16:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PBADRV.sys -- (PBADRV)
DRV - [2008/01/10 17:59:44 | 000,142,976 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swumx80.sys -- (SWUMX80) Sierra Wireless USB MUX Driver (UMTS80)
DRV - [2008/01/10 17:58:48 | 000,165,248 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swnc8u80.sys -- (SWNC8U80) Sierra Wireless MUX NDIS Driver (UMTS80)
DRV - [2007/04/27 07:40:00 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\sentinel.sys -- (Sentinel)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0C31152B-D90D-49D6-BBBE-66D54BAEDDC9}
IE - HKLM\..\SearchScopes\{0C31152B-D90D-49D6-BBBE-66D54BAEDDC9}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2148102757-2534434147-107223858-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKU\S-1-5-21-2148102757-2534434147-107223858-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2148102757-2534434147-107223858-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://g.msn.com/USREL/1
IE - HKU\S-1-5-21-2148102757-2534434147-107223858-1006\..\SearchScopes,DefaultScope = {7FEEE531-E0FD-45AE-A83A-209ECF27D803}
IE - HKU\S-1-5-21-2148102757-2534434147-107223858-1006\..\SearchScopes\{22D5E096-940A-CE47-CCFF-72BC315B9667}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKU\S-1-5-21-2148102757-2534434147-107223858-1006\..\SearchScopes\{7FEEE531-E0FD-45AE-A83A-209ECF27D803}: "URL" = http://www.google.co...utputEncoding?}
IE - HKU\S-1-5-21-2148102757-2534434147-107223858-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2148102757-2534434147-107223858-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?..._date=20111111"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..keyword.URL: "http://www.bing.com/...te=20111111&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/15 12:34:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/15 12:34:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/04/25 20:17:05 | 000,000,000 | ---D | M]

[2010/11/28 17:49:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bill Goodwin\AppData\Roaming\mozilla\Extensions
[2012/06/15 12:27:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bill Goodwin\AppData\Roaming\mozilla\Firefox\Profiles\u8wobhi3.default\extensions
[2012/06/15 12:34:52 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\Bill Goodwin\AppData\Roaming\mozilla\Firefox\Profiles\u8wobhi3.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/11/10 21:12:27 | 000,001,945 | ---- | M] () -- C:\Users\Bill Goodwin\AppData\Roaming\Mozilla\Firefox\Profiles\u8wobhi3.default\searchplugins\bing-zugo.xml
[2012/06/15 12:23:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/15 12:34:04 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/13 20:49:14 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/16 06:42:53 | 000,002,252 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 06:42:53 | 000,002,040 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/04/24 23:58:29 | 000,001,211 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ShopAtHome.com Toolbar) - {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Program Files\ShopAtHome\tbcore3U.dll (ShopAtHome.com)
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - Reg Error: Value error. File not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Program Files\ShopAtHome\tbcore3U.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\System32\Msdxm6.ocx (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2148102757-2534434147-107223858-1006\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2148102757-2534434147-107223858-1006\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DellControlPoint] c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [FiWIA Service Checker] C:\Windows\twain_32\fjscan32\FiWiaChecker.exe (PFU LIMITED)
O4 - HKLM..\Run: [FJTWAIN Setup] C:\Windows\Twain_32\fjscan32\FjtwMkup.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [FtLnSOP_setup] C:\Windows\twain_32\fjscan32\SOP\FtLnSOP.exe (PFU LIMITED)
O4 - HKLM..\Run: [FTPWRENV] C:\Windows\twain_32\fjscan32\FTPWREVT\FTPWREVT.exe (PFU LIMITED)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartNowToolbarHelper] "C:\Program Files\StartNow Toolbar\ToolbarHelper.exe" File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKU\S-1-5-21-2148102757-2534434147-107223858-1006..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-2148102757-2534434147-107223858-1006..\Run: [InternetCalls] C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe (InternetCalls)
O4 - HKU\S-1-5-21-2148102757-2534434147-107223858-1006..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2148102757-2534434147-107223858-1006..\Run: [WorkForce 610(Network)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFJA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-2148102757-2534434147-107223858-1006..\Run: [WorkForce 610(Network) (Copy 1)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFJA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Bill Goodwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2148102757-2534434147-107223858-1006\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2148102757-2534434147-107223858-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://idoccorp.web...ex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=724 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{338D2B99-B9DB-4F62-9489-7D7E40204079}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A4E7DB5-B6ED-423F-9B6F-DD8C27095DBD}: DhcpNameServer = 209.183.33.23 209.183.35.23
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Windows\System32\Msdxm6.ocx (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/18 15:55:11 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Bill Goodwin\Desktop\OTL.com
[2012/06/18 12:56:11 | 000,000,000 | ---D | C] -- C:\Users\Bill Goodwin\Desktop\BDparty
[2012/06/18 11:45:20 | 000,000,000 | ---D | C] -- C:\Users\Bill Goodwin\Desktop\RK_Quarantine
[2012/06/18 11:42:07 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Bill Goodwin\Desktop\aswMBR.exe
[2012/06/18 10:24:03 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Bill Goodwin\Desktop\TDSSKiller.exe
[2012/06/18 10:11:25 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/06/18 10:10:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/06/18 10:10:56 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/06/16 00:12:28 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/06/16 00:12:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/06/16 00:12:27 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/06/16 00:12:27 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/06/16 00:12:26 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/06/16 00:12:26 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/06/16 00:12:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/06/15 21:12:08 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/06/15 21:12:06 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/06/15 21:11:52 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/06/15 21:11:51 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/06/15 21:11:50 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012/06/15 21:11:37 | 002,343,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/06/15 21:09:39 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/06/15 11:53:31 | 000,000,000 | ---D | C] -- C:\Users\Bill Goodwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery
[2012/06/13 14:44:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/13 14:43:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/13 14:42:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/05/28 21:36:06 | 000,000,000 | ---D | C] -- C:\Users\Bill Goodwin\Desktop\LOS ANGELES May, 2012
[2012/05/21 15:23:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/05/21 15:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\Bill Goodwin\Desktop\*.tmp files -> C:\Users\Bill Goodwin\Desktop\*.tmp -> ]
[1 C:\Users\Bill Goodwin\Documents\*.tmp files -> C:\Users\Bill Goodwin\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/18 16:04:07 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/18 15:55:22 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Bill Goodwin\Desktop\OTL.com
[2012/06/18 15:13:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2148102757-2534434147-107223858-1000UA.job
[2012/06/18 15:04:06 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/18 11:43:07 | 000,636,084 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/18 11:43:07 | 000,111,626 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/18 11:33:02 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Bill Goodwin\Desktop\aswMBR.exe
[2012/06/18 11:29:56 | 000,014,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/18 11:29:56 | 000,014,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/18 11:22:33 | 000,000,000 | ---- | M] () -- C:\Users\Bill Goodwin\AppData\Local\WavXMapDrive.bat
[2012/06/18 11:21:39 | 000,001,024 | ---- | M] () -- C:\.rnd
[2012/06/18 11:21:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/18 11:21:31 | 2783,313,920 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/18 11:17:09 | 002,109,032 | ---- | M] () -- C:\Users\Bill Goodwin\Desktop\tdsskiller.zip
[2012/06/18 10:43:41 | 001,521,152 | ---- | M] () -- C:\Users\Bill Goodwin\Desktop\RogueKiller.exe
[2012/06/18 10:13:50 | 000,881,475 | ---- | M] () -- C:\Users\Bill Goodwin\Desktop\SecurityCheck.exe
[2012/06/18 10:11:10 | 000,001,076 | ---- | M] () -- C:\Users\Bill Goodwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/06/18 10:10:57 | 000,000,896 | ---- | M] () -- C:\Users\Bill Goodwin\Desktop\NTREGOPT.lnk
[2012/06/18 10:10:57 | 000,000,877 | ---- | M] () -- C:\Users\Bill Goodwin\Desktop\ERUNT.lnk
[2012/06/17 10:30:20 | 000,000,362 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/06/17 00:27:15 | 402,911,915 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/16 13:18:41 | 003,779,992 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/15 15:15:16 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Bill Goodwin\Desktop\TDSSKiller.exe
[2012/06/15 12:51:20 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/06/15 12:51:20 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/06/15 11:56:04 | 000,000,256 | ---- | M] () -- C:\ProgramData\q8RRcfj9kUuqoa
[2012/06/15 11:53:32 | 000,000,152 | ---- | M] () -- C:\ProgramData\-q8RRcfj9kUuqoar
[2012/06/15 11:53:32 | 000,000,000 | ---- | M] () -- C:\ProgramData\-q8RRcfj9kUuqoa
[2012/06/13 14:44:30 | 000,001,755 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/11 23:25:35 | 000,158,113 | ---- | M] () -- C:\Users\Bill Goodwin\Desktop\qdvsdgh6f6oqbtcme5j0.jpg
[2012/06/08 09:28:55 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2148102757-2534434147-107223858-1000Core.job
[2012/05/30 22:34:22 | 000,148,405 | ---- | M] () -- C:\Users\Bill Goodwin\Desktop\487392_4003413533261_36300172_1n.jpg
[2012/05/30 21:59:07 | 000,130,702 | ---- | M] () -- C:\Users\Bill Goodwin\Desktop\487392_4003413533261_36300172_n.jpg
[2012/05/21 15:25:39 | 000,002,503 | ---- | M] () -- C:\Users\Bill Goodwin\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/05/21 15:25:39 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/05/21 15:23:35 | 000,001,817 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\Bill Goodwin\Desktop\*.tmp files -> C:\Users\Bill Goodwin\Desktop\*.tmp -> ]
[1 C:\Users\Bill Goodwin\Documents\*.tmp files -> C:\Users\Bill Goodwin\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/18 11:21:39 | 000,001,024 | ---- | C] () -- C:\.rnd
[2012/06/18 11:17:02 | 002,109,032 | ---- | C] () -- C:\Users\Bill Goodwin\Desktop\tdsskiller.zip
[2012/06/18 10:43:41 | 001,521,152 | ---- | C] () -- C:\Users\Bill Goodwin\Desktop\RogueKiller.exe
[2012/06/18 10:13:50 | 000,881,475 | ---- | C] () -- C:\Users\Bill Goodwin\Desktop\SecurityCheck.exe
[2012/06/18 10:11:10 | 000,001,076 | ---- | C] () -- C:\Users\Bill Goodwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/06/18 10:10:57 | 000,000,896 | ---- | C] () -- C:\Users\Bill Goodwin\Desktop\NTREGOPT.lnk
[2012/06/18 10:10:57 | 000,000,877 | ---- | C] () -- C:\Users\Bill Goodwin\Desktop\ERUNT.lnk
[2012/06/15 11:53:32 | 000,000,152 | ---- | C] () -- C:\ProgramData\-q8RRcfj9kUuqoar
[2012/06/15 11:53:32 | 000,000,000 | ---- | C] () -- C:\ProgramData\-q8RRcfj9kUuqoa
[2012/06/15 11:53:26 | 000,000,256 | ---- | C] () -- C:\ProgramData\q8RRcfj9kUuqoa
[2012/06/14 00:37:04 | 000,158,113 | ---- | C] () -- C:\Users\Bill Goodwin\Desktop\qdvsdgh6f6oqbtcme5j0.jpg
[2012/06/13 14:44:30 | 000,001,755 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/05/30 22:00:13 | 000,148,405 | ---- | C] () -- C:\Users\Bill Goodwin\Desktop\487392_4003413533261_36300172_1n.jpg
[2012/05/30 21:56:47 | 000,130,702 | ---- | C] () -- C:\Users\Bill Goodwin\Desktop\487392_4003413533261_36300172_n.jpg
[2012/05/21 15:23:35 | 000,001,817 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/04/25 00:06:38 | 000,000,256 | ---- | C] () -- C:\ProgramData\aY23Q1prxIaMvd
[2012/04/24 23:33:37 | 000,000,256 | ---- | C] () -- C:\ProgramData\oZfzC8N9siEkS3
[2012/02/07 12:13:25 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2012/02/06 15:27:06 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2012/02/06 15:27:06 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2012/02/06 15:27:06 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2012/02/06 15:27:06 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2012/02/06 15:27:06 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2012/02/06 15:27:06 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2012/02/06 15:27:06 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2012/02/06 15:27:06 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2012/02/06 15:27:06 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2012/02/06 15:27:06 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2012/02/06 15:27:06 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2012/02/06 15:27:06 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2012/02/06 15:27:06 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2012/02/06 15:27:06 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2012/02/06 15:27:06 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2012/02/06 15:27:06 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011/11/10 21:12:44 | 000,723,294 | ---- | C] () -- C:\Windows\unins000.exe
[2011/11/10 21:12:44 | 000,139,999 | ---- | C] () -- C:\Windows\unins000.dat
[2011/11/09 21:33:22 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2011/09/27 14:17:19 | 000,000,000 | ---- | C] () -- C:\Windows\Vcdem32p.INI
[2011/09/27 13:41:21 | 000,000,692 | ---- | C] () -- C:\Windows\pixcache.ini
[2011/09/27 13:35:00 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi60Fex0C0A.dll
[2011/09/27 13:35:00 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi60fex0419.dll
[2011/09/27 13:35:00 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi60Fex0410.dll
[2011/09/27 13:35:00 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi60Fex040C.dll
[2011/09/27 13:35:00 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi60Fex0407.dll
[2011/09/27 13:35:00 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5110ex0C0A.dll
[2011/09/27 13:35:00 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5110ex0419.dll
[2011/09/27 13:35:00 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5110ex0410.dll
[2011/09/27 13:35:00 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5110ex040C.dll
[2011/09/27 13:35:00 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5110ex0409.dll
[2011/09/27 13:35:00 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5110ex0407.dll
[2011/09/27 13:35:00 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi60Fex0409.dll
[2011/09/27 13:35:00 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi5110ex0411.dll
[2011/09/27 13:35:00 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi60Fex0804.dll
[2011/09/27 13:35:00 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi60Fex0411.dll
[2011/09/27 13:35:00 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi5110ex0804.dll
[2011/09/27 13:34:59 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6225ex0C0A.dll
[2011/09/27 13:34:59 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6225ex0419.dll
[2011/09/27 13:34:59 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6225ex0416.dll
[2011/09/27 13:34:59 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6225ex0410.dll
[2011/09/27 13:34:59 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6225ex040C.dll
[2011/09/27 13:34:59 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6225ex0409.dll
[2011/09/27 13:34:59 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6225ex0407.dll
[2011/09/27 13:34:59 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6125ex0C0A.dll
[2011/09/27 13:34:59 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6125ex0419.dll
[2011/09/27 13:34:59 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6125ex0416.dll
[2011/09/27 13:34:59 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6125ex0410.dll
[2011/09/27 13:34:59 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6125ex040C.dll
[2011/09/27 13:34:59 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6125ex0409.dll
[2011/09/27 13:34:59 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6125ex0407.dll
[2011/09/27 13:34:59 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5750ex0C0A.dll
[2011/09/27 13:34:59 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5750ex0419.dll
[2011/09/27 13:34:59 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5750ex0410.dll
[2011/09/27 13:34:59 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5750ex040C.dll
[2011/09/27 13:34:59 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5750ex0407.dll
[2011/09/27 13:34:59 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi6225ex0412.dll
[2011/09/27 13:34:59 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi6225ex0411.dll
[2011/09/27 13:34:59 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi6125ex0412.dll
[2011/09/27 13:34:59 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi6125ex0411.dll
[2011/09/27 13:34:59 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi5750ex0409.dll
[2011/09/27 13:34:59 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi6225ex0804.dll
[2011/09/27 13:34:59 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi6225ex0404.dll
[2011/09/27 13:34:59 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi6125ex0804.dll
[2011/09/27 13:34:59 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi6125ex0404.dll
[2011/09/27 13:34:59 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi5750ex0804.dll
[2011/09/27 13:34:59 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi5750ex0411.dll
[2011/09/27 13:34:58 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5900ex0C0A.dll
[2011/09/27 13:34:58 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5900ex0419.dll
[2011/09/27 13:34:58 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5900ex0416.dll
[2011/09/27 13:34:58 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5900ex0410.dll
[2011/09/27 13:34:58 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5900ex040C.dll
[2011/09/27 13:34:58 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5900ex0407.dll
[2011/09/27 13:34:58 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5650ex0C0A.dll
[2011/09/27 13:34:58 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5650ex0410.dll
[2011/09/27 13:34:58 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5650ex040C.dll
[2011/09/27 13:34:58 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5650ex0407.dll
[2011/09/27 13:34:58 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5220ex0C0A.dll
[2011/09/27 13:34:58 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5220ex0419.dll
[2011/09/27 13:34:58 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5220ex0410.dll
[2011/09/27 13:34:58 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5220ex040C.dll
[2011/09/27 13:34:58 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5220ex0409.dll
[2011/09/27 13:34:58 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5220ex0407.dll
[2011/09/27 13:34:58 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi5900ex0412.dll
[2011/09/27 13:34:58 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi5900ex0411.dll
[2011/09/27 13:34:58 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi5900ex0409.dll
[2011/09/27 13:34:58 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi5650ex0419.dll
[2011/09/27 13:34:58 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi5650ex0409.dll
[2011/09/27 13:34:58 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi5220ex0412.dll
[2011/09/27 13:34:58 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi5220ex0411.dll
[2011/09/27 13:34:58 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi5900ex0804.dll
[2011/09/27 13:34:58 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi5900ex0404.dll
[2011/09/27 13:34:58 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi5650ex0804.dll
[2011/09/27 13:34:58 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi5650ex0411.dll
[2011/09/27 13:34:58 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi5220ex0804.dll
[2011/09/27 13:34:57 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5530ex0C0A.dll
[2011/09/27 13:34:57 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5530ex0419.dll
[2011/09/27 13:34:57 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5530ex0410.dll
[2011/09/27 13:34:57 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5530ex040C.dll
[2011/09/27 13:34:57 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5530ex0409.dll
[2011/09/27 13:34:57 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5530ex0407.dll
[2011/09/27 13:34:57 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi55302ex0C0A.dll
[2011/09/27 13:34:57 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi55302ex0419.dll
[2011/09/27 13:34:57 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi55302ex0410.dll
[2011/09/27 13:34:57 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi55302ex040C.dll
[2011/09/27 13:34:57 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi55302ex0409.dll
[2011/09/27 13:34:57 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi55302ex0407.dll
[2011/09/27 13:34:57 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5120ex0C0A.dll
[2011/09/27 13:34:57 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5120ex0419.dll
[2011/09/27 13:34:57 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5120ex0410.dll
[2011/09/27 13:34:57 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5120ex040C.dll
[2011/09/27 13:34:57 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5120ex0409.dll
[2011/09/27 13:34:57 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5120ex0407.dll
[2011/09/27 13:34:57 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi5530ex0412.dll
[2011/09/27 13:34:57 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi5530ex0411.dll
[2011/09/27 13:34:57 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi55302ex0412.dll
[2011/09/27 13:34:57 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi55302ex0411.dll
[2011/09/27 13:34:57 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi5120ex0412.dll
[2011/09/27 13:34:57 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi5120ex0411.dll
[2011/09/27 13:34:57 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi5530ex0804.dll
[2011/09/27 13:34:57 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi55302ex0804.dll
[2011/09/27 13:34:57 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi5120ex0804.dll
[2011/09/27 13:34:56 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6750ex0C0A.dll
[2011/09/27 13:34:56 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6750ex0419.dll
[2011/09/27 13:34:56 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6750ex0416.dll
[2011/09/27 13:34:56 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6750ex0410.dll
[2011/09/27 13:34:56 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6750ex040C.dll
[2011/09/27 13:34:56 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6750ex0407.dll
[2011/09/27 13:34:56 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6670ex0C0A.dll
[2011/09/27 13:34:56 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6670ex0419.dll
[2011/09/27 13:34:56 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6670ex0416.dll
[2011/09/27 13:34:56 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6670ex0410.dll
[2011/09/27 13:34:56 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6670ex040C.dll
[2011/09/27 13:34:56 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6670ex0407.dll
[2011/09/27 13:34:56 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi6750ex0409.dll
[2011/09/27 13:34:56 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi6670ex0409.dll
[2011/09/27 13:34:56 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi6750ex0804.dll
[2011/09/27 13:34:56 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi6750ex0412.dll
[2011/09/27 13:34:56 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi6750ex0411.dll
[2011/09/27 13:34:56 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi6750ex0404.dll
[2011/09/27 13:34:56 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi6670ex0804.dll
[2011/09/27 13:34:56 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi6670ex0412.dll
[2011/09/27 13:34:56 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi6670ex0411.dll
[2011/09/27 13:34:56 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi6670ex0404.dll
[2011/09/27 13:34:55 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6770ex0C0A.dll
[2011/09/27 13:34:55 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6770ex0419.dll
[2011/09/27 13:34:55 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6770ex0416.dll
[2011/09/27 13:34:55 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6770ex0410.dll
[2011/09/27 13:34:55 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6770ex040C.dll
[2011/09/27 13:34:55 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6770ex0407.dll
[2011/09/27 13:34:55 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6230Tex0C0A.dll
[2011/09/27 13:34:55 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6230Tex0419.dll
[2011/09/27 13:34:55 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6230Tex0410.dll
[2011/09/27 13:34:55 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6230Tex040C.dll
[2011/09/27 13:34:55 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6230Tex0409.dll
[2011/09/27 13:34:55 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6230Tex0407.dll
[2011/09/27 13:34:55 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi6770ex0409.dll
[2011/09/27 13:34:55 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi6230Tex0412.dll
[2011/09/27 13:34:55 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi6230Tex0411.dll
[2011/09/27 13:34:55 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi6770ex0804.dll
[2011/09/27 13:34:55 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi6770ex0412.dll
[2011/09/27 13:34:55 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi6770ex0411.dll
[2011/09/27 13:34:55 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi6770ex0404.dll
[2011/09/27 13:34:55 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi6230Tex0804.dll
[2011/09/27 13:34:55 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi6230Tex0404.dll
[2011/09/27 13:34:54 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6130Tex0C0A.dll
[2011/09/27 13:34:54 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6130Tex0419.dll
[2011/09/27 13:34:54 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6130Tex0410.dll
[2011/09/27 13:34:54 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6130Tex040C.dll
[2011/09/27 13:34:54 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6130Tex0409.dll
[2011/09/27 13:34:54 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6130Tex0407.dll
[2011/09/27 13:34:54 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi6130Tex0412.dll
[2011/09/27 13:34:54 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi6130Tex0411.dll
[2011/09/27 13:34:54 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi6130Tex0804.dll
[2011/09/27 13:34:54 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi6130Tex0404.dll
[2011/09/27 13:34:53 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6130ex0C0A.dll
[2011/09/27 13:34:53 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6130ex0419.dll
[2011/09/27 13:34:53 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6130ex0416.dll
[2011/09/27 13:34:53 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6130ex0410.dll
[2011/09/27 13:34:53 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6130ex040C.dll
[2011/09/27 13:34:53 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6130ex0409.dll
[2011/09/27 13:34:53 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6130ex0407.dll
[2011/09/27 13:34:53 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi6130ex0412.dll
[2011/09/27 13:34:53 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi6130ex0411.dll
[2011/09/27 13:34:53 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi6130ex0804.dll
[2011/09/27 13:34:53 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi6130ex0404.dll
[2011/09/27 13:34:52 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6240ex0C0A.dll
[2011/09/27 13:34:52 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6240ex0419.dll
[2011/09/27 13:34:52 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6240ex0416.dll
[2011/09/27 13:34:52 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6240ex0410.dll
[2011/09/27 13:34:52 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6240ex040C.dll
[2011/09/27 13:34:52 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6240ex0409.dll
[2011/09/27 13:34:52 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6240ex0407.dll
[2011/09/27 13:34:52 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6140ex0C0A.dll
[2011/09/27 13:34:52 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6140ex0419.dll
[2011/09/27 13:34:52 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6140ex0416.dll
[2011/09/27 13:34:52 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6140ex0410.dll
[2011/09/27 13:34:52 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6140ex040C.dll
[2011/09/27 13:34:52 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6140ex0409.dll
[2011/09/27 13:34:52 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6140ex0407.dll
[2011/09/27 13:34:52 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi6240ex0412.dll
[2011/09/27 13:34:52 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi6240ex0411.dll
[2011/09/27 13:34:52 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi6140ex0412.dll
[2011/09/27 13:34:52 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi6140ex0411.dll
[2011/09/27 13:34:52 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi6240ex0804.dll
[2011/09/27 13:34:52 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi6240ex0404.dll
[2011/09/27 13:34:52 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi6140ex0804.dll
[2011/09/27 13:34:52 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi6140ex0404.dll
[2011/09/27 13:34:51 | 000,000,712 | R--- | C] () -- C:\Windows\FJTWSTI.INI
[2011/09/27 10:09:45 | 000,000,628 | ---- | C] () -- C:\Windows\kofax200.ini
[2011/09/27 10:09:39 | 000,000,035 | ---- | C] () -- C:\Windows\setscan.ini
[2011/08/27 11:06:01 | 000,000,023 | ---- | C] () -- C:\Windows\bo9840cd.ini
[2011/05/25 17:19:40 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010/11/28 17:49:15 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/11/28 12:40:51 | 000,000,000 | ---- | C] () -- C:\Users\Bill Goodwin\AppData\Local\WavXMapDrive.bat

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST9160412ASG
Partitions: 3
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 0.00GB
Starting Offset: 32256
Hidden sectors: 0

DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 8.00GB
Starting Offset: 91226112
Hidden sectors: 0

DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 141.00GB
Starting Offset: 8813281280
Hidden sectors: 0

< %SYSTEMDRIVE%\*.* >
[2012/06/18 11:21:39 | 000,001,024 | ---- | M] () -- C:\.rnd
[2009/06/10 17:42:20 | 000,000,024 | -H-- | M] () -- C:\autoexec.bat
[2010/04/08 18:44:21 | 000,006,752 | -H-- | M] () -- C:\bootsqm.dat
[2009/06/10 17:42:20 | 000,000,010 | -H-- | M] () -- C:\config.sys
[2009/11/12 04:20:11 | 000,004,032 | RH-- | M] () -- C:\dell.sdr
[2012/06/18 11:21:31 | 2783,313,920 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/27 10:25:56 | 000,000,244 | -H-- | M] () -- C:\InstallationInfo.txt
[2010/03/02 17:40:28 | 000,001,055 | -H-- | M] () -- C:\net_save.dna
[2012/06/18 11:21:37 | 3711,086,592 | -HS- | M] () -- C:\pagefile.sys
[2012/04/26 00:30:12 | 000,141,282 | ---- | M] () -- C:\TDSSKiller.2.7.33.0_26.04.2012_00.28.32_log.txt
[2012/04/26 00:41:04 | 000,136,940 | ---- | M] () -- C:\TDSSKiller.2.7.33.0_26.04.2012_00.40.13_log.txt
[2012/04/26 12:19:47 | 000,137,242 | ---- | M] () -- C:\TDSSKiller.2.7.33.0_26.04.2012_12.18.49_log.txt

< %systemdrive%\drivers\*.exe >

< %systemroot%\system32\drivers\*.* /90 >
[2012/04/27 23:17:07 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\rdpwd.sys
[2012/03/30 06:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tcpip.sys

< %PROGRAMFILES%\*.* >
[2009/07/14 00:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/06/13 20:49:12 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/06/13 20:49:12 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/06/13 20:49:12 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/06/13 20:49:14 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/06/13 20:49:14 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/06/13 20:49:14 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Ray Hill\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Ray Hill\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Ray Hill\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Ray Hill\AppData\Local\Google\Chrome\Application\chrome.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/09/16 10:15:12 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/09/16 10:15:12 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/09/16 10:15:12 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/05/17 19:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/05/17 19:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)

< HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/06/13 20:49:12 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/06/13 20:49:12 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/06/13 20:49:12 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/06/13 20:49:14 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/06/13 20:49:14 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/06/13 20:49:14 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Ray Hill\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Ray Hill\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Ray Hill\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Ray Hill\AppData\Local\Google\Chrome\Application\chrome.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/09/16 10:15:12 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/09/16 10:15:12 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/09/16 10:15:12 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/05/17 19:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/05/17 19:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)

========== Files - Unicode (All) ==========
[2012/06/15 12:34:54 | 000,000,000 | ---D | M](C:\Users\Bill Goodwin\Documents\???) -- C:\Users\Bill Goodwin\Documents\РВП
[2012/06/15 12:27:48 | 000,000,000 | ---D | M](C:\Users\Bill Goodwin\Documents\?????) -- C:\Users\Bill Goodwin\Documents\Почта
[2012/03/26 12:54:19 | 000,000,000 | ---D | M](C:\Users\Bill Goodwin\Documents\????????????) -- C:\Users\Bill Goodwin\Documents\Поздравления
[2012/02/09 12:52:34 | 000,000,000 | ---D | M](C:\Users\Bill Goodwin\Desktop\???????????????) -- C:\Users\Bill Goodwin\Desktop\Трудоустройство
[2012/02/04 13:22:36 | 000,000,000 | ---D | M](C:\Users\Bill Goodwin\Documents\???????? ???? ???? ????) -- C:\Users\Bill Goodwin\Documents\Гостевая виза Мама Папа
[2012/01/15 20:03:49 | 000,000,000 | ---D | M](C:\Users\Bill Goodwin\Documents\???????) -- C:\Users\Bill Goodwin\Documents\Рецепты
[2012/01/15 20:03:49 | 000,000,000 | ---D | M](C:\Users\Bill Goodwin\Documents\??????) -- C:\Users\Bill Goodwin\Documents\Разное
[2012/01/15 20:03:48 | 000,000,000 | ---D | M](C:\Users\Bill Goodwin\Documents\??????) -- C:\Users\Bill Goodwin\Documents\РАБОТА
[2012/01/15 20:03:46 | 000,000,000 | ---D | M](C:\Users\Bill Goodwin\Documents\?????_? ?????????????) -- C:\Users\Bill Goodwin\Documents\Почта_в Невинномысске
[2012/01/15 20:03:13 | 000,000,000 | ---D | M](C:\Users\Bill Goodwin\Documents\??????) -- C:\Users\Bill Goodwin\Documents\Письма
[2012/01/15 20:03:13 | 000,000,000 | ---D | M](C:\Users\Bill Goodwin\Documents\??? ???????) -- C:\Users\Bill Goodwin\Documents\Мои подписи
[2012/01/15 20:03:13 | 000,000,000 | ---D | M](C:\Users\Bill Goodwin\Documents\? ???????) -- C:\Users\Bill Goodwin\Documents\О бизнесе
[2012/01/15 20:03:11 | 000,000,000 | ---D | M](C:\Users\Bill Goodwin\Documents\??? ?????????) -- C:\Users\Bill Goodwin\Documents\Мои Документы
[2012/01/15 20:03:06 | 000,000,000 | ---D | M](C:\Users\Bill Goodwin\Documents\????? ?????? ????? ??????????) -- C:\Users\Bill Goodwin\Documents\Карты Москвы Метро Посольство
[2012/01/15 20:03:06 | 000,000,000 | ---D | M](C:\Users\Bill Goodwin\Documents\????) -- C:\Users\Bill Goodwin\Documents\Мама
[2012/01/15 20:03:05 | 000,000,000 | ---D | M](C:\Users\Bill Goodwin\Documents\??????? ????? ???????? 165-216) -- C:\Users\Bill Goodwin\Documents\Домовая книга Калинина 165-216
[2012/01/15 20:03:05 | 000,000,000 | ---D | M](C:\Users\Bill Goodwin\Documents\??????? ????? - ???????? 169 ??-24) -- C:\Users\Bill Goodwin\Documents\Домовая книга - Калинина 169 кв-24
[2012/01/15 20:03:04 | 000,000,000 | ---D | M](C:\Users\Bill Goodwin\Documents\?????????? ??? ????) -- C:\Users\Bill Goodwin\Documents\Докуцменты для Визы
[2012/01/15 20:03:01 | 000,000,000 | ---D | M](C:\Users\Bill Goodwin\Documents\???? ?? ??????. ???? ????????) -- C:\Users\Bill Goodwin\Documents\Докс по задолж. Моск интернет
[2012/01/15 20:03:00 | 000,000,000 | ---D | M](C:\Users\Bill Goodwin\Documents\??? ??????????? ? ?????????? ??????????) -- C:\Users\Bill Goodwin\Documents\Для регистрации и временного проживания
[2011/12/09 19:29:43 | 000,011,408 | ---- | M] ()(C:\Users\Bill Goodwin\Documents\?????? ?????????.docx) -- C:\Users\Bill Goodwin\Documents\Рецепт оленятины.docx
[2011/12/09 19:29:42 | 000,011,408 | ---- | C] ()(C:\Users\Bill Goodwin\Documents\?????? ?????????.docx) -- C:\Users\Bill Goodwin\Documents\Рецепт оленятины.docx
[2010/12/28 12:33:46 | 000,000,000 | ---D | C](C:\Users\Bill Goodwin\Desktop\???????????????) -- C:\Users\Bill Goodwin\Desktop\Трудоустройство
[2010/05/29 10:12:02 | 000,000,000 | ---D | C](C:\Users\Bill Goodwin\Documents\???????? ???? ???? ????) -- C:\Users\Bill Goodwin\Documents\Гостевая виза Мама Папа
[2010/05/21 10:14:26 | 000,105,984 | ---- | M] ()(C:\Users\Bill Goodwin\Documents\?????? ??????? ????.doc) -- C:\Users\Bill Goodwin\Documents\Основа лечения Акни.doc
[2010/05/21 10:09:03 | 000,056,320 | ---- | M] ()(C:\Users\Bill Goodwin\Documents\??????? ? ?? ????..doc) -- C:\Users\Bill Goodwin\Documents\Тазорак и др инфа..doc
[2010/05/19 22:22:57 | 000,026,624 | ---- | M] ()(C:\Users\Bill Goodwin\Documents\??????? ??? ???????.doc) -- C:\Users\Bill Goodwin\Documents\Подарки для Невинки.doc
[2010/04/19 14:31:26 | 000,000,162 | -H-- | M] ()(C:\Users\Bill Goodwin\Documents\~$???? ??????? ????.doc) -- C:\Users\Bill Goodwin\Documents\~$нова лечения Акни.doc
[2010/04/19 14:31:26 | 000,000,162 | -H-- | C] ()(C:\Users\Bill Goodwin\Documents\~$???? ??????? ????.doc) -- C:\Users\Bill Goodwin\Documents\~$нова лечения Акни.doc
[2010/03/12 11:04:52 | 000,031,744 | ---- | M] ()(C:\Users\Bill Goodwin\Documents\?????????? ??? ???????????.doc) -- C:\Users\Bill Goodwin\Documents\Информация для приглашения.doc
[2010/03/02 15:46:49 | 000,000,000 | ---D | C](C:\Users\Bill Goodwin\Documents\???? ?? ??????. ???? ????????) -- C:\Users\Bill Goodwin\Documents\Докс по задолж. Моск интернет
[2009/11/28 12:16:59 | 005,263,215 | ---- | C] ()(C:\Users\Bill Goodwin\Documents\????????????? ??? ???????? ???????????.pdf) -- C:\Users\Bill Goodwin\Documents\Обязательство для Частного приглашения.pdf
[2009/11/28 12:16:59 | 000,119,646 | ---- | C] ()(C:\Users\Bill Goodwin\Documents\???????.jpg) -- C:\Users\Bill Goodwin\Documents\Паспорт.jpg
[2009/11/28 12:16:59 | 000,105,984 | ---- | C] ()(C:\Users\Bill Goodwin\Documents\?????? ??????? ????.doc) -- C:\Users\Bill Goodwin\Documents\Основа лечения Акни.doc
[2009/11/28 12:16:59 | 000,056,320 | ---- | C] ()(C:\Users\Bill Goodwin\Documents\??????? ? ?? ????..doc) -- C:\Users\Bill Goodwin\Documents\Тазорак и др инфа..doc
[2009/11/28 12:16:59 | 000,055,296 | ---- | C] ()(C:\Users\Bill Goodwin\Documents\?????.doc) -- C:\Users\Bill Goodwin\Documents\Сылки.doc
[2009/11/28 12:16:59 | 000,040,448 | ---- | C] ()(C:\Users\Bill Goodwin\Documents\???????? ???????.doc) -- C:\Users\Bill Goodwin\Documents\Объемная стрижка.doc
[2009/11/28 12:16:59 | 000,032,768 | ---- | C] ()(C:\Users\Bill Goodwin\Documents\????????????? ???????? ??? ???.doc) -- C:\Users\Bill Goodwin\Documents\Тренировочный комплекс для ног.doc
[2009/11/28 12:16:59 | 000,031,232 | ---- | C] ()(C:\Users\Bill Goodwin\Documents\?? ????.doc) -- C:\Users\Bill Goodwin\Documents\На сайт.doc
[2009/11/28 12:16:59 | 000,029,696 | ---- | C] ()(C:\Users\Bill Goodwin\Documents\?? ????_1.doc) -- C:\Users\Bill Goodwin\Documents\На сайт_1.doc
[2009/11/28 12:16:59 | 000,026,624 | ---- | C] ()(C:\Users\Bill Goodwin\Documents\??????? ??? ???????.doc) -- C:\Users\Bill Goodwin\Documents\Подарки для Невинки.doc
[2009/11/28 12:16:59 | 000,025,088 | ---- | C] ()(C:\Users\Bill Goodwin\Documents\?????????? ??????.doc) -- C:\Users\Bill Goodwin\Documents\Паспортные данные.doc
[2009/11/28 12:16:59 | 000,022,528 | ---- | C] ()(C:\Users\Bill Goodwin\Documents\??????? ????, ????, ??????.doc) -- C:\Users\Bill Goodwin\Documents\Размеры Мамы, Папы, Сереги.doc
[2009/11/28 12:16:59 | 000,020,992 | ---- | C] ()(C:\Users\Bill Goodwin\Documents\?????? ????????.doc) -- C:\Users\Bill Goodwin\Documents\Оплата квартиры.doc
[2009/11/28 12:16:59 | 000,020,480 | ---- | C] ()(C:\Users\Bill Goodwin\Documents\???? ????.doc) -- C:\Users\Bill Goodwin\Documents\Стих англ.doc
[2009/11/28 12:16:59 | 000,018,944 | ---- | C] ()(C:\Users\Bill Goodwin\Documents\???????.xls) -- C:\Users\Bill Goodwin\Documents\Свадьба.xls
[2009/11/28 12:16:58 | 000,681,984 | ---- | C] ()(C:\Users\Bill Goodwin\Documents\??????? ????????.doc) -- C:\Users\Bill Goodwin\Documents\Молитва Господня.doc
[2009/11/28 12:16:58 | 000,100,864 | ---- | C] ()(C:\Users\Bill Goodwin\Documents\?????? ????????? ??????.doc) -- C:\Users\Bill Goodwin\Documents\Билеты Вашингтон Москва.doc
[2009/11/28 12:16:58 | 000,055,296 | ---- | C] ()(C:\Users\Bill Goodwin\Documents\???????? PROMT10000.std) -- C:\Users\Bill Goodwin\Documents\Документ PROMT10000.std
[2009/11/28 12:16:58 | 000,044,032 | ---- | C] ()(C:\Users\Bill Goodwin\Documents\?? ??????????? 1 ?? ???????.doc) -- C:\Users\Bill Goodwin\Documents\Из Шереметьево 1 до Внуково.doc
[2009/11/28 12:16:58 | 000,040,960 | ---- | C] ()(C:\Users\Bill Goodwin\Documents\??? ?????? ????? ? ????????.doc) -- C:\Users\Bill Goodwin\Documents\Все сейчас знают и понимают.doc
[2009/11/28 12:16:58 | 000,031,744 | ---- | C] ()(C:\Users\Bill Goodwin\Documents\?????????? ??? ???????????.doc) -- C:\Users\Bill Goodwin\Documents\Информация для приглашения.doc
[2009/11/28 12:16:58 | 000,031,744 | ---- | C] ()(C:\Users\Bill Goodwin\Documents\???????.doc) -- C:\Users\Bill Goodwin\Documents\Доктора.doc
[2009/11/28 12:16:58 | 000,031,232 | ---- | C] ()(C:\Users\Bill Goodwin\Documents\???????? PROMT1.std) -- C:\Users\Bill Goodwin\Documents\Документ PROMT1.std
[2009/11/28 12:16:58 | 000,030,208 | ---- | C] ()(C:\Users\Bill Goodwin\Documents\???? ??? ?????. ???????????.doc) -- C:\Users\Bill Goodwin\Documents\Доки для частн. приглашения.doc
[2009/11/28 12:16:58 | 000,029,184 | ---- | C] ()(C:\Users\Bill Goodwin\Documents\? ????? 1.doc) -- C:\Users\Bill Goodwin\Documents\В загсе 1.doc
[2009/11/28 12:16:58 | 000,027,136 | ---- | C] ()(C:\Users\Bill Goodwin\Documents\?????????_1??????????.doc) -- C:\Users\Bill Goodwin\Documents\Заявление_1Ставрополь.doc
[2009/11/28 12:16:58 | 000,026,624 | ---- | C] ()(C:\Users\Bill Goodwin\Documents\?????????_1.doc) -- C:\Users\Bill Goodwin\Documents\Заявление_1.doc
[2009/11/28 12:16:58 | 000,024,576 | ---- | C] ()(C:\Users\Bill Goodwin\Documents\????????? ?? ???.doc) -- C:\Users\Bill Goodwin\Documents\Директору ГУ ЦЗН.doc
[2009/11/28 12:16:58 | 000,022,016 | ---- | C] ()(C:\Users\Bill Goodwin\Documents\???????? ??????? ????.doc) -- C:\Users\Bill Goodwin\Documents\Депутату Краевой Думы.doc
[2009/11/28 12:16:58 | 000,019,968 | ---- | C] ()(C:\Users\Bill Goodwin\Documents\??? ????????.doc) -- C:\Users\Bill Goodwin\Documents\Дни Рождения.doc
[2009/11/28 12:16:53 | 000,000,000 | ---D | C](C:\Users\Bill Goodwin\Documents\???????) -- C:\Users\Bill Goodwin\Documents\Рецепты
[2009/11/28 12:16:52 | 000,000,000 | ---D | C](C:\Users\Bill Goodwin\Documents\??????) -- C:\Users\Bill Goodwin\Documents\Разное
[2009/11/28 12:16:52 | 000,000,000 | ---D | C](C:\Users\Bill Goodwin\Documents\???) -- C:\Users\Bill Goodwin\Documents\РВП
[2009/11/28 12:16:49 | 000,000,000 | ---D | C](C:\Users\Bill Goodwin\Documents\??????) -- C:\Users\Bill Goodwin\Documents\РАБОТА
[2009/11/28 12:16:48 | 000,000,000 | ---D | C](C:\Users\Bill Goodwin\Documents\?????_? ?????????????) -- C:\Users\Bill Goodwin\Documents\Почта_в Невинномысске
[2009/11/28 12:15:21 | 000,000,000 | ---D | C](C:\Users\Bill Goodwin\Documents\????????????) -- C:\Users\Bill Goodwin\Documents\Поздравления
[2009/11/28 12:15:21 | 000,000,000 | ---D | C](C:\Users\Bill Goodwin\Documents\?????) -- C:\Users\Bill Goodwin\Documents\Почта
[2009/11/28 12:15:17 | 000,000,000 | ---D | C](C:\Users\Bill Goodwin\Documents\??????) -- C:\Users\Bill Goodwin\Documents\Письма
[2009/11/28 12:15:16 | 000,000,000 | ---D | C](C:\Users\Bill Goodwin\Documents\??? ???????) -- C:\Users\Bill Goodwin\Documents\Мои подписи
[2009/11/28 12:15:16 | 000,000,000 | ---D | C](C:\Users\Bill Goodwin\Documents\? ???????) -- C:\Users\Bill Goodwin\Documents\О бизнесе
[2009/11/28 12:15:13 | 000,000,000 | ---D | C](C:\Users\Bill Goodwin\Documents\??? ?????????) -- C:\Users\Bill Goodwin\Documents\Мои Документы
[2009/11/28 12:15:08 | 000,000,000 | ---D | C](C:\Users\Bill Goodwin\Documents\????? ?????? ????? ??????????) -- C:\Users\Bill Goodwin\Documents\Карты Москвы Метро Посольство
[2009/11/28 12:15:08 | 000,000,000 | ---D | C](C:\Users\Bill Goodwin\Documents\????) -- C:\Users\Bill Goodwin\Documents\Мама
[2009/11/28 12:15:07 | 000,000,000 | ---D | C](C:\Users\Bill Goodwin\Documents\??????? ????? ???????? 165-216) -- C:\Users\Bill Goodwin\Documents\Домовая книга Калинина 165-216
[2009/11/28 12:15:07 | 000,000,000 | ---D | C](C:\Users\Bill Goodwin\Documents\??????? ????? - ???????? 169 ??-24) -- C:\Users\Bill Goodwin\Documents\Домовая книга - Калинина 169 кв-24
[2009/11/28 12:15:01 | 000,000,000 | ---D | C](C:\Users\Bill Goodwin\Documents\?????????? ??? ????) -- C:\Users\Bill Goodwin\Documents\Докуцменты для Визы
[2009/11/28 12:15:01 | 000,000,000 | ---D | C](C:\Users\Bill Goodwin\Documents\??? ??????????? ? ?????????? ??????????) -- C:\Users\Bill Goodwin\Documents\Для регистрации и временного проживания
[2009/06/24 17:15:15 | 000,019,968 | ---- | M] ()(C:\Users\Bill Goodwin\Documents\??? ????????.doc) -- C:\Users\Bill Goodwin\Documents\Дни Рождения.doc
[2009/03/19 22:30:09 | 000,032,768 | ---- | M] ()(C:\Users\Bill Goodwin\Documents\????????????? ???????? ??? ???.doc) -- C:\Users\Bill Goodwin\Documents\Тренировочный комплекс для ног.doc
[2009/02/06 22:15:35 | 000,029,696 | ---- | M] ()(C:\Users\Bill Goodwin\Documents\?? ????_1.doc) -- C:\Users\Bill Goodwin\Documents\На сайт_1.doc
[2009/02/02 00:23:33 | 000,031,232 | ---- | M] ()(C:\Users\Bill Goodwin\Documents\?? ????.doc) -- C:\Users\Bill Goodwin\Documents\На сайт.doc
[2008/12/09 01:52:08 | 000,031,232 | ---- | M] ()(C:\Users\Bill Goodwin\Documents\???????? PROMT1.std) -- C:\Users\Bill Goodwin\Documents\Документ PROMT1.std
[2008/11/21 17:16:13 | 000,031,744 | ---- | M] ()(C:\Users\Bill Goodwin\Documents\???????.doc) -- C:\Users\Bill Goodwin\Documents\Доктора.doc
[2008/11/17 18:58:12 | 000,030,208 | ---- | M] ()(C:\Users\Bill Goodwin\Documents\???? ??? ?????. ???????????.doc) -- C:\Users\Bill Goodwin\Documents\Доки для частн. приглашения.doc
[2008/11/09 12:36:03 | 000,022,528 | ---- | M] ()(C:\Users\Bill Goodwin\Documents\??????? ????, ????, ??????.doc) -- C:\Users\Bill Goodwin\Documents\Размеры Мамы, Папы, Сереги.doc
[2008/10/05 14:11:32 | 000,100,864 | ---- | M] ()(C:\Users\Bill Goodwin\Documents\?????? ????????? ??????.doc) -- C:\Users\Bill Goodwin\Documents\Билеты Вашингтон Москва.doc
[2008/10/04 10:04:53 | 000,040,448 | ---- | M] ()(C:\Users\Bill Goodwin\Documents\???????? ???????.doc) -- C:\Users\Bill Goodwin\Documents\Объемная стрижка.doc
[2008/09/27 00:28:04 | 000,044,032 | ---- | M] ()(C:\Users\Bill Goodwin\Documents\?? ??????????? 1 ?? ???????.doc) -- C:\Users\Bill Goodwin\Documents\Из Шереметьево 1 до Внуково.doc
[2008/07/25 10:11:34 | 000,020,992 | ---- | M] ()(C:\Users\Bill Goodwin\Documents\?????? ????????.doc) -- C:\Users\Bill Goodwin\Documents\Оплата квартиры.doc
[2008/04/23 09:31:58 | 000,027,136 | ---- | M] ()(C:\Users\Bill Goodwin\Documents\?????????_1??????????.doc) -- C:\Users\Bill Goodwin\Documents\Заявление_1Ставрополь.doc
[2008/04/05 14:05:52 | 000,026,624 | ---- | M] ()(C:\Users\Bill Goodwin\Documents\?????????_1.doc) -- C:\Users\Bill Goodwin\Documents\Заявление_1.doc
[2008/02/26 07:21:59 | 000,024,576 | ---- | M] ()(C:\Users\Bill Goodwin\Documents\????????? ?? ???.doc) -- C:\Users\Bill Goodwin\Documents\Директору ГУ ЦЗН.doc
[2008/01/10 03:11:24 | 000,119,646 | ---- | M] ()(C:\Users\Bill Goodwin\Documents\???????.jpg) -- C:\Users\Bill Goodwin\Documents\Паспорт.jpg
[2007/12/19 05:48:26 | 000,025,088 | ---- | M] ()(C:\Users\Bill Goodwin\Documents\?????????? ??????.doc) -- C:\Users\Bill Goodwin\Documents\Паспортные данные.doc
[2007/10/25 14:59:14 | 005,263,215 | ---- | M] ()(C:\Users\Bill Goodwin\Documents\????????????? ??? ???????? ???????????.pdf) -- C:\Users\Bill Goodwin\Documents\Обязательство для Частного приглашения.pdf
[2007/09/08 06:51:12 | 000,020,480 | ---- | M] ()(C:\Users\Bill Goodwin\Documents\???? ????.doc) -- C:\Users\Bill Goodwin\Documents\Стих англ.doc
[2007/08/20 15:32:30 | 000,055,296 | ---- | M] ()(C:\Users\Bill Goodwin\Documents\???????? PROMT10000.std) -- C:\Users\Bill Goodwin\Documents\Документ PROMT10000.std
[2007/08/13 04:34:37 | 000,022,016 | ---- | M] ()(C:\Users\Bill Goodwin\Documents\???????? ??????? ????.doc) -- C:\Users\Bill Goodwin\Documents\Депутату Краевой Думы.doc
[2007/04/09 13:52:10 | 000,055,296 | ---- | M] ()(C:\Users\Bill Goodwin\Documents\?????.doc) -- C:\Users\Bill Goodwin\Documents\Сылки.doc
[2007/01/07 17:38:30 | 000,040,960 | ---- | M] ()(C:\Users\Bill Goodwin\Documents\??? ?????? ????? ? ????????.doc) -- C:\Users\Bill Goodwin\Documents\Все сейчас знают и понимают.doc
[2006/12/05 07:30:26 | 000,681,984 | ---- | M] ()(C:\Users\Bill Goodwin\Documents\??????? ????????.doc) -- C:\Users\Bill Goodwin\Documents\Молитва Господня.doc
[2006/10/21 02:40:30 | 000,018,944 | ---- | M] ()(C:\Users\Bill Goodwin\Documents\???????.xls) -- C:\Users\Bill Goodwin\Documents\Свадьба.xls
[2006/09/03 13:03:38 | 000,029,184 | ---- | M] ()(C:\Users\Bill Goodwin\Documents\? ????? 1.doc) -- C:\Users\Bill Goodwin\Documents\В загсе 1.doc

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB49837$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:548AE60C
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:C07A6A6B
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:19F08842
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:64EEA19D
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:506E1E25
@Alternate Data Stream - 228 bytes -> C:\ProgramData\TEMP:ADE67221
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:123A86B5
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:70E897B5
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:9E76E7F3
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:E14FA16F
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:DC21D414
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:91FFEC32
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:F8F070C2
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:1B7E2022
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:EDC744FB
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:E7B4296D
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:9F38BF31
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:2495D97A
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:C72A744C
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:71004506
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:D2593961
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:89C28CF6
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:80F63EC3
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:7E082023
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:61B54B15
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:0EC7A545
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:71612023
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:596E2371
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:A3B8F70C
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:870649A4
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:5B09C4D9
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:32A82570
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:FED25C29
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:DE9AC04F
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:7FCB9D0D
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:341C1FBD
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:13EF4AF6
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:737160C1
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:6F0B6A5A
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:F84B8DB5
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:EA10407C
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:E895790F
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:6017A808
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:0E22C5DB
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:E027789A
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:4C528C86
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:3D186293
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:EF5B3572
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:D055FC10
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:B4980368
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:A167A0BB
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:700B9342
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:5FA4CB99
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:7FD903D7
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:177313FB
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:1181620C
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:DB77E2C4
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:C10635F6
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:710F4DBF
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:6444B424
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:5BC73C48
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:48977386
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:36FFA2FB
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E732B44B
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:DD04902E
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:B8384DB6
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:7B52659E
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:6B05AF40
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:5FFC2819
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:260575F1
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:0E684AC9
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:EEB25EAE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:E80802C7
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:D8F9D810
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:A02025CE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:89CF6F9C
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5025C6E4
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:3D36932D
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:FC2D0F32
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:6FD219F5
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:225CD7D5
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:F45F3031
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:F1DEA771
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A58B27C9
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:97C4F81F
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:5EF1AD34
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:48FEA089
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:3FD496E1
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:19F494DE
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8FA72FF8
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8DF68137
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:59C113EC
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:26FBC1F9
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:22313216
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E945C214
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1D597D0
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:CEF2A14E
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:C5E2BAEE
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:425759C6
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:0D278FB5
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:D48500F8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:C22674B6
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:A6CDBCAC
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:6425A235
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:55F44B88
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:53DF59D1
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:405D842B
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:3B812EE0
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:0FA1EAA7
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:8999FD56
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:6AF67671
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:523B97A0
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:237E4B91
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:CC4C59B4
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:BF2E2F0E
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:996104FC
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:7A0EFE63
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:2B1EA607
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:F33C37D5
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:38B32B54
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:08D8BB20
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:98DFF516
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:68EF6203
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:5345C8F6
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:B18C4339
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:0F0A5896
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:E91ADC66
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:24FECE50
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:7AA6FC81
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:55818279
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:43301D1D
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:EC0A74A1
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:CB16385F
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B1FBBD09
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:C8E82994
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:BF07EA98
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B845F669
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:E32966C0
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:C9FD258B
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:598E0FFA
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:55E1514E
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:551BED5F
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:F14D1F80
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC3B090
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:B7843388
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:D31BE97C
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:9DF07E8F
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:569CEE83
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:4FE30352
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:3E06C78F
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:D226A81A
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:561B1D2B
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:D0668210
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:92A815D8
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:69AF9D20
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:614F17D3
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:3C282BEA
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:9C012695
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:7CEDF9F3
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:FDDD8917
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:D507B5A8
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:61AF2B29
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:28CDD861
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:E51234A9
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:A296A63F
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:52641FBE
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:31106FCB
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:2E49D185
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:1C6CB897
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:FB97DB91
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:CF61CE5A
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:5E9B629B

< End of report >

#6
KillThem

Posted 18 June 2012 - 02:14 PM

Member

Topic Starter
Member
20 posts

EXTRAS.txt

OTL Extras logfile created on: 6/18/2012 3:57:47 PM - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Bill Goodwin\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.46 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 52.02% Memory free
6.91 Gb Paging File | 4.25 Gb Available in Paging File | 61.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.83 Gb Total Space | 39.21 Gb Free Space | 27.84% Space Free | Partition Type: NTFS

Computer Name: ELENAPC | User Name: Bill Goodwin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe" = C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe:*:Enabled:SwiApiMux

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03288041-46CD-4F10-A6FD-08E4301C95A0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{038F3DF7-DF9C-4F92-BD2C-74289AB83807}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{03B051B2-0971-4EE2-AB82-17F49CE0DF07}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{041651D4-A21F-4581-8649-A0BA160A962B}" = lport=3390 | protocol=6 | dir=in | app=system |
"{08EAB6BC-8151-48F2-952D-146DE5E15673}" = rport=138 | protocol=17 | dir=out | app=system |
"{0EAD3F3D-49BB-4B41-A140-8B92E83DC65D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0FDD9207-36CE-4D23-BB26-688D8223434C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{151F5FCE-6D28-4E0E-A270-2B8EEF2CE105}" = rport=445 | protocol=6 | dir=out | app=system |
"{1972B076-9F50-490A-96A7-000251A299F0}" = lport=445 | protocol=6 | dir=in | app=system |
"{19822AA0-55D2-4E71-AF57-23C1BF3A75E1}" = lport=137 | protocol=17 | dir=in | app=system |
"{24BB263D-A25E-4E4F-B746-3D61E7E092CB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{30BDF4F6-7ACF-45F5-A87F-4AFF7A9A3C3A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{323F7859-A582-4D18-8666-30CBB3216434}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{349B0956-68FD-4C8D-8E0A-45240674820C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{363D7B28-2AFD-4693-8F01-BF7BC14A97BA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3AA308D7-66D8-493B-A804-CF3C482D0A40}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3B023FCE-3493-4053-89B4-67B5F29D0057}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3DB65624-03F7-4DD0-84F6-9CE3253FCA74}" = rport=139 | protocol=6 | dir=out | app=system |
"{43385551-9AA1-418C-8BC3-97BBEF210E8B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{447A9A13-8E7C-47EA-B1A8-3C31B7D97053}" = lport=139 | protocol=6 | dir=in | app=system |
"{46F3814D-3DA0-435F-862F-0121CA7FC767}" = rport=137 | protocol=17 | dir=out | app=system |
"{47CB627F-DA50-4D63-958E-287AB48B89AD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4AA561D5-610A-469E-A1C0-34C4A0332B28}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{4FC6D8C1-CC9C-4692-AC13-AF9182AA3E16}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{52B0FB89-21E0-4706-A01C-C3DB0A4C676B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{531B7484-2A2B-4CFC-80C1-BDE70BA113AB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{53E664EC-478C-47CA-81D2-6B11BB97CBD5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5D9EBF9D-D91D-4EE8-A0DF-2E2224B578E4}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{654307BF-B680-47F8-AC26-96E4D580EF5C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6AA97860-BBB8-4AB1-B6C7-A85892BCD012}" = lport=138 | protocol=17 | dir=in | app=system |
"{6B8E64EF-3AD7-407E-994A-B273904235FB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{6BBF0ADF-0167-4D14-9164-D6793E2B5188}" = lport=10244 | protocol=6 | dir=in | app=system |
"{6D2D2079-0BAD-47F5-8FAC-A312FE27CAEB}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{745AB5FE-2A73-4FAF-A599-11EAD32CEE2D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{75DA9685-6C24-478C-BB34-9219AC3FE0C9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7946FA19-CDDF-4774-8303-DF6D6253902F}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{7B200CB4-533F-4B98-9241-249CD827F043}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7C0EF3BE-BD26-4912-90DD-3EC49B251EA7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{87177F17-5A12-4D49-A45A-92A78A022AF4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8C667AEB-4E23-4E1F-83E8-FB7056FEFE6D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8D7B4537-E799-4E3C-8ED1-F746EBD48431}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{90AC8996-DA75-4ECF-BC7F-9A1494DCBC8A}" = lport=3390 | protocol=6 | dir=in | app=system |
"{996B00B9-1CDB-498E-AC41-020402EA461C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9D0A3DFF-9039-47DC-8F5C-9CD2464F78D5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9F995C93-F440-4129-AF5A-B372360E4716}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A7FCD8FC-01C7-4C71-ABCB-EC8037B17D0B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B2373C6A-6E8C-43CE-B95F-BABBD2527363}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{B6F23B3B-B7FC-43D6-82EE-94C26F415699}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{B965074D-C308-4EB7-88EF-BC56B03B1784}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BC532186-C73A-473D-8EF8-7A060D09022C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BEA9AF2A-35A8-4024-99A0-37514B302650}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{C694B6AD-32A8-4612-9788-F4226D478AD1}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CBEF01EF-6F0B-4ADB-8E98-F4013C0DBB2F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DC5D71C0-76E8-4F9B-AA06-56BD3EE93744}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DE5668D4-9134-44CD-A063-02E8F53621FE}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EBBBDC18-CD94-4337-97CD-2B855A295524}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F20D3867-9B91-4608-A3FE-CEFC5F78D3B0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F4A4CF46-DBEC-44BE-B645-2571918681D6}" = lport=10244 | protocol=6 | dir=in | app=system |
"{F5CB4A23-0904-44F2-8AC6-4BA80B0F13C0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0441AE6D-5CDB-487D-9E55-1EC2ED3A147D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{061CAF8C-ED66-41AB-AB82-F156EC35B04B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{07A98A22-8534-4814-BA8C-80323C470EA6}" = protocol=58 | dir=out | [email protected],-28546 |
"{0CD129AD-F939-437D-AB97-48D527E4B46D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{0F7B89B9-F109-485E-90A0-5127BBC797F2}" = protocol=6 | dir=in | app=c:\program files\common files\safenet sentinel\sentinel protection server\winnt\spnsrvnt.exe |
"{14D09E15-5507-4B5D-980A-304E5501C2AE}" = protocol=6 | dir=in | app=c:\program files\internetcalls.com\internetcalls\internetcalls.exe |
"{182F4712-8686-4F27-8AE5-2A099DD6901D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{205FC066-8CED-4DEF-BEB4-BDD44709310B}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{26550136-8E37-4F09-9781-AC4EFB6AE730}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{28F16C3B-B928-4ACA-9048-DC4C93424740}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{2BA47554-FF2A-4DBE-A243-DB3EB0FFD947}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2C70393D-6DB7-45DA-A904-252A104D9BC5}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{325C8AB2-0869-4BBC-ACF2-58084EE3D927}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{32EB439B-4106-4779-A972-FD3AF6BFAEA1}" = protocol=1 | dir=in | [email protected],-28543 |
"{33D3C226-AB90-4810-9361-EF8184DAD846}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{358E3818-B974-4BBC-A04C-414C12DEFD4F}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{3824297D-B927-4F1F-AB7A-0A10992B8887}" = protocol=6 | dir=out | app=system |
"{38323F5C-435E-47ED-9859-2CFA335E1888}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3960D31F-4FD5-4234-9792-B300C47CCC40}" = protocol=6 | dir=in | app=c:\program files\brother\brmfl06d\faxrx.exe |
"{3F8923F8-C479-4336-8A5E-78E3915E6A8E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3FAAEE6D-BDCE-41F2-9667-44B29B95072C}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{413CFFC4-381C-4D7F-87EF-9B44D4592C11}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{43124F01-CD57-4F9F-8095-984118F7FCDA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{4BDC72DB-1FED-485E-B672-1B50331D0019}" = protocol=6 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool09\eneasyapp.exe |
"{4E871D68-75BF-4A41-97EB-5DD40856468B}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{566543F6-EEC9-48C5-89FC-7A8BEA701105}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{56BC0E47-D9A1-4DA0-88D0-551ADEAB2880}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5C4E4551-A0F1-4BA8-8A5F-CC47CC9D2FB4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{60777166-8BEC-46CE-94F4-4F8A5C18859C}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{64D75455-B0BD-42B4-B8E0-5DB77A9F0F1A}" = protocol=6 | dir=in | app=c:\program files\internetcalls.com\internetcalls\internetcalls.exe |
"{6C933287-6B6F-4FF9-B3DC-9CB8C769CBB5}" = protocol=1 | dir=out | [email protected],-28544 |
"{6F4C8A1C-915B-4696-A4EB-D5B212C7D3A2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{73D0E012-8808-4DDC-91EB-4F0D239888FA}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{7417B072-8939-470F-894F-8E26199AB04F}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{78A0A369-EF91-438F-8397-C5ADE1B2E730}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{79A1DC16-20A3-4CB1-B4CD-BA746006E8BA}" = protocol=17 | dir=in | app=c:\program files\common files\safenet sentinel\sentinel protection server\winnt\spnsrvnt.exe |
"{81DBB453-1C11-48E1-9060-77C35E520E7F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{82262E67-9A85-432F-9718-E960F3EB314D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{84417529-3852-4F2D-ACD2-80D789CC49E2}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{84435D1C-344E-47B4-A8BD-66CAEA931E10}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{86899E7D-4D4D-4994-8D60-CB56057E6B6E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8A8ADD01-974F-4B31-BAE3-E0717E74D278}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8DA017A3-3517-4916-B3E1-132392ADC797}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8DFA0882-FF61-4F17-9DB9-D62C5D2BD43C}" = protocol=17 | dir=in | app=c:\program files\internetcalls.com\internetcalls\internetcalls.exe |
"{8EDA7745-7E21-4D83-BEED-02981758EB90}" = protocol=6 | dir=in | app=c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe |
"{99DB2711-C6C6-4C63-A4F9-7561F34DC8A0}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{A118BEB3-AE5D-41DF-B462-8CC589188708}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{A1DFC643-3654-4D35-A3E0-242CCCA5C970}" = protocol=58 | dir=in | [email protected],-28545 |
"{B9E59C61-B77E-4BFA-ABA6-C8D68C61C0AF}" = protocol=17 | dir=in | app=c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe |
"{BAE58B9D-6055-4F89-ABFB-C85CD2D5E64B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{CD3D3493-0229-43C3-B69E-7D0107999416}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D1CCC19B-BBDF-484F-8315-EA8971B443E7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D1EC33D2-B01F-4B39-9682-FB9154E19144}" = protocol=17 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{D3D03E4F-6A9A-4FF3-B559-780C03EB36CC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DB5D114E-EB0D-4E04-BE1F-85DE25191F1C}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{DB68C4D8-0FAB-4274-85A5-FE9425EFDE6C}" = protocol=17 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool09\eneasyapp.exe |
"{DDD3F4F5-4BAE-420A-8117-BDCCF49F4E56}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E02EFA6E-D453-46A4-9CE5-39FDF9D67C51}" = protocol=17 | dir=in | app=c:\program files\internetcalls.com\internetcalls\internetcalls.exe |
"{E693923E-8AD9-4FA4-B6A0-75A65FB1D622}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{F0933CE2-1407-40DC-9165-84B8ECE4C6FA}" = protocol=17 | dir=in | app=c:\program files\brother\brmfl06d\faxrx.exe |
"{F5FE057E-0011-45A8-A466-A783EAC76045}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FD9ADB5F-EDC9-4BD8-948F-69BE8FEDC2C4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FE1A3FB4-0163-47ED-A0B5-9562D26C95CC}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"TCP Query User{129AE07B-936C-48CE-805C-52231F77AE91}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{491E80EA-A740-41CE-A8CF-8127AC60E0A8}C:\program files\microsoft office\live meeting 8\console\pwconsole.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"TCP Query User{54CE46D1-3F47-4BF8-8013-603602C9219E}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{AEE0B131-3527-4907-A540-3FA7C7B5842B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{D9A7FDA8-656D-44A4-A1B7-43F2719D3AA2}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{4FBDAC00-5653-4F65-A0B3-F44E907C041D}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{6C30C3F2-D368-4820-8BB3-C7BB0A77E130}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{759A3A19-EB7C-4BAC-99B9-9917CA1F1652}C:\program files\microsoft office\live meeting 8\console\pwconsole.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"UDP Query User{960B81FA-DC0D-4C98-9EF0-1E0879586CE4}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{FF741860-26F7-4061-907B-352CB51A9CD2}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
"{0700E22B-A422-40A5-BD20-04BF618CA0F9}" = QuickBooks Pro 2010
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{115FED9F-2667-ED07-3C38-E82BC9A35ED4}" = ESPN Offline Draft
"{11DB380B-48CF-46EA-8B03-51874E2733C9}" = Dell Control Point
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1C1A21AF-75C5-42A1-89B9-419121336BF5}" = Microsoft Conferencing Add-in for Microsoft Office Outlook
"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2220CF3A-EBD6-4070-94D0-0C7337B537A7}" = All Day Battery Life Configuration
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 29
"{2E98C5B7-D64C-4D7E-BFC3-A7D078569F28}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3237887D-8AC4-4C27-BDF4-57D7CB0351D6}" = SO32MMWrapper
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3D6E90E1-602D-48C8-BBD2-28D1E183AE50}_is1" = Google Outlook Contact Sync 0.9.1.0
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B99F903-230A-4E33-9A60-F58C1908D29E}" = Error Recovery Guide for fi-6130/fi-6230
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{580E9BBC-A51E-4AE9-A977-7B0939BEDAD3}" = Scanner Utility for Microsoft Windows V09L21
"{59333B51-EA3C-4D7B-9AFE-96AD51B3C266}" = AuthenTec Fingerprint Software
"{5A180ED5-0AC1-410A-B790-5E0319CD0A93}" = Sentinel Protection Installer 7.4.0
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A447CFB-B64E-4D3C-9744-2EA44EFB8F97}" = BlackBerry Device Software Updater
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A35E74B-68AD-4054-B93A-FEB7B687114C}" = Kofax VirtualReScan 4.50
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{71084075-ABA7-48BC-9733-F56A9ABD184D}" = DCP32MMWrapper
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{731B0E4D-F4C7-450C-95B0-E1A3176B1C75}" = Dell Backup and Recovery Manager
"{739126B3-1B80-4F9F-8D59-312A19633E1A}_is1" = Moozy
"{753D852A-D86D-42C9-9978-40AE66FB8985}" = Driver Installer
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79B520D5-CE72-4661-A054-804BC3412516}" = Wave Infrastructure Installer
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83E3F4E4-CEA1-452B-9180-A40813CD111C}" = ESET Smart Security
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8F588432-2DDA-44F3-B013-BF5A0227F631}" = Trident
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0419-0000-0000000FF1CE}" = Microsoft Office Access MUI (Russian) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0419-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Russian) 2007
"{90120000-0017-0419-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Russian) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0419-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Russian) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0419-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Russian) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0419-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Russian) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0419-0000-0000000FF1CE}" = Microsoft Office Word MUI (Russian) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.ru-ru_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0419-0000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2007
"{90120000-001F-0422-0000-0000000FF1CE}" = Microsoft Office Proof (Ukrainian) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-0419-0000-0000000FF1CE}" = Microsoft Office Proofing (Russian) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0419-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Russian) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0419-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Russian) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0419-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Russian) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0419-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Russian) 2007
"{90120000-0100-0419-0000-0000000FF1CE}" = Microsoft Office O MUI (Russian) 2007
"{90120000-0101-0419-0000-0000000FF1CE}" = Microsoft Office X MUI (Russian) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9143F2FA-BF20-4311-8618-4CCF51B1B80C}" = Dell ControlPoint System Manager
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9579E862-5FC7-4337-B1CC-5E37451524C5}" = Motorola Driver Installation
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAA49E39-4BFF-49F5-8695-43069F557768}" = Kofax VRS Component Fujitsu fi-6230
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC388C78-2619-452C-BFBE-FABCC3194387}" = Microsoft Office Live Meeting 2007
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack
"{BC52E419-B185-488F-9973-049A88E5DCBE}" = Gemalto
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C3FA63E2-AFD3-41FD-B48F-1D942CC71943}" = UPEK TouchChip Fingerprint Reader
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C83FB11D-9EC6-49D7-99A7-DDDB2264883C}" = Brother MFL-Pro Suite MFC-9840CDW
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1BD700E-92C1-4F3E-B934-0140440B336A}" = CardScan 7.0.5
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D97728BC-2239-44EC-88EF-FC028604E1B5}" = Kofax VRS Update for VRS45DPUpdate
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DEE43217-9B84-4204-AE98-27BAA14EFF5C}" = GO Contact Sync
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{EB5F211D-85D5-44C4-BB15-1207C77EF430}" = Visual C++ 8.0 Runtime Setup Package
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{EF8672E3-C9C0-4BDF-948B-77BC58BECFF9}" = Fujitsu ScandAll PRO V1.8 Update1
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1BA3CD5-89DC-4273-8603-A75F33E9B335}" = Nokia Connectivity Adapter Cable DKU-5
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7FFF37F-DB74-408C-840F-BD8B8E955B5B}" = FUJITSU Scanner USB HotFix
"{F82DF41F-4A57-4679-9907-D6430C6310B0}" = Salesforce Outlook Edition 3
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
"ActiveTouchMeetingClient" = WebEx
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.3 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"D3F88C3864C8C031A7C5D5E63A76571EC1B047DF" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (05/13/2009 8.4.2.0)
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"EPSON WorkForce 610 Series" = EPSON WorkForce 610 Series Printer Uninstall
"ERUNT_is1" = ERUNT 1.1j
"ESPNOfflineDraft.87EFDF5C5ABF3073574165E816459613033FD48A.1" = ESPN Offline Draft
"Fast Empty Folder Finder_is1" = Fast Empty Folder Finder
"Google Calendar Sync" = Google Calendar Sync
"HDMI" = Intel® Graphics Media Accelerator Driver
"Informatica Secure Agent" = Informatica Secure Agent
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"InternetCalls_is1" = InternetCalls
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"Mish_Buddy" = MishBuddy
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"OMUI.ru-ru" = Microsoft Office Language Pack 2007 - Russian/русский
"PortraitProfessional10_is1" = Portrait Professional 10.9
"ScandAllPRO" = Fujitsu ScandAll PRO V1.8 Update1
"ShopAtHome.com Toolbar" = ShopAtHome.com Toolbar
"Software Operation Panel" = Software Operation Panel
"StartNow Toolbar" = StartNow Toolbar
"TVWiz" = Intel® TV Wizard
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/18/2012 4:03:50 PM | Computer Name = ElenaPC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/06/18 16:03:50.383]: [00002440]: GetDeviceIpAddress:
GetAddressByName [BRWD4D057] Error

Error - 6/18/2012 4:04:25 PM | Computer Name = ElenaPC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/06/18 16:04:25.293]: [00002440]: GetDeviceIpAddress:
GetAddressByName [BRWD4D057] Error

Error - 6/18/2012 4:04:59 PM | Computer Name = ElenaPC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/06/18 16:04:59.802]: [00002440]: GetDeviceIpAddress:
GetAddressByName [BRWD4D057] Error

Error - 6/18/2012 4:05:34 PM | Computer Name = ElenaPC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/06/18 16:05:34.311]: [00002440]: GetDeviceIpAddress:
GetAddressByName [BRWD4D057] Error

Error - 6/18/2012 4:06:08 PM | Computer Name = ElenaPC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/06/18 16:06:08.820]: [00002440]: GetDeviceIpAddress:
GetAddressByName [BRWD4D057] Error

Error - 6/18/2012 4:06:43 PM | Computer Name = ElenaPC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/06/18 16:06:43.326]: [00002440]: GetDeviceIpAddress:
GetAddressByName [BRWD4D057] Error

Error - 6/18/2012 4:07:17 PM | Computer Name = ElenaPC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/06/18 16:07:17.831]: [00002440]: GetDeviceIpAddress:
GetAddressByName [BRWD4D057] Error

Error - 6/18/2012 4:07:52 PM | Computer Name = ElenaPC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/06/18 16:07:52.337]: [00002440]: GetDeviceIpAddress:
GetAddressByName [BRWD4D057] Error

Error - 6/18/2012 4:08:26 PM | Computer Name = ElenaPC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/06/18 16:08:26.856]: [00002440]: GetDeviceIpAddress:
GetAddressByName [BRWD4D057] Error

Error - 6/18/2012 4:09:01 PM | Computer Name = ElenaPC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/06/18 16:09:01.360]: [00002440]: GetDeviceIpAddress:
GetAddressByName [BRWD4D057] Error

[ Broadcom Wireless LAN Events ]
Error - 4/18/2012 11:44:55 AM | Computer Name = ElenaPC | Source = WLAN-Tray | ID = 0
Description = 11:44:55, Wed, Apr 18, 12 Error - Unable to gain access to user store

Error - 4/25/2012 5:18:58 PM | Computer Name = ElenaPC | Source = WLAN-Tray | ID = 0
Description = 17:18:58, Wed, Apr 25, 12 Error - Error in WNetOpenEnum trying to disconnect
drives

Error - 4/25/2012 5:18:58 PM | Computer Name = ElenaPC | Source = WLAN-Tray | ID = 0
Description = 17:18:58, Wed, Apr 25, 12 Error - Error in WNetOpenEnum trying to disconnect
drives

Error - 4/25/2012 6:30:28 PM | Computer Name = ElenaPC | Source = WLAN-Tray | ID = 0
Description = 18:30:28, Wed, Apr 25, 12 Error - Unable to gain access to user store

Error - 6/18/2012 9:49:14 AM | Computer Name = ElenaPC | Source = WLAN-Tray | ID = 0
Description = 09:49:14, Mon, Jun 18, 12 Error - Unable to gain access to user store

[ Media Center Events ]
Error - 3/15/2010 2:17:54 PM | Computer Name = RayHill-PC | Source = MCUpdate | ID = 0
Description = 2:17:53 PM - Error connecting to the internet. 2:17:53 PM - Unable
to contact server..

Error - 3/17/2010 11:07:13 AM | Computer Name = RayHill-PC | Source = MCUpdate | ID = 0
Description = 11:07:13 AM - Error connecting to the internet. 11:07:13 AM - Unable
to contact server..

Error - 3/17/2010 11:07:27 AM | Computer Name = RayHill-PC | Source = MCUpdate | ID = 0
Description = 11:07:19 AM - Error connecting to the internet. 11:07:19 AM - Unable
to contact server..

Error - 3/17/2010 12:07:32 PM | Computer Name = RayHill-PC | Source = MCUpdate | ID = 0
Description = 12:07:32 PM - Error connecting to the internet. 12:07:32 PM - Unable
to contact server..

Error - 3/17/2010 12:07:38 PM | Computer Name = RayHill-PC | Source = MCUpdate | ID = 0
Description = 12:07:37 PM - Error connecting to the internet. 12:07:37 PM - Unable
to contact server..

Error - 3/17/2010 1:07:43 PM | Computer Name = RayHill-PC | Source = MCUpdate | ID = 0
Description = 1:07:43 PM - Error connecting to the internet. 1:07:43 PM - Unable
to contact server..

Error - 3/17/2010 1:07:49 PM | Computer Name = RayHill-PC | Source = MCUpdate | ID = 0
Description = 1:07:48 PM - Error connecting to the internet. 1:07:48 PM - Unable
to contact server..

Error - 3/19/2010 1:46:36 PM | Computer Name = RayHill-PC | Source = MCUpdate | ID = 0
Description = 1:46:35 PM - Error connecting to the internet. 1:46:35 PM - Unable
to contact server..

Error - 8/14/2011 11:35:56 PM | Computer Name = RayHill-PC | Source = MCUpdate | ID = 0
Description = 11:35:55 PM - Error connecting to the internet. 11:35:55 PM - Unable
to contact server..

Error - 8/14/2011 11:38:44 PM | Computer Name = RayHill-PC | Source = MCUpdate | ID = 0
Description = 11:36:05 PM - Error connecting to the internet. 11:36:05 PM - Unable
to contact server..

[ OSession Events ]
Error - 12/10/2009 10:24:38 AM | Computer Name = RayHill-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 764
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/15/2009 11:15:03 PM | Computer Name = RayHill-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 107339
seconds with 4440 seconds of active time. This session ended with a crash.

Error - 2/12/2012 4:48:08 PM | Computer Name = ElenaPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 19890
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/18/2012 11:19:44 AM | Computer Name = ElenaPC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 6/18/2012 11:19:44 AM | Computer Name = ElenaPC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 6/18/2012 11:21:45 AM | Computer Name = ElenaPC | Source = Service Control Manager | ID = 7001
Description = The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services
service which failed to start because of the following error: %%0

Error - 6/18/2012 11:22:54 AM | Computer Name = ElenaPC | Source = WMPNetworkSvc | ID = 866314
Description =

Error - 6/18/2012 11:22:54 AM | Computer Name = ElenaPC | Source = WMPNetworkSvc | ID = 866314
Description =

Error - 6/18/2012 11:45:22 AM | Computer Name = ElenaPC | Source = Service Control Manager | ID = 7034
Description = The Skype C2C Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 6/18/2012 12:19:48 PM | Computer Name = ElenaPC | Source = BROWSER | ID = 8032
Description =

Error - 6/18/2012 2:13:03 PM | Computer Name = ElenaPC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 6/18/2012 2:20:37 PM | Computer Name = ElenaPC | Source = bowser | ID = 8003
Description =

Error - 6/18/2012 3:08:31 PM | Computer Name = ElenaPC | Source = bowser | ID = 8003
Description =

< End of report >

#7
KillThem

Posted 18 June 2012 - 02:17 PM

Member

Topic Starter
Member
20 posts

MBRCheck_06.18.12_16.15.17.txt

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: Service Pack 1 (build 7601), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Latitude E5500
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 211):
0x82E01000 \SystemRoot\system32\ntkrnlpa.exe
0x83213000 \SystemRoot\system32\halmacpi.dll
0x80BB2000 \SystemRoot\system32\kdcom.dll
0x8341D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x834A2000 \SystemRoot\system32\PSHED.dll
0x834B3000 \SystemRoot\system32\BOOTVID.dll
0x834BB000 \SystemRoot\system32\CLFS.SYS
0x834FD000 \SystemRoot\system32\CI.dll
0x83618000 \SystemRoot\system32\drivers\Wdf01000.sys
0x83689000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x83697000 \SystemRoot\system32\drivers\ACPI.sys
0x836DF000 \SystemRoot\system32\drivers\WMILIB.SYS
0x836E8000 \SystemRoot\system32\drivers\msisadrv.sys
0x836F0000 \SystemRoot\system32\drivers\pci.sys
0x8371A000 \SystemRoot\system32\drivers\vdrvroot.sys
0x83725000 \SystemRoot\System32\drivers\partmgr.sys
0x83736000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8373E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x83749000 \SystemRoot\system32\drivers\volmgr.sys
0x83759000 \SystemRoot\System32\drivers\volmgrx.sys
0x837A4000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x837D2000 \SystemRoot\System32\drivers\mountmgr.sys
0x835A8000 \SystemRoot\system32\drivers\vmbus.sys
0x837E8000 \SystemRoot\system32\drivers\winhv.sys
0x8C618000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8C6F2000 \SystemRoot\system32\drivers\amdxata.sys
0x8C6FB000 \SystemRoot\system32\drivers\fltmgr.sys
0x8C72F000 \SystemRoot\system32\drivers\fileinfo.sys
0x8C80C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8C93B000 \SystemRoot\System32\Drivers\msrpc.sys
0x8C966000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8C979000 \SystemRoot\System32\Drivers\cng.sys
0x8C9D6000 \SystemRoot\System32\drivers\pcw.sys
0x8C9E4000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8C740000 \SystemRoot\system32\drivers\ndis.sys
0x8CA39000 \SystemRoot\system32\drivers\NETIO.SYS
0x8CA77000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8CA9C000 \SystemRoot\System32\drivers\tcpip.sys
0x8CA00000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8CBE7000 \SystemRoot\system32\DRIVERS\epfwwfp.sys
0x8C9ED000 \SystemRoot\system32\drivers\vmstorfl.sys
0x8CC01000 \SystemRoot\system32\drivers\volsnap.sys
0x8CC40000 \SystemRoot\System32\Drivers\spldr.sys
0x8CC48000 \SystemRoot\System32\drivers\rdyboost.sys
0x8CC75000 \SystemRoot\system32\DRIVERS\PBADRV.sys
0x8CC80000 \SystemRoot\System32\Drivers\mup.sys
0x8CC90000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8CC98000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8CCCA000 \SystemRoot\system32\DRIVERS\disk.sys
0x8CCDB000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x835D2000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8CDF8000 \SystemRoot\System32\Drivers\Null.SYS
0x8CBF8000 \SystemRoot\System32\Drivers\Beep.SYS
0x91A17000 \SystemRoot\system32\DRIVERS\ehdrv.sys
0x91A37000 \SystemRoot\System32\drivers\vga.sys
0x91A43000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x91A64000 \SystemRoot\System32\drivers\watchdog.sys
0x91A71000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x91A79000 \SystemRoot\system32\drivers\rdpencdd.sys
0x91A81000 \SystemRoot\system32\drivers\rdprefmp.sys
0x91A89000 \SystemRoot\System32\Drivers\Msfs.SYS
0x91A94000 \SystemRoot\System32\Drivers\Npfs.SYS
0x91AA2000 \SystemRoot\system32\DRIVERS\tdx.sys
0x91AB9000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x91AC5000 \SystemRoot\system32\drivers\afd.sys
0x91B1F000 \SystemRoot\System32\DRIVERS\netbt.sys
0x91B51000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x91B58000 \SystemRoot\system32\DRIVERS\pacer.sys
0x91B77000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x91B88000 \SystemRoot\system32\DRIVERS\EpfwLWF.sys
0x91B94000 \SystemRoot\system32\DRIVERS\netbios.sys
0x91BA2000 \SystemRoot\system32\DRIVERS\serial.sys
0x91BBC000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x91BCF000 \SystemRoot\system32\drivers\termdd.sys
0x9221D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9225E000 \SystemRoot\system32\drivers\nsiproxy.sys
0x92268000 \SystemRoot\system32\drivers\mssmbios.sys
0x92272000 \SystemRoot\System32\drivers\discache.sys
0x9227E000 \SystemRoot\system32\drivers\csc.sys
0x922E2000 \SystemRoot\System32\Drivers\dfsc.sys
0x922FA000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x92308000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x92C26000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x93248000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x932FF000 \SystemRoot\System32\drivers\dxgmms1.sys
0x93338000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x93343000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x9338E000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x9339D000 \SystemRoot\system32\drivers\HDAudBus.sys
0x93A01000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x93C68000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x93C72000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
0x93CB3000 \SystemRoot\system32\drivers\1394ohci.sys
0x93CE0000 \SystemRoot\system32\drivers\sdbus.sys
0x93CF9000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x93D0A000 \SystemRoot\system32\drivers\i8042prt.sys
0x93D22000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x93D5A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x93D67000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x93D74000 \SystemRoot\system32\DRIVERS\serenum.sys
0x93D7E000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x93D84000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x93D88000 \SystemRoot\system32\drivers\wmiacpi.sys
0x93D91000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x93DA3000 \SystemRoot\system32\drivers\CompositeBus.sys
0x93DB0000 \SystemRoot\system32\DRIVERS\serscan.sys
0x93DB8000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x93DCA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x93DE2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x933BC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x933DE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x92C00000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x92329000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x93DED000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x93DF7000 \SystemRoot\system32\drivers\swenum.sys
0x92340000 \SystemRoot\system32\drivers\ks.sys
0x92C17000 \SystemRoot\system32\DRIVERS\umbus.sys
0x92374000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x923B8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x81E06000 \SystemRoot\system32\DRIVERS\stwrt.sys
0x81E6D000 \SystemRoot\system32\DRIVERS\portcls.sys
0x81E9C000 \SystemRoot\system32\DRIVERS\drmk.sys
0x81EB5000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x81ED8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x81EEF000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x81EF1000 \SystemRoot\system32\DRIVERS\dc3d.sys
0x81EFB000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x81F02000 \SystemRoot\System32\Drivers\usbvideo.sys
0x81F26000 \SystemRoot\system32\drivers\usbaudio.sys
0x81F3A000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x81F45000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x81F58000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x81F64000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x81F6F000 \SystemRoot\system32\DRIVERS\point32.sys
0x828F0000 \SystemRoot\System32\win32k.sys
0x81F78000 \SystemRoot\System32\drivers\Dxapi.sys
0x81F82000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8CD00000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x81F8F000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x81FA0000 \SystemRoot\system32\DRIVERS\monitor.sys
0x82B50000 \SystemRoot\System32\TSDDD.dll
0x82B80000 \SystemRoot\System32\cdd.dll
0x82BA0000 \SystemRoot\System32\ATMFD.DLL
0x81FAB000 \SystemRoot\system32\drivers\luafv.sys
0x81FC6000 \SystemRoot\system32\DRIVERS\WavxDMgr.sys
0x94608000 \SystemRoot\system32\DRIVERS\eamonm.sys
0x946D6000 \SystemRoot\system32\drivers\WudfPf.sys
0x946F0000 \SystemRoot\system32\DRIVERS\epfw.sys
0x94718000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x94728000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9476E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9477E000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9DA25000 \SystemRoot\system32\drivers\HTTP.sys
0x9DAB3000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9DACC000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9DADE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9DB01000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9DB3C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9DB6F000 \SystemRoot\System32\Drivers\SENTINEL.SYS
0xAEA18000 \SystemRoot\system32\drivers\peauth.sys
0xAEAAF000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAEAB9000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAEADA000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAEAE7000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAEB37000 \SystemRoot\System32\DRIVERS\srv.sys
0xAEB89000 \SystemRoot\System32\drivers\rdpdr.sys
0xAEBAE000 \SystemRoot\system32\drivers\tdtcp.sys
0xAEBB9000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0xAEBC6000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xAEBF8000 \SystemRoot\system32\drivers\BCM42RLY.sys
0x9DB84000 \SystemRoot\System32\Drivers\fastfat.SYS
0xAEA00000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x778F0000 \Windows\System32\ntdll.dll
0x47A20000 \Windows\System32\smss.exe
0x77B30000 \Windows\System32\apisetschema.dll
0x00EC0000 \Windows\System32\autochk.exe
0x77B10000 \Windows\System32\nsi.dll
0x77750000 \Windows\System32\setupapi.dll
0x77AF0000 \Windows\System32\imm32.dll
0x76B00000 \Windows\System32\shell32.dll
0x77A70000 \Windows\System32\comdlg32.dll
0x76A20000 \Windows\System32\kernel32.dll
0x76860000 \Windows\System32\iertutil.dll
0x76700000 \Windows\System32\ole32.dll
0x76660000 \Windows\System32\advapi32.dll
0x76600000 \Windows\System32\difxapi.dll
0x77A30000 \Windows\System32\ws2_32.dll
0x76570000 \Windows\System32\clbcatq.dll
0x76550000 \Windows\System32\sechost.dll
0x76430000 \Windows\System32\urlmon.dll
0x76380000 \Windows\System32\msvcrt.dll
0x762D0000 \Windows\System32\rpcrt4.dll
0x76280000 \Windows\System32\gdi32.dll
0x76160000 \Windows\System32\wininet.dll
0x76090000 \Windows\System32\user32.dll
0x76080000 \Windows\System32\normaliz.dll
0x76020000 \Windows\System32\shlwapi.dll
0x75F50000 \Windows\System32\msctf.dll
0x75EB0000 \Windows\System32\usp10.dll
0x75E80000 \Windows\System32\imagehlp.dll
0x75E30000 \Windows\System32\Wldap32.dll
0x75DA0000 \Windows\System32\oleaut32.dll
0x75D90000 \Windows\System32\psapi.dll
0x75D80000 \Windows\System32\lpk.dll
0x75D50000 \Windows\System32\cfgmgr32.dll
0x75D20000 \Windows\System32\wintrust.dll
0x75C00000 \Windows\System32\crypt32.dll
0x75B70000 \Windows\System32\comctl32.dll
0x75B20000 \Windows\System32\KernelBase.dll
0x75B00000 \Windows\System32\devobj.dll
0x75AF0000 \Windows\System32\msasn1.dll

Processes (total 108):
0 System Idle Process
4 System
328 C:\Windows\System32\smss.exe
452 csrss.exe
492 C:\Windows\System32\wininit.exe
504 csrss.exe
548 C:\Windows\System32\services.exe
564 C:\Windows\System32\lsass.exe
572 C:\Windows\System32\lsm.exe
684 C:\Windows\System32\svchost.exe
740 C:\Program Files\Fingerprint Sensor\AtService.exe
792 C:\Windows\System32\svchost.exe
864 C:\Windows\System32\winlogon.exe
896 C:\Windows\System32\svchost.exe
964 C:\Windows\System32\svchost.exe
1016 C:\Windows\System32\svchost.exe
1072 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b8f542503f95f21b\stacsv.exe
1164 C:\Windows\System32\audiodg.exe
1232 C:\Windows\System32\svchost.exe
1332 C:\Windows\System32\svchost.exe
1536 C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
1544 C:\Windows\System32\wlanext.exe
1552 C:\Windows\System32\conhost.exe
1616 C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
1656 C:\Windows\System32\spoolsv.exe
1696 C:\Windows\System32\svchost.exe
1740 C:\Windows\System32\svchost.exe
1832 C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
1984 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
636 C:\Program Files\Microsoft\BingBar\SeaPort.EXE
952 C:\Program Files\Bonjour\mDNSResponder.exe
1112 C:\Program Files\ESET\ESET Smart Security\ekrn.exe
1780 C:\Windows\twain_32\fjscan32\FJTWMKSV.exe
1352 C:\PROGRA~1\INFORM~1\INFAAG~1.EXE
2116 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
2144 C:\Windows\System32\cmd.exe
2152 C:\Windows\System32\conhost.exe
2276 C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
2304 C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
2440 C:\Windows\System32\svchost.exe
2548 C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
2648 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2704 C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
2844 C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
2964 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
3008 WmiPrvSE.exe
3248 WmiPrvSE.exe
3440 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3492 C:\Windows\System32\SearchIndexer.exe
3772 C:\Windows\System32\svchost.exe
3832 C:\Windows\System32\svchost.exe
3372 C:\Windows\System32\dwm.exe
2612 C:\Windows\explorer.exe
2936 C:\Program Files\DellTPad\Apoint.exe
2768 C:\Program Files\IDT\WDM\sttray.exe
3000 C:\Windows\System32\hkcmd.exe
2872 C:\Windows\System32\igfxpers.exe
2620 C:\Windows\System32\igfxsrvc.exe
4124 C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
4384 C:\Program Files\DellTPad\ApMsgFwd.exe
4708 C:\Program Files\DellTPad\ApntEx.exe
4724 C:\Windows\System32\conhost.exe
4744 C:\Program Files\DellTPad\hidfind.exe
4768 C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
4856 C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
4872 C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
4896 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
5256 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
5364 C:\Windows\System32\svchost.exe
5636 C:\Program Files\Windows Media Player\wmpnetwk.exe
6020 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
6044 C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
6096 C:\Program Files\Common Files\Research in Motion\Auto Update\RIMAutoUpdate.exe
4132 C:\Windows\twain_32\fjscan32\SOP\FtLnSOP.exe
4356 C:\Windows\twain_32\fjscan32\FjtwMkup.exe
4364 C:\Windows\twain_32\fjscan32\FTPWREVT\FTPWREVT.exe
1360 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
5192 C:\Windows\twain_32\fjscan32\FiWiaChecker.exe
5408 C:\Program Files\Common Files\Java\Java Update\jusched.exe
5684 C:\Program Files\Epson Software\Event Manager\EEventManager.exe
5892 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
5868 C:\Program Files\ESET\ESET Smart Security\egui.exe
5536 C:\Program Files\iTunes\iTunesHelper.exe
6076 dllhost.exe
4188 C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
4652 C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe
4664 C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
4928 C:\Windows\twain_32\fjscan32\ERG\FTErGuid.exe
3196 C:\Windows\System32\igfxext.exe
4396 C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
5268 C:\Program Files\iPod\bin\iPodService.exe
5148 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
1056 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
3488 C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
3696 C:\Windows\System32\conhost.exe
8152 C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
6564 C:\Windows\System32\conhost.exe
1476 C:\Program Files\Mozilla Firefox\firefox.exe
6352 C:\Program Files\Mozilla Firefox\plugin-container.exe
10160 C:\Windows\System32\SearchProtocolHost.exe
9620 C:\Windows\System32\SearchFilterHost.exe
7360 dllhost.exe
5548 dllhost.exe
7432 C:\Users\Bill Goodwin\Desktop\MBRCheck.exe
9588 C:\Windows\System32\conhost.exe
7784 C:\PROGRA~1\INFORM~1\tools\infaagentgettask\infaagentgettask.exe
8628 C:\Windows\System32\cmd.exe
8840 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`0d500000 (NTFS)

PhysicalDrive0 Model Number: ST9160412ASG, Rev: 0003SDM1

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

#8
WhiteHat

Posted 19 June 2012 - 01:37 PM

Trusted Helper

Retired Staff
1,925 posts

[2009/11/28 12:16:59 | 000,031,232 | ---- | C] ()(C:\Users\Bill Goodwin\Documents\?? ????.doc) -- C:\Users\Bill Goodwin\Documents\На сайт.doc
[2009/11/28 12:16:59 | 000,029,696 | ---- | C] ()(C:\Users\Bill Goodwin\Documents\?? ????_1.doc) -- C:\Users\Bill Goodwin\Documents\На сайт_1.doc
[2009/11/28 12:16:59 | 000,026,624 | ---- | C] ()(C:\Users\Bill Goodwin\Documents\??????? ??? ???????.doc) -- C:\Users\Bill Goodwin\Documents\Подарки для Невинки.doc
[2009/11/28 12:16:59 | 000,025,088 | ---- | C] ()(C:\Users\Bill Goodwin\Documents\?????????? ??????.doc) -- C:\Users\Bill Goodwin\Documents\Паспортные данные.doc
[2009/11/28 12:16:59 | 000,022,528 | ---- | C] ()(C:\Users\Bill Goodwin\Documents\??????? ????, ????, ??????.doc) -- C:\Users\Bill Goodwin\Documents\Размеры Мамы, Папы, Сереги.doc

Do you know this files?

# Step 1 #

Please, go to Start > Control Panel > and click in Add or Remove Programs. The remove these softwares below:

StartNow Toolbar

# Step 2 #

Run MBRCheck.exe once again.

You will be presented with the following dialog:

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Enter Y and press Enter.

The following dialog will be presented:

Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Enter 1 and press Enter

The following dialog will be presented:

Enter the physical disk number to fix (0-99, -1 to cancel):

Enter 0 and press Enter

The program will ask for the file name to dump to, type dump.dat and Press Enter. You should see a Dumped successfully message. Type -1 and press Enter twice to exit the program. Save the dump.dat file to your desktop then attach it on your next reply.

# Step 3 #

Download the attach to your desktop.

Fix.txt 12.58KB 116 downloads

Please reopen Posted Image

on your desktop.

Under the box at the bottom, drag the attachment that you downloaded.
Then click the button at the top
Let the program run unhindered, reboot the PC when it is done
Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

# Step 4 #

Hold down the Windows key + R on your keyboard. This will display the Run dialogue box:
Write (Copy/Paste)diskmgmt.msc. Then click in Ok.
Maximize the screen and click in the print screen button
Open the Run dialogue box again (Windows Key + R) and write mspaint
Copy the image (type Ctrl + C) and save.
Post this screen in your next reply.

Edited by WhiteHat, 19 June 2012 - 01:38 PM.

#9
KillThem

Posted 19 June 2012 - 04:05 PM

Member

Topic Starter
Member
20 posts

Yes...I know those files.

System claims I am not permitted to upload that kind of file(dump.dat).

OTL Log File:

========== OTL ==========
C:\Users\Bill Goodwin\AppData\Roaming\mozilla\Firefox\Profiles\u8wobhi3.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\defaults\preferences folder moved successfully.
C:\Users\Bill Goodwin\AppData\Roaming\mozilla\Firefox\Profiles\u8wobhi3.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\defaults folder moved successfully.
C:\Users\Bill Goodwin\AppData\Roaming\mozilla\Firefox\Profiles\u8wobhi3.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin folder moved successfully.
C:\Users\Bill Goodwin\AppData\Roaming\mozilla\Firefox\Profiles\u8wobhi3.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US folder moved successfully.
C:\Users\Bill Goodwin\AppData\Roaming\mozilla\Firefox\Profiles\u8wobhi3.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale folder moved successfully.
C:\Users\Bill Goodwin\AppData\Roaming\mozilla\Firefox\Profiles\u8wobhi3.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin folder moved successfully.
C:\Users\Bill Goodwin\AppData\Roaming\mozilla\Firefox\Profiles\u8wobhi3.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate folder moved successfully.
C:\Users\Bill Goodwin\AppData\Roaming\mozilla\Firefox\Profiles\u8wobhi3.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect folder moved successfully.
C:\Users\Bill Goodwin\AppData\Roaming\mozilla\Firefox\Profiles\u8wobhi3.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images folder moved successfully.
C:\Users\Bill Goodwin\AppData\Roaming\mozilla\Firefox\Profiles\u8wobhi3.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources folder moved successfully.
C:\Users\Bill Goodwin\AppData\Roaming\mozilla\Firefox\Profiles\u8wobhi3.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content folder moved successfully.
C:\Users\Bill Goodwin\AppData\Roaming\mozilla\Firefox\Profiles\u8wobhi3.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome folder moved successfully.
C:\Users\Bill Goodwin\AppData\Roaming\mozilla\Firefox\Profiles\u8wobhi3.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66516A07-F617-488A-90CF-4E690CFB3C5F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66516A07-F617-488A-90CF-4E690CFB3C5F}\ deleted successfully.
C:\Program Files\ShopAtHome\tbcore3U.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{311B58DC-A4DC-4B04-B1B5-60299AD3D803} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{311B58DC-A4DC-4B04-B1B5-60299AD3D803}\ deleted successfully.
File C:\Program Files\ShopAtHome\tbcore3U.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\StartNowToolbarHelper deleted successfully.
C:\ProgramData\q8RRcfj9kUuqoa moved successfully.
C:\ProgramData\-q8RRcfj9kUuqoar moved successfully.
C:\ProgramData\-q8RRcfj9kUuqoa moved successfully.
C:\ProgramData\aY23Q1prxIaMvd moved successfully.
C:\ProgramData\oZfzC8N9siEkS3 moved successfully.
ADS C:\ProgramData\TEMP:548AE60C deleted successfully.
ADS C:\ProgramData\TEMP:C07A6A6B deleted successfully.
ADS C:\ProgramData\TEMP:19F08842 deleted successfully.
ADS C:\ProgramData\TEMP:64EEA19D deleted successfully.
ADS C:\ProgramData\TEMP:506E1E25 deleted successfully.
ADS C:\ProgramData\TEMP:ADE67221 deleted successfully.
ADS C:\ProgramData\TEMP:123A86B5 deleted successfully.
ADS C:\ProgramData\TEMP:70E897B5 deleted successfully.
ADS C:\ProgramData\TEMP:9E76E7F3 deleted successfully.
ADS C:\ProgramData\TEMP:E14FA16F deleted successfully.
ADS C:\ProgramData\TEMP:DC21D414 deleted successfully.
ADS C:\ProgramData\TEMP:91FFEC32 deleted successfully.
ADS C:\ProgramData\TEMP:F8F070C2 deleted successfully.
ADS C:\ProgramData\TEMP:1B7E2022 deleted successfully.
ADS C:\ProgramData\TEMP:EDC744FB deleted successfully.
ADS C:\ProgramData\TEMP:E7B4296D deleted successfully.
ADS C:\ProgramData\TEMP:9F38BF31 deleted successfully.
ADS C:\ProgramData\TEMP:2495D97A deleted successfully.
ADS C:\ProgramData\TEMP:C72A744C deleted successfully.
ADS C:\ProgramData\TEMP:71004506 deleted successfully.
ADS C:\ProgramData\TEMP:D2593961 deleted successfully.
ADS C:\ProgramData\TEMP:89C28CF6 deleted successfully.
ADS C:\ProgramData\TEMP:80F63EC3 deleted successfully.
ADS C:\ProgramData\TEMP:7E082023 deleted successfully.
ADS C:\ProgramData\TEMP:61B54B15 deleted successfully.
ADS C:\ProgramData\TEMP:0EC7A545 deleted successfully.
ADS C:\ProgramData\TEMP:71612023 deleted successfully.
ADS C:\ProgramData\TEMP:596E2371 deleted successfully.
ADS C:\ProgramData\TEMP:A3B8F70C deleted successfully.
ADS C:\ProgramData\TEMP:870649A4 deleted successfully.
ADS C:\ProgramData\TEMP:5B09C4D9 deleted successfully.
ADS C:\ProgramData\TEMP:32A82570 deleted successfully.
ADS C:\ProgramData\TEMP:FED25C29 deleted successfully.
ADS C:\ProgramData\TEMP:DE9AC04F deleted successfully.
ADS C:\ProgramData\TEMP:7FCB9D0D deleted successfully.
ADS C:\ProgramData\TEMP:341C1FBD deleted successfully.
ADS C:\ProgramData\TEMP:13EF4AF6 deleted successfully.
ADS C:\ProgramData\TEMP:737160C1 deleted successfully.
ADS C:\ProgramData\TEMP:6F0B6A5A deleted successfully.
ADS C:\ProgramData\TEMP:F84B8DB5 deleted successfully.
ADS C:\ProgramData\TEMP:EA10407C deleted successfully.
ADS C:\ProgramData\TEMP:E895790F deleted successfully.
ADS C:\ProgramData\TEMP:6017A808 deleted successfully.
ADS C:\ProgramData\TEMP:0E22C5DB deleted successfully.
ADS C:\ProgramData\TEMP:E027789A deleted successfully.
ADS C:\ProgramData\TEMP:4C528C86 deleted successfully.
ADS C:\ProgramData\TEMP:3D186293 deleted successfully.
ADS C:\ProgramData\TEMP:EF5B3572 deleted successfully.
ADS C:\ProgramData\TEMP:D055FC10 deleted successfully.
ADS C:\ProgramData\TEMP:B4980368 deleted successfully.
ADS C:\ProgramData\TEMP:A167A0BB deleted successfully.
ADS C:\ProgramData\TEMP:700B9342 deleted successfully.
ADS C:\ProgramData\TEMP:5FA4CB99 deleted successfully.
ADS C:\ProgramData\TEMP:7FD903D7 deleted successfully.
ADS C:\ProgramData\TEMP:177313FB deleted successfully.
ADS C:\ProgramData\TEMP:1181620C deleted successfully.
ADS C:\ProgramData\TEMP:DB77E2C4 deleted successfully.
ADS C:\ProgramData\TEMP:C10635F6 deleted successfully.
ADS C:\ProgramData\TEMP:710F4DBF deleted successfully.
ADS C:\ProgramData\TEMP:6444B424 deleted successfully.
ADS C:\ProgramData\TEMP:5BC73C48 deleted successfully.
ADS C:\ProgramData\TEMP:48977386 deleted successfully.
ADS C:\ProgramData\TEMP:36FFA2FB deleted successfully.
ADS C:\ProgramData\TEMP:E732B44B deleted successfully.
ADS C:\ProgramData\TEMP:DD04902E deleted successfully.
ADS C:\ProgramData\TEMP:B8384DB6 deleted successfully.
ADS C:\ProgramData\TEMP:7B52659E deleted successfully.
ADS C:\ProgramData\TEMP:6B05AF40 deleted successfully.
ADS C:\ProgramData\TEMP:5FFC2819 deleted successfully.
ADS C:\ProgramData\TEMP:260575F1 deleted successfully.
ADS C:\ProgramData\TEMP:0E684AC9 deleted successfully.
ADS C:\ProgramData\TEMP:EEB25EAE deleted successfully.
ADS C:\ProgramData\TEMP:E80802C7 deleted successfully.
ADS C:\ProgramData\TEMP:D8F9D810 deleted successfully.
ADS C:\ProgramData\TEMP:A02025CE deleted successfully.
ADS C:\ProgramData\TEMP:89CF6F9C deleted successfully.
ADS C:\ProgramData\TEMP:5025C6E4 deleted successfully.
ADS C:\ProgramData\TEMP:3D36932D deleted successfully.
ADS C:\ProgramData\TEMP:FC2D0F32 deleted successfully.
ADS C:\ProgramData\TEMP:6FD219F5 deleted successfully.
ADS C:\ProgramData\TEMP:225CD7D5 deleted successfully.
ADS C:\ProgramData\TEMP:F45F3031 deleted successfully.
ADS C:\ProgramData\TEMP:F1DEA771 deleted successfully.
ADS C:\ProgramData\TEMP:A58B27C9 deleted successfully.
ADS C:\ProgramData\TEMP:97C4F81F deleted successfully.
ADS C:\ProgramData\TEMP:5EF1AD34 deleted successfully.
ADS C:\ProgramData\TEMP:48FEA089 deleted successfully.
ADS C:\ProgramData\TEMP:3FD496E1 deleted successfully.
ADS C:\ProgramData\TEMP:19F494DE deleted successfully.
ADS C:\ProgramData\TEMP:8FA72FF8 deleted successfully.
ADS C:\ProgramData\TEMP:8DF68137 deleted successfully.
ADS C:\ProgramData\TEMP:59C113EC deleted successfully.
ADS C:\ProgramData\TEMP:26FBC1F9 deleted successfully.
ADS C:\ProgramData\TEMP:22313216 deleted successfully.
ADS C:\ProgramData\TEMP:E945C214 deleted successfully.
ADS C:\ProgramData\TEMP:D1D597D0 deleted successfully.
ADS C:\ProgramData\TEMP:CEF2A14E deleted successfully.
ADS C:\ProgramData\TEMP:C5E2BAEE deleted successfully.
ADS C:\ProgramData\TEMP:425759C6 deleted successfully.
ADS C:\ProgramData\TEMP:0D278FB5 deleted successfully.
ADS C:\ProgramData\TEMP:D48500F8 deleted successfully.
ADS C:\ProgramData\TEMP:C22674B6 deleted successfully.
ADS C:\ProgramData\TEMP:A6CDBCAC deleted successfully.
ADS C:\ProgramData\TEMP:6425A235 deleted successfully.
ADS C:\ProgramData\TEMP:55F44B88 deleted successfully.
ADS C:\ProgramData\TEMP:53DF59D1 deleted successfully.
ADS C:\ProgramData\TEMP:405D842B deleted successfully.
ADS C:\ProgramData\TEMP:3B812EE0 deleted successfully.
ADS C:\ProgramData\TEMP:0FA1EAA7 deleted successfully.
ADS C:\ProgramData\TEMP:8999FD56 deleted successfully.
ADS C:\ProgramData\TEMP:6AF67671 deleted successfully.
ADS C:\ProgramData\TEMP:523B97A0 deleted successfully.
ADS C:\ProgramData\TEMP:237E4B91 deleted successfully.
ADS C:\ProgramData\TEMP:CC4C59B4 deleted successfully.
ADS C:\ProgramData\TEMP:BF2E2F0E deleted successfully.
ADS C:\ProgramData\TEMP:996104FC deleted successfully.
ADS C:\ProgramData\TEMP:7A0EFE63 deleted successfully.
ADS C:\ProgramData\TEMP:2B1EA607 deleted successfully.
ADS C:\ProgramData\TEMP:F33C37D5 deleted successfully.
ADS C:\ProgramData\TEMP:38B32B54 deleted successfully.
ADS C:\ProgramData\TEMP:08D8BB20 deleted successfully.
ADS C:\ProgramData\TEMP:98DFF516 deleted successfully.
ADS C:\ProgramData\TEMP:68EF6203 deleted successfully.
ADS C:\ProgramData\TEMP:5345C8F6 deleted successfully.
ADS C:\ProgramData\TEMP:B18C4339 deleted successfully.
ADS C:\ProgramData\TEMP:0F0A5896 deleted successfully.
ADS C:\ProgramData\TEMP:E91ADC66 deleted successfully.
ADS C:\ProgramData\TEMP:24FECE50 deleted successfully.
ADS C:\ProgramData\TEMP:7AA6FC81 deleted successfully.
ADS C:\ProgramData\TEMP:55818279 deleted successfully.
ADS C:\ProgramData\TEMP:43301D1D deleted successfully.
ADS C:\ProgramData\TEMP:EC0A74A1 deleted successfully.
ADS C:\ProgramData\TEMP:CB16385F deleted successfully.
ADS C:\ProgramData\TEMP:B1FBBD09 deleted successfully.
ADS C:\ProgramData\TEMP:C8E82994 deleted successfully.
ADS C:\ProgramData\TEMP:BF07EA98 deleted successfully.
ADS C:\ProgramData\TEMP:B845F669 deleted successfully.
ADS C:\ProgramData\TEMP:E32966C0 deleted successfully.
ADS C:\ProgramData\TEMP:C9FD258B deleted successfully.
ADS C:\ProgramData\TEMP:598E0FFA deleted successfully.
ADS C:\ProgramData\TEMP:55E1514E deleted successfully.
ADS C:\ProgramData\TEMP:551BED5F deleted successfully.
ADS C:\ProgramData\TEMP:F14D1F80 deleted successfully.
ADS C:\ProgramData\TEMP:DFC3B090 deleted successfully.
ADS C:\ProgramData\TEMP:B7843388 deleted successfully.
ADS C:\ProgramData\TEMP:D31BE97C deleted successfully.
ADS C:\ProgramData\TEMP:9DF07E8F deleted successfully.
ADS C:\ProgramData\TEMP:569CEE83 deleted successfully.
ADS C:\ProgramData\TEMP:4FE30352 deleted successfully.
ADS C:\ProgramData\TEMP:3E06C78F deleted successfully.
ADS C:\ProgramData\TEMP:D226A81A deleted successfully.
ADS C:\ProgramData\TEMP:561B1D2B deleted successfully.
ADS C:\ProgramData\TEMP:D0668210 deleted successfully.
ADS C:\ProgramData\TEMP:92A815D8 deleted successfully.
ADS C:\ProgramData\TEMP:69AF9D20 deleted successfully.
ADS C:\ProgramData\TEMP:614F17D3 deleted successfully.
ADS C:\ProgramData\TEMP:3C282BEA deleted successfully.
ADS C:\ProgramData\TEMP:9C012695 deleted successfully.
ADS C:\ProgramData\TEMP:7CEDF9F3 deleted successfully.
ADS C:\ProgramData\TEMP:FDDD8917 deleted successfully.
ADS C:\ProgramData\TEMP:D507B5A8 deleted successfully.
ADS C:\ProgramData\TEMP:61AF2B29 deleted successfully.
ADS C:\ProgramData\TEMP:28CDD861 deleted successfully.
ADS C:\ProgramData\TEMP:E51234A9 deleted successfully.
ADS C:\ProgramData\TEMP:A296A63F deleted successfully.
ADS C:\ProgramData\TEMP:52641FBE deleted successfully.
ADS C:\ProgramData\TEMP:31106FCB deleted successfully.
ADS C:\ProgramData\TEMP:2E49D185 deleted successfully.
ADS C:\ProgramData\TEMP:1C6CB897 deleted successfully.
ADS C:\ProgramData\TEMP:FB97DB91 deleted successfully.
ADS C:\ProgramData\TEMP:CF61CE5A deleted successfully.
ADS C:\ProgramData\TEMP:5E9B629B deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.49.0 log created on 06192012_175134

Attached Thumbnails

#10
WhiteHat

Posted 19 June 2012 - 07:58 PM

Trusted Helper

Retired Staff
1,925 posts

Hi,

System claims I am not permitted to upload that kind of file(dump.dat).

Use the BitShare to send me the dump.dat. :thumbsup:

#11
KillThem

Posted 19 June 2012 - 08:18 PM

Member

Topic Starter
Member
20 posts

http://bitshare.com/...x/dump.dat.html

#12
WhiteHat

Posted 20 June 2012 - 10:29 AM

Trusted Helper

Retired Staff
1,925 posts

Hi,

Error - File not available

We are sorry, but the requested file was not found in our database!
The file was deleted either by the uploader, inactivity or due to copyright claim.

Compress the file using Winrar or 7-zip and try to attach the file again into your post.

:thumbsup:

#13
KillThem

Posted 20 June 2012 - 02:16 PM

Member

Topic Starter
Member
20 posts

I can't upload a .RAR file either. :blink:

Edited by KillThem, 20 June 2012 - 02:17 PM.

#14
WhiteHat

Posted 20 June 2012 - 02:33 PM

Trusted Helper

Retired Staff
1,925 posts

Upload the .rar file to bitshare again.

#15
KillThem

Posted 20 June 2012 - 08:14 PM

Member

Topic Starter
Member
20 posts

http://bitshare.com/...4/dump.rar.html

I don't get the point of BitShare if it doesn't work. Horrible site.....I upload files and they aren't available for download. Time to find a site that works. PM me your email addy and I'll send it to you or use YouSendit.com to get it to you.

Edited by KillThem, 20 June 2012 - 08:31 PM.